I live in Dublin, on the east coast of Ireland - the western-most country in the European Union. I also, as you may gather, work with a global remit for a U.S.-headquartered global custodian and asset servicer. As a result, I get to engage with clients from all over the world on a range of topics. However, one of the most frequent recurring questions I am asked is what the primary differences between the main regulators in the United States and European Union are.
In the case of asset managers, this means a comparison between the Securities and Exchange Commission (SEC) and European Securities and Markets Authority (ESMA). A subordinate but related question I am also frequently asked is how to stay on top of the changes in the U.S. and E.U. when they are so different. The honest answer is “with great difficulty”. The more scientific answer is the differences are not as consequential as they may seem. There is far more commonality in U.S. and E.U. asset management regulation than many people appreciate.
Same Destination, Different Paths
The technical differences are many, both in how rules are constructed and approved, and the mechanisms to change such rules. The other large difference is that the E.U. is not a homogenous and harmonized regulated market, it of course is a complex 27-country coalition with national legislators and regulators who sit underneath an E.U. framework, including three branches of policymakers (E.U. Council, E.U. Commission, E.U. Parliament). The additional layers of structural complexity and the intersection of national and E.U.-wide policy mean both the cadence and complication of E.U. change is usually more dynamic and slightly more complex than in the US. The U.S. has a more straight-line approach to rule implementation and change through its Federal Agencies and while there is intersection with political bodies, it’s normally the political appointments to head the agencies that dictate the direction of policy travel. The U.S., it is fair to say, also has a quicker path to policy approval than the more bureaucratic E.U. framework.
The cadence of rulemaking and consultation output from ESMA is unquestionably more frequent than the SEC but that is the nature of the markets where EMSA tries to weave together 27 member states (and in more recent times preparing for the departure of its largest financial center), while the US, while vast and including local state nuances, is a single market. In Europe, you also find a degree of local output from Luxembourg’s CSSF, the Central Bank of Ireland, or the U.K.’s Financial Conduct Authority either to deal with local market issues or to implement a global or E.U. led initiative. This nuance leads to the additional volume but quite often it’s a case of global standards, led by IOSCO or FSB or a similar policy body, driving all regulators to act on a topic, it’s just there is no uniformity about how these disparate regulators implement the changes.
To get back to commonality, both markets are significant in terms of scale and in terms of their interconnectedness and interdependence. As such, asset management truly is global so thematically what happens or is important in the U.S. market is normally relevant or also evident in the E.U. Therefore, in terms of themes and trends, often the SEC and ESMA are looking at much the same things, they just sometimes have different methods of achieving their supervisory goals.
At a high level, it probably is fair to say that ESMA continues to be more prescriptive and detail-centric, while the SEC remains for the main part a principles-based supervisor. However, that is not to say one method achieves better or worse results, or that the SEC does not do a huge amount of work when it comes to regulatory reporting or ongoing supervision, a point we will return to below. With global regulation, it’s often a case of everyone is getting ice cream for dessert but the flavor and portion sizes sometimes differ.
I guess one way to test the thesis that the SEC and ESMA are not all that different would be to look at a recent SEC regulatory release and compare it to similar activities in Europe – at ESMA or national regulators.
Let’s get a little more specific. At a high level, both the SEC and ESMA are currently working on a range of identical issues ranging from money market fund rules to ESG and cybersecurity. However while high level rules are one thing, ongoing supervision is another area of the regulatory toolkit that doesn’t get enough attention, and takes up the lion’s share of asset managers’ time – probably far more than does regulatory change implementation.
In November, the SEC’s Office of Compliance Inspections and Examinations (OCIE) released a “Risk Alert” following its inspection program of registered advisors. The inspection program was focused on the functioning of compliance programs relating to the ‘40 Act Compliance Rule, or to be European and precise about it – “Rule 206(4)-7 – Compliance procedures and practices”.
The risk alert, while specific to 40 Act compliance programs, has a huge amount of commonality with areas of focus at European regulators. The OCIE cites six specific areas in need of improvement at advisors:
1. Compliance resources;
2. Insufficient authority of Chief Compliance Officers (CCOs);
3. Standards of annual review;
4. Ensuring procedures are implemented in practice;
5. Ensuring policies and procedures are up to date and accurate; and
6. Establishing well designed written policies and procedures.
The alert goes on to state that due to the importance of the CCO’s role they must be “competent and knowledgeable” and be empowered with authority to enforce policies and procedures. Also, programs must be dynamic and reflect regulatory or market changes and not be a fixed annual “check the box” exercise.
In an accompanying speech, given by Peter Driscoll, Director of the SEC OCIE, at an event on the same day the alert was published, he said “CCOs should be empowered, senior and have authority” but also they must be supported by the rest of the C-suite and the board of directors, as investor protection and compliance with the rules is the obligation of all senior staff not just the CCO.
The focus on adequate resources, with the right skills to conduct the oversight and control of the firm and its delegates, is central to a number of European regulations currently under review. This focus is evident from the U.K.’s senior management and certification regime to the consultation paper 86 dialogue in Ireland, regarding the location and competency of designated persons to appropriately challenge investment managers as delegates. It is also central to the wider review of delegation and outsourcing found within the open AIFMD consultation. The AIFMD consultation also draws UCITS activities into its purview in relation to ability to delegate to non-E.U. countries also.
When it comes to authority to act, this is another area of increasing asset management scrutiny, that those with oversight responsibilities from the boardroom, down the chain to the various audit and compliance lines of defense must show that they are empowered to challenge the front office in terms of compliance. This is true across trade best execution, suitable investments, liquidity stress testing or distribution strategy. Those with oversight and control responsibilities must have access to the right data and reporting and understand the data. There also must be a culture where compliance functions are empowered to engage with the business. The final point is upskilling there are new compliance challenges as the market evolves – does the asset manager have adequate knowledge and resource to deal with evolving cybersecurity risk, the nuances of regulation of cryptocurrency.
Oversight and Control as a Growth Driver
Strong oversight and control environments are needed not merely to ensure compliance with rules but also to have a robust framework to have confidence to grow into new asset classes and markets of distribution. Priming your oversight and control model to ensure you can help, not hinder, business strategy and growth ambitions is where many asset managers heads’ are at right now.
This is as relevant in Europe as it is in United States or Asia.
The question for asset managers is do they have the appropriate oversight and control of these areas as supervisors look to interrogate them? These are not regional- or country-specific demands.
When it comes to detailed supervision and inspections and heightened regulator expectations, that is very much a global regulatory theme.