This year we will witness a number of significant pieces of EU legislation taking effect, including: ​​​​​​​​​​​​

  • The second Markets in Financial Instruments Directive (MiFID II)

  • The General Data Protection Regulation (GDPR)

  • The Central Securities Depository Regulation (CSDR)

​W​e have invested heavily in several business-wide projects to assess the impact of these regulatory developments. Our aim is to ensure that the process of implementing these changes is as seamless as possible and that we remain 100% compliant.


 

In this article we will give you an overview of these regulations, explain how they will impact the services we provide to you and your shareholders and inform you about what we are doing to comply with these new rules.


 

We expect these regulatory changes to come into effect as of:

  • 3 January 2018

    The second Markets in Financial Instruments Directive (MiFID II)
  • Q1/Q2 2018

    The Central Securities Depository Regulation (CSDR)
  • 25 May 2018

    The General Data Protection Regulation (GDPR)

Markets in Financial Instruments Directive II (MiFID II)


 

The original MiFID came into effect in November 2007. This regulation aimed to harmonise investment services throughout the EU and allowed authorised firms in their home state to operate in other EU countries. This became commonly known as 'passporting'. Additionally the directive aligned protections for all investors within the EU.


 

Since the original directive came into effect we have experienced a financial crisis and witnessed significant advances in technology. The updated directive has been developed as a response to these and also improves the transparency between investors and regulators.

MiFID II is accompanied by a new regulation and came into force in all EU member states on 3 January 2018.


 

What are the core themes?

MiFID II has a broad range of highly intricate provisions which aim to:

  • strengthen investor protections
  • increase the harmonisation of investment services within the EU
  • increase competition within markets
  • introduce enhanced regulatory supervision
The new directive requires robust controls to avoid conflicts of interest. It makes pre-trade and post-trade execution more transparent and provides investors with greater protection through increased checks about the suitability of investments.

 
As the EU-wide regulator, the European Securities and Markets Authority (ESMA) will oversee the introduction of new supervisory powers such as the ability to intervene in governance activities.
The directive increases the importance of compliance, audit and risk management. It focuses on how they may relate to market participants, the development and marketing of new financial products and the reporting of conflicts of interest.

 
What impact will MiFID II have?


 

Buying and selling shares
There have been necessary changes to the process of buying and selling shares to help increase the transparency of the existing transaction reporting regime for regulators. This means additional information needs to be collected from shareholders prior to any trades being executed, including:
  • date of birth
  • nationality
  • National ID (a reference which can vary by country)


 

For trades placed using our web or telephone dealing service, this information will be obtained by The Share Centre. For telephone dealing services, any individual who has never placed a trade before will be asked for their email address so that the terms and conditions of the dealing service can be provided. They will then be required to call The Share Centre again and confirm that they are accepting of the terms and wish to proceed with a trade, this is because MiFID II requires individuals to be accepting of the terms and conditions prior to taking action where previously they could be provided with terms over the phone or post-trade.


 
Corporate Sponsored Nominees
MiFID II will introduce some changes to the statements which are issued to participants where we hold their assets and/or money.
Statements will need to be issued quarterly rather than annually, and more information will be contained within the statement. For example, the statement will include a market value or estimated value of the assets being held, as well as details of any abnormalities regarding the assets ownership.

Quarterly statements will be available in electronic form via Investor Centre making the process more efficient and environmentally-friendly. We will also provide an annual summary after the end of each year. The summary will consolidate information from the quarterly statements and will be printed and sent to your registered address, if an individual’s communications preference is for post.


 

Statements will be available from:

Available fromCovering the period
30 April1 January to 31 March
31 July 1 April to 30 June
31 October1 July to 30 September
31 January1 October to 31 December


 

When a participant in a nominee account wants to transfer their assets to another party within the same account, all parties will be required to provide additional information. Therefore, the transfer forms will need both parties to include their national ID, nationality and date of birth. These transfers will then be reportable to the home state regulator.

 

Dividend Reinvestment Plans (DRiPs)

The quarterly statement obligation under MiFID II will also apply to cash retention held for participants of any DRiPs we administer for you. If your company makes bi-annual dividend payments, quarterly statements will be produced and handled in the same way as for Corporate Sponsored Nominees, however if your company makes quarterly dividend payments the stationery will be updated to ensure that the Share Purchase Advices are sufficient to meet the obligations of the Directive.


 

General Data Protection Regulation (GDPR)


Improving data protection for individuals

GDPR is an EU directive which will come into force from 25 May 2018 with the aim to strengthen and harmonise the protection given to individuals throughout the EU.


 

The core themes

GDPR aims to create an EU-wide approach for the treatment of individual's data, focusing on:

  • the protection of data
  • the transfer of data outside of the EU
  • the handling of EU citizen's data by international organisations

 
The Information Commissioner's Office (ICO) has published a paper with the following steps that you can take to prepare for GDPR:

 
  • Information you hold

    Information you hold

    You should document what personal data you hold, where it came from and who it is shared with.

  • Legal basis for processing personal data

    Legal basis for processing personal data

    You should review the various types of data processing your organisation carries out and confirm the legal basis for carrying it out.

  • Communicating privacy information

    Communicating privacy information

    You should review and update any privacy notices.

  • Consent

    Consent

    You should review how consent is sought, obtained and recorded.

  • Individuals' rights

    Individuals' rights

    You should review all procedures to ensure they cover the rights of individuals, including how to delete personal data or provide data electronically.

  • Data protection by design and Data Protection Impact Assessments

    Data protection by design and Data Protection Impact Assessments

    You should familiarise yourself with the ICO's guidance on Privacy Impact Assessments.



The key elements of GDPR include:

  • Obtaining explicit consent and use of privacy notices

  • Amendments to the subject access request regime

  • Reporting of data breaches

  • Enhancements to potential fines

ICSA Guidance Notes

What are the impacts of GDPR on registry services?

Where possible, we have sought to take a holistic approach to the changes arising from the various regulatory developments. For example, as part of recent updates to the terms and conditions of Dividend Reinvestment Schemes and Corporate Sponsored Nominee services (where offered by issuers), we ensured the revised terms were consistent with the requirements of GDPR, negating the need to update them again prior to the May deadline.

A key component of our GDPR analysis has involved mapping all our processes that utilise personal data in order to support the compilation of a register of processing, a requirement under Article 30. This sizable task has been completed and the output will inform decision making over the coming months.

Several project workstreams are our intended focus over the coming months:

  • Contract Provisions

    GDPR includes specific requirements for legal agreements between organisations and so Computershare are drafting contract addendum documents to amend existing arrangements and ensure the updated contract includes all necessary data protection rights, obligations and protections for both parties. 

    Client Managers will be in touch during February to provide you with a copy of our contract amendment letter for your review.
  • Data Subject Rights

    Where necessary, we will enhance our systems to ensure compliance with all applicable data subject rights. Rights include those of data rectification, erasure, portability and a shortened timeframe for responding to Subject Access Requests. 
  • Breach Reporting

    In future, data controllers will need to report data breaches to supervisory authorities within 72 hours of becoming aware of a breach. We are building on our pre-existing breach reporting process to aid you in adhering to this requirement.


 

If you would like further clarification, please review our GDPR FAQs.


 

If you would like more detail you can watch our online seminar:

Session length: 20 minutes

​​​​

Central Securities Depository Regulation (CSDR)

​​​​
Refining EU settlement systems and processes

​​​​At first glance, CDSR looks like it only impacts Central Securities Depositories (CSDs) such as Euroclear. But this is far from the truth. In fact the aim of CSDR is to improve and harmonise EU settlement systems and processes. This will directly affect market participants and indirectly affect CSD participants due to the new obligations on the CSD.

 

The core themes

The regulation will require CSDs to obtain a license to operate from the local authorising body (for example that will be the Bank of England for the UK). As part of their license application, CSDs such as Euroclear will have to ensure that they are compliant with the other requirements of the regulation. As a result, users of the CREST system in the UK and Ireland will be required to provide certain information and conform to the following new practices:

  • Supplying additional information about CSD participants such as Legal Entity Identifiers

  • Fortnightly securities reconciliations

  • Registrars will be designated as Critical Service Providers and will be subject to increased oversight and audit by Euroclear

  • Implementing additional controls when issuing stock into the CREST system

​​What are the impacts of CSDR?
Participants will need to provide additional information on securities

Euroclear need all participants to supply additional information on the nature of their holdings in the CREST system. Issuers are required to provide information on both themselves (for example their Legal Entity Identifier) and the law applicable to their incorporation and securities. Issuers who fail to provide this information will be reported by Euroclear to the Bank of England.


 

We have already been collecting this information from Issuers and submitting it to Euroclear - you can find more information on our blog​. Thank you to those that have already supplied this information. Client Managers will be contacting you if this information is still outstanding.

We may be required to contact you on an annual basis to confirm that the additional information we hold for you is still valid.

 

Fortnightly security reconciliations

CSDR requires Registrars to complete full reconciliations for all securities that are held within CREST on a fortnightly basis rather than quarterly.

We have invested in our systems and support infrastructure to accommodate this requirement and we have carried out extensive testing alongside Euroclear to ensure the transition is seamless.


 

More controls over issuing securities

In order to maintain the stability of financial markets, CSDR seeks to prevent any 'undue' issuance or cancellation of securities. As a result, Euroclear are placing new obligations on Registrars which will dictate how we assist Issuers when allotting/crediting new stock to CREST participants.

Euroclear have laid out the developments to the CREST system to support these obligations, and we are investing in our systems and infrastructure to ensure we are compliant.


 

Segregated accounts need to be offered to participants of Corporate Sponsored Nominees

​Article 38(5) of CSDR requires segregated accounts to be offered to participants holding securities via omnibus accounts. Participants need to be informed about the costs and risks associated with omnibus accounts versus client segregation. This obligation will impact participants in Corporate Sponsored Nominees (CSN) where we manage those services for you. We are reviewing the best solution to implementing these requirements and we will be in touch once we have more detail about how this impacts you.


 

Changes to our terms and conditions for regulated services

The requirements of MiFID II, GDPR and CSDR are broad and they will require changes to our existing terms and conditions for regulated services.

We will take this opportunity to standardise, enhance and future proof our terms and conditions. What's more, we will enhance the forms we use for executing trades and transfers, as well as introducing developments into our Contact Centre to make sure we capture all the required information.


What is next?

We will keep you up-to-date with our progress as our project impacts the services we provide to you and your shareholders.

If you have any queries in the meantime, please contact your Client Manager.


 

If you would like more detail you can watch our online seminar:

Session length: 40 minutes


 

​Seminar resources​

If you would like to download the presentation from our online seminar, click on the link below: