The second Markets in Financial Instruments Directive (MiFID II)
The General Data Protection Regulation (GDPR)
The Central Securities Depository Regulation (CSDR)
We have invested heavily in several business-wide projects to assess the impact of these regulatory developments. Our aim is to ensure that the process of implementing these changes is as seamless as possible and that we remain 100% compliant.
In this article we will give you an overview of these regulations, explain how they will impact the services we provide to you and your shareholders and inform you about what we are doing to comply with these new rules.
We expect these regulatory changes to come into effect as of:
3 January 2018The second Markets in Financial Instruments Directive (MiFID II)
Q1/Q2 2018The Central Securities Depository Regulation (CSDR)
25 May 2018The General Data Protection Regulation (GDPR)
Markets in Financial Instruments Directive II (MiFID II)
The original MiFID came into effect in November 2007. This regulation aimed to
Since the original directive came into effect we have experienced a financial crisis and witnessed significant advances in technology. The updated directive has been developed as a response to these and also improves the transparency between investors and regulators.
MiFID II is accompanied by a new regulation and came into force in all EU member states on 3 January 2018.
What are the core themes?
MiFID II has a broad range of highly intricate provisions which aim to:
- strengthen investor protections
- increase the
harmonisationof investment services within the EU
- increase competition within markets
- introduce enhanced regulatory supervision
What impact will MiFID II have?
Buying and selling shares
- date of birth
- National ID (a reference which can vary by country)
For trades placed using our web or telephone dealing service, this information will be obtained by The Share Centre. For telephone dealing services, any individual who has never placed a trade before will be asked for their email address so that the terms and conditions of the dealing service can be provided. They will then be required to call The Share Centre again and confirm that they are accepting of the terms and wish to proceed with a trade, this is because MiFID II requires individuals to be accepting of the terms and conditions prior to taking action where previously they could be provided with terms over the phone or post-trade.
Corporate Sponsored Nominees
Quarterly statements will be available in electronic form via Investor Centre making the process more efficient and environmentally-friendly. We will also provide an annual summary after the end of each year. The summary will consolidate information from the quarterly statements and will be printed and sent to your registered
Statements will be available from:
|Available from||Covering the period|
|30 April||1 January to 31 March|
|31 July||1 April to 30 June|
|31 October||1 July to 30 September|
|31 January||1 October to 31 December|
When a participant in a nominee account wants to transfer their assets to another party within the same account, all parties will be required to provide additional information. Therefore, the transfer forms will need both parties to include their national ID, nationality
Dividend Reinvestment Plans (DRiPs)
The quarterly statement obligation under MiFID II will also apply to cash retention held for participants of any DRiPs we administer for you. If your company makes bi-annual dividend payments, quarterly statements will be produced and handled in the same way as for Corporate Sponsored Nominees,
General Data Protection Regulation (GDPR)
Improving data protection for individuals
GDPR is an EU directive which will come into force from 25 May 2018 with the aim to strengthen and
The core themes
GDPR aims to create an EU-wide approach for the treatment of individual's data, focusing on:
- the protection of data
- the transfer of data outside of the EU
- the handling of EU citizen's data by international
The Information Commissioner's Office (ICO) has published a paper with the following steps that you can take to prepare for GDPR:
Information you hold
You should document what personal data you hold, where it came from and who it is shared with.
Legal basis for processing personal data
You should review the various types of data processing your organisation carries out and confirm the legal basis for carrying it out.
Communicating privacy information
You should review and update any privacy notices.
You should review how consent is sought, obtained and recorded.
You should review all procedures to ensure they cover the rights of individuals, including how to delete personal data or provide data electronically.
Data protection by design and Data Protection Impact Assessments
You should familiarise yourself with the ICO's guidance on Privacy Impact Assessments.
Obtaining explicit consent and use of privacy notices
Amendments to the subject access request regime
Reporting of data breaches
Enhancements to potential fines
ICSA Guidance Notes
What are the impacts of GDPR on registry services?
Where possible, we have sought to take a holistic approach to the changes arising from the various regulatory developments. For example, as part of recent updates to the terms and conditions of Dividend Reinvestment Schemes and Corporate Sponsored Nominee services (where offered by issuers), we ensured the revised terms were consistent with the requirements of GDPR, negating the need to update them again prior to the May deadline.
A key component of our GDPR analysis has involved mapping all our processes that
Several project workstreams are our intended focus over the coming months:
- Contract Provisions
GDPR includes specific requirements for legal agreements between
organisationsand so Computershare are drafting contract addendum documents to amend existing arrangements and ensure the updated contract includes all necessary data protection rights, obligations andprotections for both parties.
Client Managers will be in touch during February to provide you with a copy of our contract amendment letter for your review.
- Data Subject Rights
Where necessary, we will enhance our systems to ensure compliance with all applicable data subject rights. Rights include those of data rectification, erasure, portability and a shortened timeframe for responding to Subject Access Requests.
- Breach Reporting
In future, data controllers will need to report data breaches to supervisory authorities within 72 hours of becoming aware of a breach. We are building on our pre-existing breach reporting process to aid you in adhering to this requirement.
If you would like further clarification, please review our GDPR FAQs.
If you would like more detail you can watch our online seminar:
Session length: 20 minutes
Central Securities Depository Regulation (CSDR)
Refining EU settlement systems and processes
At first glance, CDSR looks like it only impacts Central Securities Depositories (CSDs) such as Euroclear. But this is far from the truth. In fact the aim of CSDR is to improve and harmonise EU settlement systems and processes. This will directly affect market participants and indirectly affect CSD participants due to the new obligations on the CSD.
The core themes
The regulation will require CSDs to obtain a license to operate from the local authorising body (for example that will be the Bank of England for the UK). As part of their license application, CSDs such as Euroclear will have to ensure that they are compliant with the other requirements of the regulation. As a result, users of the CREST system in the UK and Ireland will be required to provide certain information and conform to the following new practices:
Supplying additional information about CSD participants such as Legal Entity Identifiers
Fortnightly securities reconciliations
Registrars will be designated as Critical Service Providers and will be subject to increased oversight and audit by Euroclear
Implementing additional controls when issuing stock into the CREST system
What are the impacts of CSDR?
Participants will need to provide additional information on securities
Euroclear need all participants to supply additional information on the nature of their holdings in the CREST system. Issuers are required to provide information on both themselves (for example their Legal Entity Identifier) and the law applicable to their incorporation and securities. Issuers who fail to provide this information will be reported by Euroclear to the Bank of England.
We have already been collecting this information from Issuers and submitting it to Euroclear - you can find more information on our blog. Thank you to those that have already supplied this information. Client Managers will be contacting you if this information is still outstanding.
We may be required to contact you on an annual basis to
confirm that the additional information we hold for you is still valid.
Fortnightly security reconciliations
CSDR requires Registrars to complete full reconciliations for all securities that are held within CREST on a fortnightly basis rather than quarterly.
We have invested in our systems and support infrastructure to accommodate this requirement and we have carried out extensive testing alongside Euroclear to ensure the transition is seamless.
More controls over issuing securities
In order to maintain the stability of financial markets, CSDR seeks to prevent any 'undue' issuance or cancellation of securities. As a result, Euroclear are placing new obligations on Registrars which will dictate how we assist Issuers when allotting/crediting new stock to CREST participants.
Euroclear have laid out the developments to the CREST system
to support these obligations, and we are investing in our systems and
infrastructure to ensure we are compliant.
Segregated accounts need to be offered to participants of Corporate Sponsored Nominees
Article 38(5) of CSDR requires segregated accounts to be offered to participants holding securities via omnibus accounts. Participants need to be informed about the costs and risks associated with omnibus accounts versus client segregation. This obligation will impact participants in Corporate Sponsored Nominees (CSN) where we manage those services for you. We are reviewing the best solution to implementing these requirements and we will be in touch once we have more detail about how this impacts you.
Changes to our terms and conditions for regulated services
The requirements of MiFID II, GDPR and CSDR are broad and they will require changes to our existing terms and conditions for regulated services.
We will take this opportunity to
What is next?
We will keep you up-to-date with our progress as our project impacts the services we provide to you and your shareholders.
If you have any queries in the meantime, please contact your Client Manager.
If you would like more detail you can watch our online seminar:
Session length: 40 minutes