Key regulatory developments in 2019
Proskauer’s 2019 Annual Review listed updates on UK tax, the relationship between the UK and the EU, as well as cyber security and privacy law.
There are two areas of development in relation to the international focus on tackling tax avoidance and increasing transparency of tax arrangements.
The UK responded to the OECD’s recommendation on Action 2, which was about neutralising effects of hybrid mismatch arrangements, and legislation was brought in under the Finance Act 2016. This led to anti-hybrid rules being effective from 1 January 2017.
The Anti-Tax Avoidance Directive (ATAD) and its update, ATAD2, which includes transactions with third countries, targets the EU’s arrangements. While EU member states were expected to implement ATAD by 1 January 2019, ATAD2 will take effect from 1 January 2020. Second stage “reverse” hybrid rules will be effective from 1 January 2022.
During the DAC6 introduction, any transaction undertaken on or after 25 June 2018 is reportable, of which the first reports are required by 31 August 2020. Individual EU member states are expected to introduce domestic legislation by the end of the year.
Following UK publication of draft regulations implementing DAC6 in July, there is still uncertainty around the scope of regulations, impact of Brexit and the form of any evidence of another intermediary’s disclosure. Progress of DAC6’s consultation and regulation implementation need to be monitored.
If the latest withdrawal agreement goes ahead, the transitional period in which the majority of EU legislation will apply in the UK runs until 31 December 2020, thus the impact to the financial services sector should be minimal. However, what happens beyond this date still remains uncertain.
A no-deal Brexit will impact to UK fund managers which use the European passporting system for funds the most. US fund managers need to continue to market funds via the national private placement scheme in relevant countries.
The UK will be classed as a “third country” when it leaves the EU and UK AIFMs will need to market in EU states through NPPR notifications to each country. The current negotiation positions between the UK and the EU mean UK firms are unlikely to be given a special status under a Brexit deal enabling them to have access to the passport under special conditions.
Pre-marketing of funds in 2021
In June 2019, the EU published its legislative package which aims to reduce regulatory barriers for cross-border distribution of funds (CBDF) in the EU.
EU member states are expected to implement CBDF into normal law by 2 August 2021.
The new definition of “pre-marketing” in the CBDF applies a wide interpretation and allows fund specific information including draft PPMs or offering documents. It will not need to be notified to EU member state regulators in advance, but fund managers will be required to send a letter to their local home state regulator within two weeks of beginning pre-marketing. The letter must specify where and for which periods it takes place with a brief description of the pre-marketing, as well as information on the investment strategies presented and AIF(s) covered.
Third parties carrying out pre-marketing on behalf of fund managers must also be authorised as an investment firm under MiFID, a credit institution, a UCITS management company or an AIFM under AIFMD. Alternatively it can act as a tied agent in accordance with MiFID.
By August 2021, whether or not the UK has left the EU, it will be expected to implement requirements in its domestic regime to those in the CBDF package.
Cyber security and privacy law
Regulation S-P, which is a key SEC rule around privacy notices and safeguarding policies of registrants, was brought into effect by a Risk Alert issued by the OCIE on 16 April 2019. It requires all registrants to provide clear, conspicuous notice to clients of their privacy policies and practices during both the initial stages of their relationship and throughout.
The notice must include the client’s right to opt out of certain disclosures of personal information.
The OCIE found that registrants did not have written policies and procedures that comply with the above rules, or firms had policies but were not applying them.
Those registered with the SEC need to review their policies and procedures to ensure compliance, in terms of having the policies in place, but also applying them.