Digitalisation has swept through the asset management industry over the last 18 months as investment firms embrace new technologies together with esoteric asset classes such as crypto-assets. Simultaneously, the COVID-19 pandemic has also reinforced the importance of technology and effective BCP (business continuity planning) in financial institutions’ day to day operations. Both crypto-assets and digital resiliency are now areas of focus for the EU’s proposed Digital Finance Package (DFP), a set of reforms designed to promote digital transformation within the EU.
Bringing a semblance of law and order to the Wild West
Although the $2.5 trillion crypto-currency market is overwhelmingly dominated by retail investors, institutions are slowly building up their exposures.. Many boutique asset managers are sceptical about crypto-currencies – viewing them as unacceptably volatile, speculative, difficult to value and lacking in any basic fundamentals. Despite these objections, a study by Fidelity Digital Assets in 2020 found that 26% of institutional investors invested in Bitcoin, while 11% had exposure to Ethereum. Embedded within the DFP is the Regulation on Markets in Crypto-Assets (MiCA). Under MiCA, crypto-assets will be split into two distinct buckets, namely regulated (i.e. security tokens) and unregulated (e.g. crypto-currencies). In the case of the former, pre-existing EU regulations such as the Markets in Financial Instruments Directive II (MiFID II) and the Central Securities Depositories Regulation (CSDR) will continue to apply. The EU is also proposing a pilot regime that would allow market infrastructures to facilitate trading and settlement in these regulated crypto-assets. By providing regulatory clarity, the EU believes trading in security tokens – which has been fairly muted so far -could be accelerated.
Crypto-currencies – which are not subject to EU regulations – are a totally different story. Aside from their appalling environmental footprint, the absence of regulation means investors incur significant risk if they trade these assets. In addition, a number of the providers offering services linked to such crypto-currencies (i.e. crypto-exchanges, crypto-custodians) are themselves unregulated. While a handful of EU member states have introduced their own rules around crypto-currencies, the approach has been fragmented. Under MiCA, issuers of these crypto-assets and crypto-asset service providers must apply for authorisation. Further “safeguards include capital requirements, custody of assets, a mandatory complaint holder procedure available to investors and investor rights against the issuer,” according to a DLA Piper briefing. The DLA Piper briefing continues that once authorised in a member state, operators can passport into other jurisdictions, while the provisions also outlaw market abuse in the secondary market for crypto-assets.
Ensuring digital resiliency
COVID-19 has made financial institutions – including asset managers – increasingly dependent on technology. Consequentially, a technology outage – for whatever reason – has the potential to cause untold damage to financial stability. To mitigate this risk, the European Commission is introducing the Digital Operational Resilience for the Financial Sector (DORA) regulation, which will force financial institutions to have measures in place to insulate themselves against IT disruption. McCann Fitzgerald highlights these provisions will require financial firms to have a dedicated IT risk management; a management process to monitor and report major IT related incidents to regulators; digital operational resilience testing; and processes to monitor IT risks at third party providers. DORA also permits information sharing between financial institutions on issues relating to cyber-crime.
Brace for new digital regulations
Digitalisation creates both opportunities and risks, and it is clear the EU is looking to strike a balance between the two with its latest proposals. Accordingly, this is something which asset managers should be paying close attention to.