Quick Take: What do ESMA's SSOs mean for BREXIT-proofing of business and for other market participants moving to the EU-27?

On May 31, 2017, the European Securities and Markets Authority (ESMA), which is an EU-wide European Supervisory Authority (ESA), released a legal instrument in the form of an 'Opinion' on "General principles to support supervisory convergence in the context of the United Kingdom withdrawing from the European Union" (the ESMA General Opinion).1 The ESMA General Opinion was the first in a series of regulatory tools to improve supervisory convergence amongst the national competent authorities (NCAs) as well as amongst the ESAs that make up the European System of Financial Supervision (ESFS) of the EU.

On July 13, 2017, ESMA published the following "sector specific opinions" (SSOs):

  • Opinion to support supervisory convergence in the area of investment firms in the context of the United Kingdom withdrawing from the European Union (ESMA35-43-762) (the MiFID Investor Protection SSO);2
  • Opinion to support convergence in the area of investment management in the context of the United Kingdom withdrawing from the European Union (ESMA34-45-344) (the Fund Management SSO);3
  • Opinion to support convergence in the area of secondary markets in the context of the United Kingdom withdrawing from the European Union (ESMA70-154-270) (the Secondary Markets SSO).4

A year later, ESMA, as with its sister ESAs and the wider ESFS, concenred by lack of BREXIT-preparedness by affected firms, issued its July 2018 Public Statement5 on "Timely submission of requests for authorization in the context of the United Kingdom withdrawing from the European Union" (the 2018 Update) that firms must have a fully authorized legal entity located in the EU-27 to continue providing services in the EU-27.  This supervisory objective is not new, even if many firms and their professional advisers may be receiving "institution-tailored" BREXIT-letters from supervisors, many may not be fully aware of the EU's SPoRs and those of ESMA as supervisors would like.  

So what does this all mean in practice and why does it matter?

The SSOs each expand ESMA's SPoRs and the supervisory expectations in its General Opinion. They affect those relocating due to BREXIT and relocations by other third-country entities (TCEs) to the EU-27. They also complement the supervisory statements of the European Central Bank (ECB), acting in its role in the Single Supervisory Mechanism (SSM) "pillar" in the Eurozone's Banking Union. The SPoRs issued by ESMA and the ECB are also complementary to the statements made in a standalone Opinion issued by ESMA's sister authority, the European Insurance and Occupational Pensions Authority (EIOPA), and this Client Alert should be read in conjunction with dedicated coverage from our Eurozone Hub on the SPoRs.

For some firms the SPoRs in their various iterations have caused supervisors to send their BREXIT-proofing plans back to the drawing board. Others are invited by supervisors to pick up the pace. Irrespecitve of whether firms focus on quick wins or more strategic changes in connection with their more intensive planning, some of this may need to take place prior to the submission of relevant applications to supervisors, and other 'SpoR friendly solutions' might be contingent upon supervisory clearance.

One area of repeated concern voiced by supervisors was that some firms were trying to be more cute than compliant, i.e., falling foul of specific requirements on substance, mind and matter and technical resources in a particular EU-27 jurisdiction. This means firms will need to assess their needs carefully in respect of securing or safeguarding appropriate financial, non-financial as well as human resources required to run their business on the ground in the EU-27.

The war for talent is picking up, albeit perhaps not as quickly as some might like or in the correct scope. Some of this might need to reflect that the firms and regulators have no merit in securing talent along national linguisitc lines instead of looking at the best person for the job and facilitating a multinational and multi-lingual operating environment, especially as, in relation to the EU financial services market and regulatory rulemaking, supervision and business, the lingua franca will remain English long after the UK's departure from the EU.

The SSOs and the SPoRs: the common elements

The SSOs are drafted in a "jurisdiction agnostic" and "firm type agnostic" element, i.e., they aim to cover the entire scope of EU-27, European Economic Area and European Free Trade Association jurisdictions and NCAs to whom the General Opinion is addressed and the types of firms and businesses supervized by them. Each of the SSOs contain common elements in their drafting that provide:

  • The legal basis for delivering the relevant SSO;
  • Background as to why an Opinion, as a legal instrument, is best placed to drive supervisory convergence;
  • Background on BREXIT, why this necessitates greater supervisory convergence and the SSOs; and
  • Instructions to the NCAs that they should have adequate resources to discharge their supervisory tasks confidently.

Each of the SSOs builds upon and cross-refers to the ESMA General Opinion (also referred in each as the "cross-sectoral opinion").The 9 "Principles" set in the ESMA General Opinion can be summarized as follows:

  1. No automatic recognition of existing authorizations;
  2. Authorizations granted by EU-27 NCAs should be rigorous and efficient;
  3. NCAs should be able to verify the objective reasons for relocation;
  4. Special attention should be granted to avoid letter-box entities in the EU27;
  5. Outsourcing and delegation to third-countries is only possible under strict conditions;
  6. NCAs should ensure that substance requirements are met;
  7. NCAs should ensure sound governance of EU entities;
  8. NCAs must be in a position to supervize and enforce EU law effectively; and
  9. NCAs need to implement coordination to ensure effective monitoring by ESMA.

Aims and content of the MiFID Investor Protection SSO

The MiFID Investor Protection SSO introduces additional SPoRs as they apply to authorization, substance requirements (including governance and outsourcing) and effective supervision.6 The MIFID Investor Protection SSO states that it should be read in conjunction with the Secondary Markets SSO.

In summary, the MiFID Investor Protection SSO clarifies that the SPoRs will apply to those entities that are regulated as MiFID Investment Firms. A large amount of broker-dealers, certain investment banks and other firms engaging in investment activities and investment services other than fund management will thus be caught by this SSO.

Authorization requirements

Building upon the ESMA General Opinion's own SPoRs, the MiFID Investor Protection SSO directs NCAs:

  • To be stringent in terms of their authorization process. NCAs are tasked with ensuring complete information is provided to them for review and for such review to be carried out without any derogations or exemptions or reliance on previous or existing authorisations in other Member States or third countries. This follows-on from the Principles in the ESMA General Opinion of no automatic recognition of existing authorizations and clarifies that authorization applications cannot be 'waved through';
  • To ensure that applicants can meet all their obligations upon day one of authorization. Furthermore, firms and NCAs are reminded that the MiFID framework does not provide for transitional provisions in case of relocations and are advised to pay (emphasis added in bold):

    "...particular attention to issues affected by relocation and to situations where the application is part of a group/has links with non-EU entities and should therefore assess any qualifying shareholders, the group business model/structure, the impact of potential (prudential) consolidated supervision or the lack thereof, etc. NCAs should verify how any (in particular non-EU) shareholders or members with qualifying holdings are likely to influence the sound and prudent management of the investment firm and its compliance with the MiFID framework as well as prudential requirements under CRR/CRD IV. In particular, NCAs shall carefully assess whether the group structure within which the investment firm will operate constitutes an obstacle to their effective exercise of supervisory functions."

A lot of the focus on qualifying holdings may also come from supervisory influences and experiences from the SSM. The SSM has recently increased its focus on assessing the terms of effective control and the use of holding companies to improve supervision and risk mitigation in respect of Banking Union Supervised Institutions (BUSIs). From a practical perspective, this might mean more intrusive scrutiny by individual NCAs or a college of supervisors when looking at structures of relevant firms as well as the apportionment of responsibilities and regulated functions.

Substance requirements

The MiFID Investor Protection SSO, again building upon the SPoRs in the ESMA General Opinion is primarily concerned with ensuring that firms have an appropriate and proportionate risk management process in relation to cross-border activities. NCAs are also directed, as in the ESMA General Opinion, to  prevent specifically the use of "letter-box" entities as well as to restrict/prohibit authorization of those firms relocating in the event they cannot evidence sufficient substance, presence and mind and matter that is located in the EU-27 Member State to which that firm is relocating.

Sufficient substance and mind and matter on the ground means having sufficient resources, including decision makers and governance, risk and control functions located within the EU-27. It also means having outsourcing and delegation arrangements that are appropriate and do not obstruct the ability to supervize. The MiFID Investment Protection SSO also further specifies, by introducing more stringent requirements (including provisions for substitute managers and alternative arrangements) when compared to existing regulatory rules, that (emphasis add in bold):

"...at least two persons with the requisite knowledge, experience and sufficient time-commitment should effectively direct the business of the applicant firm. Sound governance and internal control mechanisms should provide clarity as to the allocation of responsibilities, documented policies and procedures which foster constructive challenge and the effective involvement of board members/senior managers."

NCAs are required to set their expectations on what they consider sufficient time commitments and firms' compliance with those thresholds. Furthermore, NCAs are directed to review that sufficient collective responsibility is evidenced. Firms may want to consider therefore how they capture compliance with these expectations. This may entail amending existing or drafting new policies and procedures of a firm to ensure there is sufficient "constructive challenge" embedded within a firm's operation and governance arrangements.

The MiFID Investor Protection SSO also details that smaller firms with "...a very narrow and non-complex range of activities" may, as has previously been the case, aggregate certain governance, risk and control functions, subject to the NCA being satisfied that appropriate safeguards are implemented to ensure the effectiveness of such functions and the compliance obligations.

However, the SPoRs in this SSO do not clarify what would happen in the case of disagreement amongst a college of supervisors responsible for monitoring a given smaller firm wishing to make use of this derogation. As a result, firms that are likely to fall within this bracket may need to consider how they document their assessment as to whether they fall into this category and how to evidence sufficient supervisory acknowledgement or no-objection of falling within this category.

Outsourcing/delegation, reliance on TCEs and effective supervision

Irrespective of size/complexity of a relocating firm, requirements to maintain appropriate financial and non-financial resources are a part of meeting initial and on-going threshold conditions for authorization and subsequent supervision. The same is true of close-links, concentration limits and best execution. That being said, this SSO specifically goes beyond a number of existing regulatory principles, and will thus cause a rethink and redraft of a number of internal policies for existing and new EU-27 firms, as the provisions stipulate that NCAs must pay close attention to the risks arising out of a situation where firms:

  • Choose to execute client orders using a single venue and how overreliance on that venue may not allow the firm to demonstrate it is acting in its clients' best interests;
  • Execute trades to hedge client orders on a back-to-back basis, the selection of the execution venue upon which such hedging takes place is a major factor that determines the delivery of the firm's best execution obligations vis-à-vis its clients. Overconcentration of one hedging venue or counterparty may raise supervisory questions; and
  • Use or transact TCEs to execute or hedge transactions and how the relevant EU investment firms will be able to obtain sufficient information from the TCE on execution quality necessary for the EU investment firm to discharge its own compliance obligations on an on-going basis.

This SSO, like the ESMA General Opinion, requires that NCAs specifically assess regulated outsourcing and delegation arrangements but does so in a manner that supplements the rules in the MiFID framework.  NCAs are directed that they: "should" i.e., "must" be satisfied with firms' due diligence processes and that:

"... all outsourcing functions must be preceded by the firm's written due diligence on the service providers and possible substitutes (if any)."

Firms will as a result probably need to document due diligence in a much more detailed and formal form and may want to redocument existing assessments.

As a further specification in this SSO, NCAs are required to review any outsourcing arrangement of any portfolio management functions to TCEs (incl. non-EU branches) that include portfolios that invest in instruments issued by EU issuers or portfolios of collective undertakings (i.e., funds). This may cause a number of issues for the asset management sector. The SSO states that this assessment will look, whether, in light of the geographical spread of investments and clients between the EU and non-EU markets, such outsourcing/delegation of portfolio management (but perhaps not the activity of investment advice) to a TCE is appropriate and objectively justified. The MiFID Investor Protection SSO also requires that NCAs monitor how firms engage with TCEs and non-EU branches in relation to the performance of functions/services with respect to the firms' EU clients.

Aims and content of the Fund Management SSO

The Fund Management SSO, and the SPoRs it introduces, will be relevant to the body of funds and fund managers that are subject to the AIFMD/R as well as UCITS Regime. The contents and the approach of this SSO largely follow that of the MiFID Investment Protection SSO. The same is true in terms of how the SPoRs contained in this SSO supplement, refine and introduce new concepts to those contained in the ESMA General Opinion.

The focus of this SSO primarily concerns itself with supervisory expectations relating to authorizations, governance and internal control, delegation and outsourcing and concludes with obligations on NCAs in respect of effective supervision. Some points that are specific to the entities addressed within the scope of the Fund Management SSO, and which go beyond those in the MiFID Investment Protection SSO, are explored in turn below.

The Fund Management SSO requires NCAs to be far more granular in their assessment of whether an authorized entity's procedures, mechanisms and organizational structures are appropriate or proportionate to the size, nature, scale and complexity of the relevant business. NCAs are directed to assess inter alia the:

  • Size of the authorized entity's business (value of assets under management)
  • Number of (sub-)funds and share classes
  • Complexity of investment strategies pursued
  • Type and range of asset classes invested in
  • Geographical spread of investments
  • Use of leverage
  • Use of "efficient portfolio management techniques" (without this term being defined)
  • Frequency of investment activities
  • Nature of cross-border management or marketing activities
  • Type and range of the regulated activity and functions listed in Annex II of the UCITS Directive and Annex I of AIFMD that are performed internally or subject to delegation monitoring
  • Provision of additional MiFID services (insofar permitted for the fund manager or its affiliates)
  • Number and type of investors
  • Frequency of investor subscriptions and redemptions
  • Geographical distribution of marketing activities

Requirements on sufficient substance

This SSO, like the others in the series, goes slightly beyond the supervisory expectation set in the ESMA General Opinion by clarifying that whilst EU regulatory requirements require, in most cases, a minimum of at least two senior managers that firms, and NCAs supervising them, should not rely on this minimum amount when assessing the nature of the business. This SSO is quite clear that:

"...NCAs should apply additional scrutiny to situations where relocating entities, even those of smaller size employing simple investment strategies and having a limited range of business activities do not dedicate at least three locally-based FTE [full-time employees] (including time commitments at both Senior Management and staff level to the performance of portfolio management and/or risk management functions and/or monitoring of delegates."

Moreover, and in contrast to certain existing supervisory approaches of certain NCAs, this SSO makes it clear that (emphasis added in bold):

"Senior Managers should only be designated with the Compliance function where they can demonstrate that they have the required knowledge and expertise and can commit sufficient time to this function despite their other tasks and responsibilities in the organization."

In contrast to pre-existing supervisory statements, this SSO aims to clarify that:

"Combining the risk, compliance and/or internal audit functions should generally be avoided as this is likely to undermine the effectiveness and independence of these control functions."

This may have a number of knock-on effects for certain firms and BREXIT-plans and merit internal policies that justify the combination of these functions and what monitoring is in place to ensure their continued effectiveness and independence. Interestingly, this SSO reinforces the concept that control functions ought to be consulted prior to strategic decisions being taken. The SSO also reinforces the need for having a separate "escalation procedure" in case of disagreements between internal control functions and operating units. In the case of persisting disagreements, this SSO communicates the supervisory expectation that, pending a failure of senior management and/or the governing/management body to resolve the issue, it be escalated to the NCA.

White-labelling arrangements, outsourcing/delegation and TCEs

The supervisory approach to "white-labelling" arrangements are also discussed in this SSO. These are defined as arrangements:

"...whereby a fund manager provides a platform to business partners by setting up funds at the initiative of the latter and typically delegating investment management functions to those initiators/business partners or appointing them as investment advisers."

ESMA anticipates that this is a business offering that might gain traction following the UK becoming a third-country. NCAs are encouraged to apply scrutiny and vigilance to these arrangements to ensure they remain compliant with the SPoRs.

As in the ESMA General Opinion, the MiFID Investment Protection SSO permits delegation and outsourcing if there is no deterioration to the relocating firm's sufficiency of substance in the EU-27.  Whilst, unlike EIOPA's SPoRs, there is no specific percentage to what may be delegated, this SSO states (absent of a clear definition of what constitutes a "substantial margin") (emphasis added in bold):

"Authorized entities should not delegate investment management functions to an extent that exceeds by a substantial margin the investment management functions performed internally. This assessment must be carried out in relation to and at the level of each individual fund and not in relation to a group of funds. This means that authorized entities must perform investment management functions for each fund they manage and cannot delegate portfolio management and risk management functions for a particular fund in their entirety even where they perform such functions for other funds."

For a number of market participants covered by either of the MiFID Investor Protection SSO and the Fund Management SSO, the contents of the Secondary Markets SSO will likely be of direct relevance or relevant in the context of how their supervized business will operate in the EU-27.

Aims and content of the Secondary Markets SSO

The Secondary Markets SSO introduces SPoRs applicable to MiFID trading venues (regulated markets, multilateral trading facilities (MTFs) and organized trading facilities (OTFs)) i.e. financial market operators and execution venue providers. These SPoRs aim to reduce the regulatory and supervisory arbitrage risks, as well as, systemic risk in over-concentrated interconnectedness, stemming from TCE trading venues relocating to the EU-27. It should come as no surprise that the SPoRs introduced in the ESMA General Opinion, as refined, supplemented and amended in the other two SSOs are given equal resonance and supplementary supervisory expectations in this SSO. The Secondary Markets SSO however gives additional prominence to identifying, mitigating and managing risks arising from outsourcing/delegation by MiFID trading venues.

As with the supervisory objectives of prohibiting "letter box" entities, NCAs are tasked with ensuring that MiFID trading venues do not perform (emphasis added in bold):

"...substantially more key and important activities from a third country by using outsourcing arrangements and in a consequence maintain more relevant human and technical resources in that third country than in the EU. NCAs should therefore require that trading venues do not outsource activities to an extent that exceeds by a substantial margin the activities performed within the EU-27."

The Secondary Markets SSO further clarifies that MiFID trading venues should maintain a "significant proportion" of staff with "significant experience performing key and important activities..." in the EU-27. This may, as with other staff/location ratio driven measures, place pressures for relocating firms on securing appropriate headcount. Consequently, this adds to the need of all SSO covered firms to secure first mover advantage. As with the other SSOs, reverse-branching, i.e., having a non-EU branch of an EU-27 entity will subject that branch to greater scrutiny akin to that applied to more intrusive supervision of outsourcing and delegation arrangements. This will likely have an impact on a number of structures and arrangements.

As in the other SSOs, there is no set definition of what constitutes a "substantial margin," "substantially more key and important activities" nor a "significant proportion of staff," although it is conceivable that relevant NCAs and EU components of the ESFS will assess this on the basis of volumes traded and where key decision makers, governance, risk and control functions sit. As a result, like with other relocation plans affecting financial services providers, market participants and financial market infrastructure providers, the expectation is that a number of positions, but not necessarily persons, will be relocated to the EU-27 so as to comply with the SPoRs and the ESFS' priorities.

Outlook and some next steps for firms affected by the SPoRs in the SSOs

The SPoRs in the ESMA General Opinion have already set a new, more clearly mapped route on how financial services firms will need to structure themselves when relocating to the EU-27 and/or Eurozone-19 as a result of BREXIT or otherwise.

The SSOs take this much, much further and, depending on firm type and structure, might require a number of changes to existing and pending arrangements that will merit earlier consultation and support from external counsel and cross-disciplinary and business unit project teams. As a result, the impact of the SPoRs affected firms ought to:

  • Review existing and pending BREXIT-proofing and relocation plans, some of which might need to be revisited to make sure they comply with the SPoRs;
  • Allocate sufficient time and resources needed in order to take account of potentially more invasive supervisory touchpoints along each of the levels of the ESFS. This also applies to the greater supervisory scrutiny of fitness and propriety of individuals, governance and control functions as well as the written policies and procedures underpinning those systems and controls. For BREXIT-proof workstreams, this might mean retaining appropriate legal and regulatory specialists, both within internal and external project teams that can draft, implement and ensure compliance with EU, Eurozone, respective national levels as well as third-country regimes. This dedicated workstream, whilst needing to be interoperable with license application and relocation workstreams, ought to be run separately so as to have a sufficient degree of independence and an ability to challenge assumptions made by those advising on the relocation; and
  • Provide for longer supervisory processing timelines and greater detail in relation to supervisors dealing with reviews and approvals and/or supervisory inspections. For some firms this might also mean taking appropriate advice as to how their business model might be affected by the supervisory priorities of the relevant components of the ESFS, whether there are any quick wins and how to document and embed processes and policies that evidence compliance with the supervisory expectations and the SPoRs.


1 Available: https://www.esma.europa.eu/file/22278/download?token=Itu5XwcE and see our coverage from our Eurozone Hub.

2 MiFID Investor Protection: https://www.esma.europa.eu/document/opinion-support-supervisoryconvergence-in-area-investment-firms-in-context-united-kingdom

3 Fund Management: https://www.esma.europa.eu/document/opinion-support-supervisoryconvergence-in-area-investment-management-in-context-united

4 MiFID - Secondary Markets: https://www.esma.europa.eu/document/opinion-support-supervisoryconvergence-in-area-secondary-markets-in-context-united-kingdom

5 See: https://www.esma.europa.eu/sites/default/files/library/esma42-110-998_public_statement_on_authorisation_applications.pdf

6 ESMA also maintains a centralised collection of lists of national registers of firms that are regulated as MiFID Investment Firms. This list is updated regularly but may not encompass all firms to whom the SPoRs in this SSO will apply to. A link to the centralized list is available here:


Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.