CTRL Investments Has Been Sanctioned by the FMA for Failing to Meet Client Suitability

CTRL Investments Limited (CTRL Investments) was sanctioned by the Financial Markets Authority (FMA) for violating the terms of its license regarding customer suitability assessments and outsourcing. The reprimand serves as a timely reminder for derivatives issuers (and other FMA license holders) to reassess their capacity to show to the regulator that they have assessed customer suitability and undertaken appropriate due diligence on providers before outsourcing any of its operations.

Who needs to read it？ Why？

Licensed derivatives issuers should evaluate the censure and, more broadly, the FMA's attention on whether derivatives issuers are generally complying with their licensing responsibilities.

Other FMA licensees, such as managed investment scheme managers, financial advice providers, discretionary investment management service providers, and even financial markets supervisors (ie corporate trustees), should consider whether the FMA has similar concerns about their outsourcing systems and processes.

What does it cover？

The FMA believes that CTRL Investments substantially violated two normal licensing terms by:

• permitting customers who did not grasp derivatives and their associated risks to trade; and

• failure to meet the standards for some outsourcing agreements

The FMA has ordered CTRL Investments to address these shortcomings and design and implement an action plan that must be authorized by the FMA.

Client suitability

As a requirement of their licensing, licensed derivatives issuers must request information from retail investors regarding their expertise, experience, and comprehension of the relevant derivative to determine if the derivative is acceptable for the person. The issuer shall not engage in a derivative with an investor who does not supply the information or does not comprehend it.

The FMA discovered instances of CTRL Investments issuing a warning statement to an investor who could not show the essential skills and expertise, rather than not engaging in the transaction.

Outsourcing

Licensed derivatives issuers must ensure that, if they choose to outsource important processes and systems, a third-party supplier can deliver the service to the requisite quality, allowing the issuer to fulfill their licensing responsibilities. All derivatives issuers must also have legally enforceable agreements with these third-party suppliers.

CTRL Investments outsources its account management, sales, and onboarding operations to a third-party vendor. However, the FMA determined that it could not establish why it was confident the provider was capable of delivering the services or that the parties had a legally binding agreement.

In our opinion

The reprimand of CTRL Investments serves as a reminder to other derivatives issuers of the FMA's attention on whether derivatives issuers are completing their licensing responsibilities.

Derivatives issuers should anticipate the FMA to concentrate on the medium and high-risk sectors outlined in the FMA's 2020 Derivatives Sector Risk Assessment (Assessment) (see our previous alert on this here). In the Assessment, the FMA highlighted, among other things, a high risk that issuers were not taking reasonable procedures to establish whether derivatives were acceptable for retail investors and a medium to high risk that monitoring of outsourced operations was insufficient.

We recommend all derivatives issuers evaluate whether they can show compliance with the client suitability and outsourcing criteria, as well as the other areas of concern mentioned by the FMA in its Assessment.

We believe that derivatives issuers should, in particular, verify the following:

Client suitability checks

• Their client suitability tests involve, among other things, taking into account a customer's past trading experience and comprehension of the risk.

• They retain written records of client appropriateness evaluations; and

• Their client appropriateness assessments are commensurate to the risk of the derivative supplied - for example, the FMA believes that bitcoin contracts for difference are not suitable for most retail investors.

Outsourcing

• They do due diligence on potential outsourcing service providers.

• They have legally binding and enforceable written agreements with their outsourced suppliers; and

• Their outsourcing arrangements include clauses that specify the performance standards required, allow effective monitoring of an outsource provider's performance, allow the issuer to take action where the provider has not performed to the required standard, and allow for periodic review to ensure that the arrangements continue to allow the issuer to meet its regulatory obligations.

Other FMA-licensed firms should assess if the FMA has comparable expectations concerning their outsourcing relationships.

Expectations are appropriately lower than those for systemic registered banks under the Reserve Bank's BS 11 norm. It is evident that the FMA is likewise considering how its licensees might satisfy their clients' demands if vital services are outsourced.