Asset Management & Investment Funds: EU & International Developments - May 2018


European Framework for Threat Intelligence-based Ethical Red Teaming (TIBER-EU) - an ECB framework for testing resilience to cyber attacks. 

The European Central Bank (ECB) published TIBER-EU, which is the first EU-wide framework for controlled and bespoke tests against cyber-attacks in the financial sector. It will facilitate testing for cross-border entities under oversight of several authorities.

TIBER-EU is designed to enable EU and national authorities to work with financial institutions and infrastructures to implement a programme to test and improve their resilience against sophisticated cyber-attacks. An intelligence-led red team test involves the use of a variety of techniques to simulate an attack on an entity's critical functions and underlying systems (that is, its people, processes and technologies) to help the entity to assess its protection, detection and response capabilities.

The framework document provides an overview of TIBER-EU and how it will be implemented across the EU, with details of the key phases, activities, deliverables and interactions involved in a TIBER-EU test.

In its press release, the ECB encourages relevant authorities to engage with each other to determine how best to adopt and implement TIBER-EU. Financial infrastructures and institutions are encouraged to work closely with their regulators to establish a framework that will enhance the cyber resilience of their sector. Implementation will be monitored by the TIBER-EU knowledge centre (TKC).

UK Investment Association and KPMG Report on building cyber resilience in asset management sector

The Investment Association (IA) published a report, ​​produced jointly with KPMG, on building cyber resilience in asset management. The report provides an overview of the key cyber security risks facing the asset management sector. It also provides guidance on the practical steps firms can take to protect their business from cyber-attacks, and considers the advantages of a more collaborative sector-wide response to tackling cyber threats. In particular, the report calls on boards and senior management at firms to increase collaboration across the sector, and invest in developing a cyber-response framework that allows firms to rapidly detect, respond and recover from, potential attacks.

In its press release, the IA explains that to help firms with cyber resilience it has also launched a Cyber Security Committee to work with firms, regulators and public authorities to develop industry guidance on cyber security.

The City UK, in conjunction with Marsh, recently published a guide for company boards on governing cyber risk.

Revision of depositary safekeeping duties under AIFMD and the UCITS Directive

The European Commission issued 2 draft amending regulations in respect of:

The draft regulations set out detailed requirements where custody is delegated to a third party.They build on an opinion issued by ESMA in July 2017 and discussed here. The opinion set out suggestions for possible clarifications of the legislative provisions under AIFMD and the UCITS Directive relating to the asset segregation requirements in case of delegation of safe-keeping duties by the depositary of a fund (UCITS or AIF) and the application of depositary delegation rules to CSDs. The draft regulations aim to ensure a consistent approach across the EU and address concerns arising because securities and insolvency laws are not harmonised throughout the EU. The ESMA opinion followed ESMA work on these topics which began with a consultation paper published in December 2014 and was followed by a Call for Evidence  published in July 2016

Feedback on the draft regulations is invited up to 26 June 2018.

Depositaries will have a six month transitional period after publication of the regulations in the Official Journal of the EU to adapt to the new requirements.

ESMA's company portal

ESMA launched a new companies' register which hosts information on whether a financial service provider is authorised within in the European Union, including for:

  • UCITS management companies
  • AIFMD fund managers including funds managed/marketed in the Union
  • MiFID Investment firms including Systematic Internalisers
  • MiFID Trading venues
  • MiFID data reporting service providers

The portal also provides reference to sanctions applied by the competent authorities in the Member States under several pieces of European legislation.

ESMA Q&A on the UCITS Directive

ESMA updated its Q&A on the application of the UCITS Directive to include a new Q&A on the application of remuneration disclosure requirements to staff of the delegate of a UCITS ManCo to whom investment management functions (including risk management) have been delegated.

The Q&A clarifies that the remuneration-related disclosure requirements under Article 69(3)(a) of the UCITS Directive do also apply to the staff of the delegate of a management company to whom investment management functions have been delegated. The Q&A also clarifies that, in line with the approach followed under the UCITS Remuneration Guidelines (para 16]), ManCos can ensure compliance in one of the following two ways:  

  • where the delegate is subject to regulatory requirements on remuneration disclosure for its staff to whom investment management (including risk management) activities have been delegated that are equally as effective as those under Article 69(3)(a) of the UCITS Directive, the ManCo should use the information disclosed by the delegate in order to fulfill its obligations under Article 69(3)(a) of the UCITS Directive; or
  • in other cases, appropriate contractual arrangements should be put in place with the delegate allowing the ManCo to receive (and disclose in the annual report for the relevant UCITS that it manages) at least information on the total amount of remuneration for the financial year, split into fixed and variable remuneration, paid by the ManCo, the investment company and, where relevant the UCITS itself to the identified staff of the delegate – and the number of beneficiaries, and, where relevant, the performance fee – which is linked to the delegated portfolio. This means that the disclosure should be done on a prorated basis for the part of the UCITS’ assets which are managed by the identified staff within the delegate.

In both of these scenarios, the disclosure may be provided on an aggregate basis i.e. by means of a total amount for all the delegates of the ManCo in relation to the relevant UCITS.


ESMA published an updated version of its Q&As on investor protection and intermediaries topics under the MiFID II Directive and MiFIR. ESMA added new Q&As or updated existing Q&As concerning:

  • Best execution
  • Client categorisation
  • Provision of investment services and activities by third country firms.

ESMA also updated a question on the supervisory responsibilities of competent authorities in host member states when a UCITS ManCo or AIFM provides investment services through a branch established in the host member state.

ESMA also updated its FAQs on transitional transparency calculations for equity and bond instruments required under the MiFID II Directive and MiFIR.

ESMA also updated its Q&As on data reporting under MiFIR.

Money Market Fund Regulation on reporting templates

Commission Implementing Regulation (EU) 2018/708 laying down implementing technical standards for the template to be used by managers of money market funds when reporting to competent authorities was published in the Official Journal of the EU.

ESMA Q&As on Benchmarks Regulation

ESMA published an updated version of its Q&As on the implementation of the Benchmarks Regulation. A new Q&A 8.2 has been added relating to the updating of prospectuses and how prospectuses should include reference to the register of administrators and benchmarks.

ESA's consultation on EMIR risk mitigation techniques for uncleared OTC derivatives in the context of STS securitisations.

The ESAs published a consultation paper on draft regulatory technical standards (RTS) amending Delegated Regulation (EU) 2016/2251 on RTS on risk mitigation techniques for OTC derivative contracts not cleared by a central counterparty (CCP) under Article 11(15) of EMIR in the context of simple, transparent and standardised (STS) securitisations under the Securitisation Regulation ((EU) 2017/2402). The consultation closes on 15 June 2018.

Anti-Money Laundering / Combating the Financing of Terror / Corruption


The Council of the EU announced that it has adopted the proposed Fifth Anti Money Laundering Directive (5AMLD). We await publication of 5AMLD in the Official Journal of the EU.

For more information please contact a member of the Asset Management & Investment Funds Team.

Date publised: 01 June 2018