April 2023
The IOSCO principles constitute for the supervisory entities, the cornerstone of the international regulation of the securities markets, its inalienable objectives are the investors` protection, the existence of efficient and transparent markets and the reduction of systemic risk.
The IOSCO principles consist of 38 objectives, divided into 7 different sections. Principles 1 to 8 refer to regulators; principle 9 to self-regulation; principles 10 to 12 to supervisory activities; principles 13 to 15 to international cooperation; principles 16 to 18 to issuers and securities issues; principles 19 to 23 to auditing, rating agencies and third party service providers; principles 24 to 28 to collective investment institutions; principles 29 to 32 to market intermediaries; principles 33 to 37 to secondary markets and other markets; and principle 38 to the clearing and settlement of securities that is developed in the principles of the CPMI-IOSCO on this matter.
The IOSCO principles constitute one of the priority international standards and codes, recognized by the FSB (Financial Stability Board) and the IMF (International Monetary Fund), when examining and evaluating the adequacy of financial systems.
Securities market supervisory bodies are an essential piece on which national and international financial ecosystems rest. The complexity and dynamism of financial markets, the growing internationalization process and the needs arising from the recent financial and economic crises have led the IOSCO Board to commission the IOSCO Assessment Committee to prepare a review report on the implementation of its principles 1 to 5.
In the review exercise, 55 jurisdictions have participated, from different geographical areas and with different degrees of development. The Final Report does not qualify the jurisdictions involved, but rather identifies differences in the implementation of the principles and good practices, approves recommendations and identifies areas that could be developed in the immediate future by IOSCO.
IOSCO principles 1 to 5, the subject of this Report, deal with the responsibility of regulators, the independence in the exercise of their functions, personal and material capacity, regulatory processes and the requirements that regulators’ staff must comply with.
Principle 1: Regulators’ responsibilities must be clear and objectively established
The implementation of this principle is high in most jurisdictions, notwithstanding some detected deficiencies, especially in emerging markets.
A relevant aspect of this principle is the jurisdictions where the supervisory competence falls on more than one authority, for example, in jurisdictions that have adopted a “twin peaks” system or where there is a multiplicity of regulators. In these cases, the existence of supervision and information exchange agreements (MoUS) between authorities is identified as a good supervisory practice.
An example given in the report is the United Kingdom, where the FCA (Financial Conduct Authority) has to exercise its functions in coordination with the prudential authority PRA (Prudential Regulatory Authority) in matters related to both regulatory risk and financial stability as well as the treatment of the insolvency of investment services companies. In their annual reports, both British authorities must include the strengths and weaknesses identified in the aforementioned coordination.
Weaknesses have been detected in the implementation of this principle in the supervisory authorities of Palestine and North Macedonia. The analysis carried out detects that the regulation of both countries must be clearer in relation to the functions and powers of the supervisory authorities. In the rest of the jurisdictions the degree of compliance is high.
Principle 2: The regulator must be independent and accountable in the exercise of its powers and functions
This principle is based on the need to prove that supervisors/regulators can exercise their regulatory and supervisory functions, without external political or commercial interference. Regulators must have sufficient economic resources to exercise their powers and responsibilities, as well as possess adequate legal protection when they act in good faith, “bona fide,” in the exercise of their functions.
The Report confirms that financing in most jurisdictions is obtained from the market, through fees from different activities (registries, authorizations, supervision, licenses, …), as well as by the sanctions imposed derived from enforcement activities.
In some jurisdictions, the legal regime that establishes and modifies fees and penalties requires prior government authorization, which may affect the independence of supervisory authorities.
In Luxembourg, New Zealand, China and Australia, funding comes from the private financial sector, however, in exceptional circumstances, such as low market activity or widespread insolvency, they may obtain public funding.
In jurisdictions such as Liechtenstein, Gibraltar and India, funding is mixed, coming from both sources, private from the market and public from their governments.
IOSCO principle 2 demands that the jurisdictions prove the existence of a judicial system that reviews the administrative decisions adopted by the supervisory entities and a robust regulatory system with sufficient safeguards to manage and protect the reserved and confidential information managed by the staff of the supervisors in the exercise of their functions.
Another aspect of the principle is the need to articulate adequate legal protection for both the board and the staff of the regulators, when they act in good faith “bona fide” in the exercise of their functions. Most jurisdictions have responded that they do.
In France there is no specific legal protection or privileges of any kiind for the staff of the AMF supervisory authority. In Italy, the supervisory authority CONSOB has approved an internal resolution to reimburse all legal costs that its staff have had to pay when the legality of their actions is accredited before the courts.
In England, all FCA staff are protected against any liability action in the performance of their duties. The British authority covers all the legal costs of protecting its employees.
Most of the jurisdictions are independent in the exercise of their functions. However, there are particularities such as Hong Kong, Japan, Australia, England and India where government authorities have certain powers in relation to the development of the functions of their supervisory authorities.
In Italy, Gibraltar, Thailand, Japan, the government and/or ministerial bodies have powers in relation to the authorizations and licenses of certain market participants.
Principle 2 also develop the election and removal of the members of the councils of the supervisory authorities. In most jurisdictions, experience, appropriate training, integrity and independence are required for appointment. The removal of their charges in most jurisdictions is usually due to justified reasons, such as sudden incapacity, breach of their obligations or irregular conduct with criminal effects.
The report identifies legal deficiencies in Japan and Mexico, where it would be advisable for the regulation to establish assessed periods of duration, as is the case in most jurisdictions.
Principle 3: The regulator must have adequate power, sufficient resources and adequate capacity to carry out its functions and exercise its powers
The capacity of the supervisors must be adequate to deal with ordinary and extraordinary situations and be proportional to the size, complexity and type of the market where the supervisor develops his powers.
Principle 3 states that supervisors should have adequate powers to grant licences, exercise supervisory, inspection and investigative activities, as well as have sufficient financial capacity to attract and retain talent. The development of financial education must be another function that cannot be delegated.
In Luxembourg, the CSSF supervisory authority increases its budgets based on the size of the market and the number of supervised entities. In Spain, if the economic resources obtained by the CNMV exceed the needs of the service, the surplus is accumulated in a reserve to cover both losses from previous years and future needs.
In Portugal, at CMVM, there is a specific committee that oversees the implementation of the budget. In England, the FCA conducts an annual public consultation on existing fee changes. In other jurisdictions, there is flexibility to channel economic resources based on risk analysis and the unique structure of their securities markets.
In Slovenia, Brazil, Mexico and Spain, government authorization is needed to increase the salaries of supervisory authority staff. In Spain and Brazil, hiring personnel requires prior government authorization, which makes it difficult to attract and retain talent.
The report has detected good practices to retain talent, such as staff rotation, internship plans at another supervisor or in the financial industry, civil liability insurance, pension plans and flexibility in working hours, among other measures.
Principle 3 emphasizes the importance of investor protection and financial education.The most common tool used by supervisors is the inclusion of information on the regulators’ website, where investors are informed about a wide range of issues, such as financial fraud, investor rights, the structure and content of the products and the existence or not of entities authorized to provide financial services.
In Portugal, there is a National Financial Education Plan, in Greece the Greek supervisory authority (HCMC) has an information department that manages inquiries, claims and complaints from citizens for violations of the regulation on securities markets.
In Spain, Brazil and Belgium there are specific departments that manage investor claims and/or financial education. In Australia, there is a specific scheme to support teachers in teaching financial education classes. In Belgium, the offices of the supervisory authority FSMA are the national center for financial education.
Principle 4: The regulator must act with consistent and clear regulatory processes
This principle establishes that regulatory authorities must adopt consistent and clear regulatory processes. Regulators must make the principle of information transparency a reality through consultations and public processes, involving interested parties, with a cost-benefit analysis when proposing and adopting legislative initiatives.
In the European Union, the European Commission carries out an impact analysis of new regulations in the financial sector, even before they are proposed. In Australia and New Zealand, cost- analysis is mandatory.
In France, there are six advisory commissions formally constituted to assist the AMF council on matters related to retail investors, markets, clearing, settlement and custody, portfolio management, financial disclosure, and the recently created commission on sustainability and climate change.
There are other good practices identified such as the motivation for regulatory decisions, the possibility of administrative review and subsequent judicial review at the request of the interested parties.
In relation to the confidentiality of the information used by the staff of the regulators, most of the jurisdictions have a specific regulation. The investigative and sanctioning files are not usually public until their final completion. The legislation on personal data requires it.
Regarding the application of this principle, the report details the Italian case, in which its securities supervisor, CONSOB, has approved specific manuals for calculating the amount of fines for disciplinary proceedings, manuals for on-site inspections and manuals to manage investor claims, among other internal initiatives. In England, the FCA has approved specific rules that explain its functions related to supervision, consumers, authorizations and supervision and inspection activities.
Principle 5: Regulatory staff must observe the highest professional standards, including standards of confidentiality
Principle 5 establishes that conflicts of interest must be avoided and the acquisition of securities by staff must be regulated. Likewise, the management of confidential information and data protection by the supervisors’ staff in the exercise of their functions should be regulated. It also advises the existence of Codes of Conduct in the internal regulation of the supervisory authorities.
In France, there are specific rules to manage conflicts of interest, such as the existence of a “cool off period” applicable to the board and staff of the supervisory authority, who cannot leave the AMF to go to work at an entity that has been supervised in the last three years. Similar regulations exist in Spain and in neighboring countries.
In England, the staff of the British authority must follow a specific conflict of interest policy that requires declaring existing or emerging conflicts of interest, with disciplinary consequences in case of non-compliance.
In Luxembourg, the CSSF has approved a Code of Conduct that distinguishes between those private financial transactions that do not require authorization, those that require notification; those that are prohibited; and those that must be approved by the executive board of the supervisory authority.
In relation to the management of confidential or reserved information, most jurisdictions have specific data protection departments, to safeguard the balance between public supervision and inspection functions and the protection of the privacy of individuals and entities. supervised.
In Italy and Spain, the internal regulation of supervisors requires that the staff of the regulators act with due diligence in the exercise of their functions. In Luxembourg, standards of integrity, impartiality and thoroughness are required.
In most jurisdictions there are specific sanctions to punish non-compliance with these principles, which adopt modalities such as salary reductions, pecuniary sanctions, demotion of functions, loss of vacations, suspension of employment and salary, dismissal and disqualification from the exercise of functions. public.