Regulatory Roundup: 2024 Global Regulatory Outlook

What are regulators looking at in 2024?

As we dive into 2024, it is worth pausing to review what securities regulators plan to focus on through the year. More recently, securities regulators have pushed back against their reputation of opaqueness in trying to publish their priorities for the coming year, for example, the United States Securities and Exchange Commission’s (SEC) Exam Priorities Report and the European Securities and Markets Authority’s (ESMA) Annual Work Program. We did a roundup of what regulators published in the past few months and their respective plans for the coming year to get a temperature of what may be in store for 2024. I’ll delve deeper into specific jurisdictions separately, but for this analysis, we’ll highlight some of the relatively new as well as common themes across those regulators.

Artificial Intelligence

The potential risks and opportunities of emerging technologies like artificial intelligence (AI) have been a critical new focus for regulators globally. The SEC has included emerging technologies as a focus area in previous years’ Exam Priorities; however, this is the first year that AI has been specifically mentioned. SEC Chair Gary Gensler increasingly discussed AI in his statements throughout last year, even coining the term “AI-washing.” AI-washing refers to businesses making unfounded AI claims to the public and is named after a similar concept - “greenwashing” - where businesses tout unfounded environmental claims.

FINMA, the Swiss Financial Markets Authority, specifically called out AI and outlined some concerns and guidances in its Annual Risk Monitor. The Swiss government body noted four risks it expects the industry to manage:

1. Governance and Responsibility, in particular, that the responsibility for decisions cannot be delegated to AI.
2. Robustness and Reliability, meaning that both the models and the data need to be open to critical questioning. 
3. Transparency and explicability, relating to tools explainability.
4. And non-discrimination, which may be unintentional, for example, due to small training data sets.

In its 2024 Regulatory Oversight Report, the US Financial Industry Regulatory Authority (FINRA) also flagged AI as an emerging risk. They organization noted similar risks to FINMA. Additionally, it identified 11 areas in which firms may consider paying particular focus. These include anti-money laundering (AML), Model Risk Management, Regulation Best Interest (RegBI) and Supervision.

Expect to see more on AI in the coming year as what has come out so far has shown the breadth regulatory touchpoints could span, from concepts as disparate as AI-washing to AI discrimination and areas as varied as model risk management to a firm’s fiduciary obligations.

Operational Resilience

Operational resilience is also a key theme for regulators globally going into 2024. DORA, the EU Digital Operational Resilience Act, will require compliance in January 2025 and occupies a large portion of ESMA’s 2024 Work Program. DORA establishes technical standards for financial entities and their third-party technology service providers. As a sign of its significance, ESMA recently made cyber risk a new Union Strategic Supervisory Priority (USSP), replacing market data quality. The USSPs help ESMA coordinate and focus supervisory action with the national authorities.

ASIC, the Australian Securities and Investments Commission, added technology and operational resilience for market operators and market participants as a new enforcement priority for 2024, which is in addition and related to the new market integrity technology and operational resilience rules introduced in 2023. 

FINRA’s 2024 Oversight Report adds references to the SEC’s new cybersecurity rules relating to the disclosure of incidents and notes the proposed, not yet adopted, cybersecurity risk management rule, which would require establishing written cybersecurity policies and procedures.

Many jurisdictions included new operational resilience rules in 2023. As we go into 2024/2025, we see a greater focus on implementation and enforcement.

Crypto Assets

Though the popularity of crypto has ebbed and flowed, the regulatory focus remains steady into 2024. FINRA’s 2024 Oversight Report included a section relating to crypto assets for the first time. The report covered considerations for FINRA members engaged in crypto activities, as well as surveillance themes and effective practices. FINRA flagged communications with the public, supervision, and AML in their key surveillance themes. Interestingly, when pointing out the types of market abuse that crypto assets are susceptible to, they stated that bad actors engaged in schemes similar to those in equity markets, using pump and dump as an example, while pointing out the prominence of social media in those schemes.

In the EU, Markets in Crypto Assets (MiCA) was approved in 2023, but you can see in ESMA’s 2024 work program a plan and focus on helping finalize a number of technical standards and guidelines that support it. The planned date for the full application of MiCA is December 2024.

Most 2024 plans and priorities covered crypto in some capacity, and it is a safe bet to say that the consistent regulatory gaze will continue through the year. 

Greenwashing and Sustainability Disclosure

The International Organization of Securities Commissions (IOSCO) included sustainability disclosure as one of its higher-profile priorities for its 2023/24 work program, endorsing the inaugural sustainability disclosure standards of the International Sustainability Standards Board (ISSB) in the second half of 2023. At the same time, environmental, social and governance (ESG) disclosures were the new Union Strategic Supervisory Priority (USSP) for ESMA going into 2023. For individual regulators, we saw increased focus in 2023, and the review of recent 2024 plans shows most continue to place these as a focus area for the coming year, for example, ASIC in their 2024 enforcement priorities. An interesting exception is the US SEC, which dropped ESG from its 2024 Examination Priorities report, though it is expected to rule on new climate disclosure standards in 2024.

Regulators have demonstrated they are committed to improving this space, and we’ll undoubtedly see greenwashing and sustainability disclosure continue to generate a lot of activity at the policy level in 2024.

Regulatory Updates

16 January: The European Parliament voted to adopt the revised Markets in Financial Instruments Regulation (Mifir) and the Second Markets in Financial Instruments Directive (Mifid II). The amendments include the establishment of an EU-wide consolidated tape for bonds and a general ban on payment for order flow (PFOF), with a phased-out approach for member states currently allowing PFOF. The European Securities and Markets Authority (ESMA) will define the technical standards, and the implementation of the consolidated tapes for equities and derivatives is planned for the coming years.

11 January: The SEC approved the first U.S.-listed exchange-traded funds (ETFs) to track bitcoin. The SEC approved 11 applications, including from BlackRock, Valkyrie, Ark Investments/21Shares, Fidelity, Invesco, and VanEck. This development is expected to bring a significant amount of investment in the range of $50 billion to $100 billion.

10 January: FINRA published its 2024 Annual Regulatory Oversight Report, providing member firms with insights and observations from recent FINRA regulatory operations activities. The report covers various topics, including crypto-asset developments, cybersecurity incidents, anti-money laundering, Reg BI and Form CRS implementation, and the Consolidated Audit Trail. It offers considerations for firms’ compliance programs, noteworthy findings, effective practices, and additional resources for fulfilling compliance obligations.

9 January: The SEC’s official X account was hacked, leading to a false announcement that the agency had approved exchange-traded funds holding bitcoin. Chair Gary Gensler quickly disavowed the post, stating that it was unauthorized and that the SEC had not approved such products. Bitcoin briefly surged before the correction was made, and the SEC will be investigating the incident for unauthorized access and misconduct.

8 January: The Subcommittee on Digital Assets and Blockchain Technology of the U.S Commodity Futures Trading Commission (CFTC) published a report on Decentralized Finance (DeFi) with recommendations to policymakers and industry to better understand and mitigate the risks presented by DeFi. The report disclaims that it reflects the work of the subcommittee and does not necessarily reflect the CFTC.

1 January: The U.S. Department of Treasury passed the Corporate Transparency Act in 2021, which took effect at the start of 2024. The law is designed to eliminate anonymity in business ownership that had allowed bad actors to hide illicit financial dealings and launder money. It will require more than 30 million small and medium-sized businesses to report ownership information to the Financial Crimes Enforcement Network (FinCEN), and failure to report the information could result in fines or two years of jail time.

Enforcement Actions

The Federal Energy Regulatory Commission (FERC) charged Vitol Inc. and one of its traders for manipulating the power market in California in 2013 by running a scheme to sell physical power at a loss to cause prices in another market to react. Vitol will pay $2.3m and its trader will pay $75,000 to settle the allegations.

A federal jury in Manhattan found a former Pfizer employee guilty of insider trading for purchasing stock options just before the company announced positive clinical trial results for the COVID antiviral drug Paxlovid.

The United States Attorney for the Southern District of New York announced the sentencing of two California men to 18 months and five months, respectively, for participating in an insider trading scheme. They traded on valuable material and non-public information about Lumentum Holdings Inc.’s planned acquisitions, resulting in millions of dollars in illegal gains. 

The SEC settled charges against J.P. Morgan Securities LLC (JPMS) for preventing hundreds of advisory clients and brokerage customers from reporting potential securities law violations to the SEC, violating whistleblower protection rules. According to the SEC’s order, JPMS asked retail clients to sign confidential release agreements if they had been issued a credit or settlement of more than $1,000 from the firm. The agreements required the clients to keep confidential the settlement, all underlying facts relating to the settlement, and all information relating to the account at issue. In addition, even though the agreements permitted clients to respond to SEC inquiries, they did not permit clients to voluntarily contact the SEC. JPMS has agreed to pay an $18 million civil penalty to resolve the charges. 

The SEC charged Morgan Stanley & Co. LLC and its former head of equity syndicate desk with a multi-year fraud involving the disclosure of confidential information about the sale of large quantities of stock known as “block trades." Certain staff at Morgan Stanley’s equity syndicate desk disclosed non-public, potentially market-moving information concerning impending block trades to select buy-side investors despite the sellers’ confidentiality requests with the understanding that those investors would use the information to “pre-position” by taking a significant short position in the stock that was the subject of the upcoming block trade. The firm agreed to pay more than $249 million to settle fraud charges and for failing to enforce information barriers.

The Dubai Financial Services Authority (DFSA) fined R.J. O’Brien (MENA) Capital Limited $1,368,767 (AED 5,023,375) for violations of DFSA legislation, including inadequate compliance systems. The firm offered an Enforceable Undertaking (EU) to address the failings and settled the matter with the DFSA. 

Featured Content

Running an Effective Surveillance Program

Social Media Monitoring with Market Surveillance Tools

Challenges of Effective Surveillance in Fixed Income Markets