FMA publishes various CoFI licensing materials

  • Legal update

    30 November 2022

FMA publishes various CoFI licensing materials Desktop Image FMA publishes various CoFI licensing materials Mobile Image

The Financial Markets Authority (FMA) has released today a suite of materials to help financial institutions continue with preparations for the conduct regime under the Financial Markets (Conduct of Institutions) Amendment Act 2022 (CoFI). 

The published materials include:

Some of our previous updates on CoFI are as follows:

Who needs to read it? Why?

The CoFI regime covers registered banks, licensed insurers, and licensed non-bank deposit takers, and applies broadly to relevant services and associated products provided by those specified financial institutions (including financial businesses and intermediaries who deal with them). 

The Licence Application Guide is designed to provide clarity on how to complete the licence application process, which opens on 25 July 2023. The FCP Information Sheet is a resource to help entities prepare their FCP, which is a necessary part of fulfilling the licensing requirements.  

Summary of published materials 

We summarise the FCP Information Sheet and provide some high-level comments on the Licence Application Guide and final standard conditions below.  

FCP Information Sheet

The FCP Information Sheet provides information about FCPs, including elements of what the FMA considers to be good practice for establishing, implementing and maintaining an FCP. The examples in the FCP Information Sheet are suggestions to help financial institutions meet their obligations under the Financial Markets Conduct Act 2013 (as amended by CoFI) (FMCA). The FMA stresses that the examples are not exhaustive, are illustrative in nature, and are not intended to impose any additional obligations or requirements above what is set out in the legislation and regulations.

Setting the context: 
  • Financial institutions will need to demonstrate how they have had regard to the section 446J(2) factors and may achieve this by including commentary about this in their FCPs.
Roles and responsibilities: 
  • The FCP should include the key roles or types of roles within the financial institution, and provide detail about the responsibilities of each role or type of role in relation to fair conduct. The FMA notes that where, for example, a financial institution has existing processes or frameworks to articulate responsibilities, it may choose to incorporate conduct responsibilities into these, rather than creating new tools specifically for conduct responsibilities.
Approval of the FCP: 
  • Financial institutions operating as a group of related entities (e.g., where there may be one or more authorised bodies on the financial institution’s licence) may determine it is appropriate and efficient to have a single FCP that covers all of the financial institutions within the group.
  • The governing body should review the FCP to consider its adequacy and effectiveness, and recommend changes where appropriate. The FMA expects that the final approval of the FCP will be provided by the governing body and should be documented in the FCP. Where a single FCP is in place to cover two or more financial institutions within a group, the approval of the FCP by each governing body should be clearly documented.
Communication and training:
  • Financial institutions will need to determine the frequency, delivery methods and content of initial and regular ongoing training for employees, ensure this is appropriate for the employees’ work in providing the relevant services or associated products to consumers, and should review and update content to reflect insights from assurance activities and changes to the business and its conduct risks.
Assurance:
  • Financial institutions to have assurance processes to assess the effectiveness of their FCP. For example, processes may comprise internal control or quality testing, measurement against performance indicators, review by an independent party such as an auditor or compliance consultant, or other assurance activities. The FMA notes that some financial institutions which are already licensed under the FMA and required to have a compliance assurance programme may use that programme to provide assurance regarding the effectiveness of their FCP. 
  • The FMA also considers financial institutions may find it helpful to assess the effectiveness of their FCP following its establishment and implementation, and following implementation of material changes to the FCP.
Review of the FCP:
  • Financial institutions should consider identifying trigger events that will prompt a review of all or parts of their FCP, and that the review of the FCP should consider the results of the financial institution’s assurance processes.
  • Financial institutions should be able to demonstrate when they have undertaken a review of their FCP and the outcomes of the review, including steps taken to remediate any deficiencies. Version control within core documents is one way to demonstrate this. 
  • The FMA also expects that the outcome of reviews (including highlighting any material deficiencies) is shared with the financial institution’s governing body, and that approval of any material changes is also obtained from the governing body. 
Reporting and governance:
  • Governing body to set clear expectations for senior management about the fair treatment of consumers, and take accountability for those expectations being met.
  • The FMA suggests the use of both lead and lag indicators, and data from different sources, to provide the governing body with an overall sense of the financial institution’s conduct towards consumers.
Resourcing:
  • Financial institutions will have and maintain sufficient financial and human resources at all levels of the organisation to establish, implement and maintain their FCP. For example, when a new product is launched for sale to consumers, there should be sufficient investment to ensure that its operation on the financial institution’s IT systems is accurate and aligns with how the product is described and marketed to consumers. 
  • Financial institutions also need to ensure their Board of Directors and senior management have sufficient capability to govern conduct and manage conduct respectively. 
Licence Application Guide

The Licence Application Guide takes a similar form to other licence application guides. It is primarily split into sections focussing on confirmations in relation to the financial institution’s FCP, authorised bodies, as well as fit and proper questions for directors and senior managers.

The FCP section requires financial institutions to have established their FCP prior to completing the application and cross refers to commentary contained in the FCP Information Sheet, standard conditions and references to CoFI requirements under the FMCA. 

The authorised body section asks if the authorised body’s FCP is the same as the FCP of the financial institution licensee. If it is the same, there will be a reduced set of questions to answer about the authorised body. If it is not the same, then the full set of licence application questions that are outlined in the FCP section will need to be answered in relation to the authorised body. 

Final standard conditions 

For the most part, the standard conditions are similar to the standard conditions that were consulted on a few months ago.

However, financial institutions should review some clarifications that were made in relation to standard condition 5 (Business continuity and technology systems) and standard condition 6 (Record keeping).

Similar to other licensed regimes, the only regulation that imposes an additional licence condition on a financial institution licence is regulation 191 of the Financial Markets Conduct Regulations 2014, which is a general reporting condition when certain events occur. 

Our view

We are pleased to see the Licence Application Guide and FCP Information Sheet has been published earlier than the FMA initial expected (i.e., late December 2022/early 2023). This means financial institutions will have a little more time (which is much needed) to consider the FMA’s expectations as they prepare their FCP and licence application – at the earliest by 25 July 2023, which is when submissions open. 

Financial institutions taking next steps towards producing a FCP should consider:
  • the FMA’s guidance material when drafting their initial FCP (which must be submitted as part of the initial licence application); 
  • any work already undertaken to establish a FCP is consistent with the newly published materials;
  • how they will integrate existing and new policies, processes, systems, and controls (noting that captured entities will already have similar programmes in place in relation to different regimes, such as the recent Consumer Credit Contract reforms);
  • conducting a gap analysis on existing policies, processes, systems, and controls across a range of business units to ensure these satisfy the minimum requirements of a FCP (section 446J) and support compliance with the fair conduct principle. We would expect that many financial institutions will have uplifted these aspects following the earlier conduct and culture reviews of banks and insurers. Where gaps are identified, new policies, processes, systems, and controls would need to be set up.  

A number of financial institutions have been concerned that the CoFI standard conditions duplicate or overlap with requirements of other regulators (such as the Reserve Bank) and believed that such conditions were appropriate to prudential regulation and not conduct regulation. In the summary of key feedback themes in response to the RIS, the FMA addressed this concern. It noted that financial markets in New Zealand are regulated under a “twin peaks” model - the Reserve Bank’s remit is prudential regulation and FMA’s remit is conduct regulation. They view a financial institution’s responsibilities differently.

The FMA noted that it cannot rely on conditions imposed on licences issued by other regulators, or on obligations enforced by other regulators under other regimes, to monitor financial institutions under its remit.

The FMA also acknowledged the regulatory and cost burden associated with being licenced under separate regimes and provided reassurance that to minimise duplication, it has worked with the Reserve Bank when developing and finalising the licence conditions. While this is good to see, it would have been useful for the FMA to provide some guidance and expand on how such duplication can be minimised and overlapping licence conditions can be integrated from a practical perspective. 

What next?

In early 2023, the FMA will publish draft intermediated distribution guidance for consultation, and the Ministry of Business, Innovation and Employment is expected to confirm the date that CoFI will come into force and the fees that will be charged for licence applications. 

Financial institution licence applications will open for submission on 25 July, 2023. The FMA is aiming to process applications within 60 working days of receiving a complete licence application. The FMA notes in the Licence Application Guide that it will continue to accept applications at any time. 

CoFI is expected to come into force early 2025, by which time all existing banks, insurers and non-bank deposit takers must have a financial institution licence. 

If you have any questions in relation to CoFI or the published materials, or would like assistance in understanding what these mean for your business, please contact one of our experts. 

This article is co-authored by Shaanil Senarath-Dassanayake, a Solicitor in the Financial Services Team.