About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

New Solutions Emerge to Help Firms Address SRD2 Issues

Subscribe to our newsletter

A surge of new solutions is emerging to help firms meet the data challenges of Shareholder Rights Directive II (SRD2), which came into force on September 3, 2020 despite pleas from the industry for a delay due to Covid-19 pressures.

“We ask you to consider, as a matter of urgency, a delay in the implementation date of the Shareholder Rights Directive II and the Implementing Regulations by twelve months, to 3 September 2021,” begged a joint letter sent in April to the European Commission by a consortium of post-trade groups including The European Banking Federation (EBF), the Association for Financial Markets in Europe (AFME), the International Securities Lending Association (ISLA), the Association of Global Custodians (AGC), the European Central Securities Depositories Association(ECSDA), and the Securities Market Practice Group (SMPG).

The associations warned the regulator that it would be “difficult, or nearly impossible, to meet the implementation deadline of 3rd September 2020,” but they now have little choice in the matter. Firms providing share custody are now obliged to disclose client identities and positions when requested to do so by issuers. But fortunately, a wave of new solutions are now emerging onto the market to help them do just that.

This week, data provider Instant Actions joined the fray, with a targeted and ready-to-implement authentication solution to address the data risks created by SRD2. The new service provides globally verifiable company announcement information to the markets and protects intermediaries and shareholders from the risk of unauthorised phishing by authenticating both the validity and identity of the requestor. Once authenticated, the intermediary places the requested shareholder data in a secure, GDPR compliant Data Safe Haven ready for the issuer to retrieve.

Explains James Zorab, CEO of Instant Actions: “Intermediaries can now mitigate against potentially catastrophic reputational and financial risk. Knowing who owns a company is valuable information. Plenty of stock traders watch the activity of company insiders and major institutional shareholders, while investment banks have thrived on intermediating information about shareholders. Securities borrowing desks depend on brokers knowing who owns what so they can source the stock. Which is why the well-informed pore over stock ownership disclosure forms, looking for information on which to trade. It will therefore come as no surprise if unauthorized phishing becomes prevalent on the back of ostensibly legitimate requests for shareholder identity disclosure. We have found ways to protect intermediaries from that threat.”

He adds: “While well-intentioned, the legislation does not sufficiently address the issues of confidentiality, secure communication or the control of this data and so could give rise to the possibility of phishing and fraud. At its worst, firms could be exposed to data breaches on an epic scale.

“There is a very real risk of bad actors masquerading as issuers and obtaining highly sensitive shareholder data. Both the financial consequences and the reputational impact could be crippling for businesses. We were shocked to learn that some intermediaries are planning to communicate this data un-encrypted and by email. Our solution provides a secure, auditable way of locking out bad actors.”

SRD2 requires firms to respond with shareholder data within 24 hours, a very short time to allow them to check that the request has come from a legitimate source, particularly when the request may have been forwarded to them and has not therefore come direct from the original issuer. As a result, the best a financial intermediary can do is to check with the firm above them in the chain of communication that they have carried out their own validation checks. But what happens if the data is inadvertently disclosed? Whose fault will it be? Who will be liable? And how will disputes be resolved?

SRD2 refers to ‘appropriate’ security defences and insists that firms should check whether the request has originated from the issuer. But it does not explain how this should be done, nor does it recognize that such a seismic change in industry workflows might require secure counterparty communications that simply don’t exist today.

And as Zorab points out, GDPR complicates the risk: “How will firms simultaneously satisfy their obligations to disclose data under SRD2 and seek customer consent to keep data private under GDPR? If they get it wrong, they face fines of up to €5m for SRD2 and up to €400m or 4% of turnover for GDPR.”

Instant Actions is not the only firm seeking to help meet these concerns. At the start of September digital investor communications platform Proxymity also launched its new shareholder disclosure solution, Proxymity ID, across all EU markets – with State Street and Citi among the first clients. The first new product to launch from the London-based FinTech since its initial investment raise of $20.5 million earlier this year, it automatically verifies that disclosure requests come from an authorised source, which prevents unsolicited and unapproved requests from being processed. The new disclosure solution complements Proxymity’s core proxy voting solution, Proxymity PV, which was launched last year in Europe and Australia.

“We’re confident that Proxymity ID will make it easier and more cost effective for custodians and intermediaries to manage the new burdens imposed by SRD II,” says Dean Little, CEO and CoFounder of Proxymity. “With Proxymity’s enhanced technology and digital onboarding experience, intermediaries can sign up and start using Proxymity ID within 24 hours and immediately comply with the SRD II legislation, without having to develop their own solution.”

Subscribe to our newsletter

Related content


Recorded Webinar: How to apply innovative e-comms surveillance whilst ensuring control, compliance and enhanced productivity

Remember the days when email was the predominant media for electronic communications within and among financial institutions? Fast forward to today, and email represents a declining fraction of these e-comms, many of which are hosted by modern collaborative platforms such as Microsoft Teams, Webex, Slack, and Zoom, and all of which are subject to surveillance....


Corlytics Buys SparQ from ING in €5 million Deal

Dublin-based Corlytics has acquired ING SparQ, which helps financial institutions identify and implement external regulation more efficiently, in a transaction valued at €5 million. Corlytics will SparQ with its own capabilities to create a unified ‘monitoring to policy’ platform that automates the regulatory change lifecycle and allows firms to update and enforce internal policies and...


TradingTech Briefing New York

TradingTech Insight Briefing New York will explore how trading firms are innovating and leveraging technology as a differentiator in today’s cloud and digital based environment.


Regulatory Data Handbook 2022/2023 – Tenth Edition

Welcome to the tenth edition of A-Team Group’s Regulatory Data Handbook, a publication that has tracked new regulations, amendments, implementation and data management requirements as regulatory change has impacted global capital markets participants over the past 10 years. This edition of the handbook includes new regulations and highlights some of the major regulatory interventions challenging...