A-Team Insight Blogs

New Solutions Emerge to Help Firms Address SRD2 Issues

Share article

A surge of new solutions is emerging to help firms meet the data challenges of Shareholder Rights Directive II (SRD2), which came into force on September 3, 2020 despite pleas from the industry for a delay due to Covid-19 pressures.

“We ask you to consider, as a matter of urgency, a delay in the implementation date of the Shareholder Rights Directive II and the Implementing Regulations by twelve months, to 3 September 2021,” begged a joint letter sent in April to the European Commission by a consortium of post-trade groups including The European Banking Federation (EBF), the Association for Financial Markets in Europe (AFME), the International Securities Lending Association (ISLA), the Association of Global Custodians (AGC), the European Central Securities Depositories Association(ECSDA), and the Securities Market Practice Group (SMPG).

The associations warned the regulator that it would be “difficult, or nearly impossible, to meet the implementation deadline of 3rd September 2020,” but they now have little choice in the matter. Firms providing share custody are now obliged to disclose client identities and positions when requested to do so by issuers. But fortunately, a wave of new solutions are now emerging onto the market to help them do just that.

This week, data provider Instant Actions joined the fray, with a targeted and ready-to-implement authentication solution to address the data risks created by SRD2. The new service provides globally verifiable company announcement information to the markets and protects intermediaries and shareholders from the risk of unauthorised phishing by authenticating both the validity and identity of the requestor. Once authenticated, the intermediary places the requested shareholder data in a secure, GDPR compliant Data Safe Haven ready for the issuer to retrieve.

Explains James Zorab, CEO of Instant Actions: “Intermediaries can now mitigate against potentially catastrophic reputational and financial risk. Knowing who owns a company is valuable information. Plenty of stock traders watch the activity of company insiders and major institutional shareholders, while investment banks have thrived on intermediating information about shareholders. Securities borrowing desks depend on brokers knowing who owns what so they can source the stock. Which is why the well-informed pore over stock ownership disclosure forms, looking for information on which to trade. It will therefore come as no surprise if unauthorized phishing becomes prevalent on the back of ostensibly legitimate requests for shareholder identity disclosure. We have found ways to protect intermediaries from that threat.”

He adds: “While well-intentioned, the legislation does not sufficiently address the issues of confidentiality, secure communication or the control of this data and so could give rise to the possibility of phishing and fraud. At its worst, firms could be exposed to data breaches on an epic scale.

“There is a very real risk of bad actors masquerading as issuers and obtaining highly sensitive shareholder data. Both the financial consequences and the reputational impact could be crippling for businesses. We were shocked to learn that some intermediaries are planning to communicate this data un-encrypted and by email. Our solution provides a secure, auditable way of locking out bad actors.”

SRD2 requires firms to respond with shareholder data within 24 hours, a very short time to allow them to check that the request has come from a legitimate source, particularly when the request may have been forwarded to them and has not therefore come direct from the original issuer. As a result, the best a financial intermediary can do is to check with the firm above them in the chain of communication that they have carried out their own validation checks. But what happens if the data is inadvertently disclosed? Whose fault will it be? Who will be liable? And how will disputes be resolved?

SRD2 refers to ‘appropriate’ security defences and insists that firms should check whether the request has originated from the issuer. But it does not explain how this should be done, nor does it recognize that such a seismic change in industry workflows might require secure counterparty communications that simply don’t exist today.

And as Zorab points out, GDPR complicates the risk: “How will firms simultaneously satisfy their obligations to disclose data under SRD2 and seek customer consent to keep data private under GDPR? If they get it wrong, they face fines of up to €5m for SRD2 and up to €400m or 4% of turnover for GDPR.”

Instant Actions is not the only firm seeking to help meet these concerns. At the start of September digital investor communications platform Proxymity also launched its new shareholder disclosure solution, Proxymity ID, across all EU markets – with State Street and Citi among the first clients. The first new product to launch from the London-based FinTech since its initial investment raise of $20.5 million earlier this year, it automatically verifies that disclosure requests come from an authorised source, which prevents unsolicited and unapproved requests from being processed. The new disclosure solution complements Proxymity’s core proxy voting solution, Proxymity PV, which was launched last year in Europe and Australia.

“We’re confident that Proxymity ID will make it easier and more cost effective for custodians and intermediaries to manage the new burdens imposed by SRD II,” says Dean Little, CEO and CoFounder of Proxymity. “With Proxymity’s enhanced technology and digital onboarding experience, intermediaries can sign up and start using Proxymity ID within 24 hours and immediately comply with the SRD II legislation, without having to develop their own solution.”

Related content

WEBINAR

Recorded Webinar: How to run effective client onboarding and KYC processes

Increasing cost, complexity and regulatory change continue to challenge firms implementing client onboarding and Know Your Customer (KYC) systems. With an effective strategy and a clearly defined pathway, it’s possible to gain a valuable competitive advantage whilst meeting those all-important compliance requirements. But how to get there? With a myriad of different options out there...

BLOG

Cappitech Joins Forces with REGIS-TR for End-to-End Service

EU trade repository REGIS-TR and Cappitech, a regulatory reporting service provider, have confirmed a new collaboration to deliver a streamlined, end-to-end regulatory reporting service. The partnership will link the two firms’ complimenting services for the Securities Financing Transactions Regulation (SFTR), the European Market Infrastructure Regulation, and its UK iteration, along with Switzerland’s Financial Market Infrastructure...

EVENT

RegTech Summit Virtual

The RegTech Summit Virtual which took place in June 2020 was a huge success with over 1,100 delegates registered. We are currently working on our plans for 2021 and we hope to be back with an in-person event. Whatever the future holds you can guarantee our 2021 event will be back with an exceptional guest speaker line up of Regtech practitioners, regulators, start-ups and solution providers to collaborate and discuss innovative and effective approaches for building a better regulatory environment. Can't wait until 2021? make sure you sign up to our RegTech Summit Virtual, November 2020. More info...

GUIDE

Regulatory Data Handbook 2020/2021 – Eighth Edition

This eighth edition of A-Team Group’s Regulatory Data Handbook is a ‘must-have’ for capital markets participants during this period of unprecedented change. Available free of charge, it profiles every regulation that impacts capital markets data management practices giving you: A detailed overview of each regulation with key dates, data and data management implications, links to...