The Legal Entity Identifier – Also Relevant to Switzerland

The Legal Entity Identifier (LEI) emerged in the wake of the Lehman Brothers bankruptcy. At the Los Cabos Summit in June 2012, the G20 members approved a system for the unique identification of financial market players (Global Legal Entity Identifier System, GLEIS) to make it easier for both the private sector and public authorities to manage and control risks in the financial market. This system allows financial institutions to identify companies that are active on the financial market by way of a globally unique identifier.

During its 4 December 2015 session, the Swiss Federal Council voted that Switzerland adopt the GLEIS. It is hoped that this internationally standardised identification number for financial market participants will improve the quality of financial data and facilitate the assessment of systemic risks.

The focus of this paper lies on following topics:
  • How did the LEI come about?
  • What is an LEI?
  • Who needs an LEI?
  • Is an LEI the same for all asset classes?
  • How do I obtain an LEI?
  • What does the LEI mean for you?

Find out more

Stefan Wüest, Patrick Frigo and Erol Baruh will be happy to answer all your questions regarding LEIs.

Your PwC contacts

Stefan Wüest
PwC | Assurance Director
stefan.wueest@ch.pwc.com
+41 58 792 59 51

Patrick Frigo
PwC | Assurance Senior Manager
patrick.frigo@ch.pwc.com
+41 58 792 22 76

Erol Baruh
PwC | Assurance Senior Manager
erol.baruh@ch.pwc.com
+41 58 792 91 62

‘Basel IV’: Big bang –or the endgame of Basel III?

The Basel Committee on Banking Supervision’s announcement –December 2017

On Thursday 7th December 2017, the Basel Committee for Banking Supervision (‘BCBS’) published the final instalments of its reforms for the calculation of risk weighted assets (‘RWA’) and capital floors.

These papers complete the work that BCBS has been undertaking since 2012 to recalibrate the Basel III framework. Basel III was introduced to address the most pressing deficiencies that emerged from the 2007-08 crisis and make banks more resilient.

The finalised reforms, together with earlier publications that revise the calculation of RWAs –including the updated market risk framework published in January 2016 –are collectively referred to as ‘Basel IV’ by the industry, in recognition of the scale of the changes they introduce. These include revisions to the RWA calculation for all Pillar 1 risk types, meaning that both standardised and internal risk types will be impacted.
Further changes were published regarding the leverage ratio buffer for G-SIBs, together with a discussion paper on the treatment of sovereign debt.

Read full paper

Contact us:
Manuel Plattner
Director
PwC Switzerland
+41 0 58 792 1482
manuel.plattner@ch.pwc.com

Executive Compensation & Corporate Governance Insights – Part 3

In this third and final part of this year’s ExCo Insights, we discuss new methods of pay design and communication with shareholders (and we clarify some misunderstandings regarding established “best” practices). Moreover, we recommend that board members and executives take a broad view of governance matters. We offer the following “Rethinks”:

1. Compensation design is fraught with “best practice” approaches that are actually often not appropriate. Companies should recognise the drawbacks of popular high-powered incentive systems with caps, should reflect on possible unintended side effects of the apparently intuitive use of “relative performance evaluation” (RPE, such as benchmarking to indices), should be wary of the risk-taking incentives of currently fashionable performance shares, and should consider using debt to complement standard equity-based incentives. Simplification – for example, granting straight-up shares rather than complex instruments such as performance shares – also has important advantages.

2. Ongoing communication with shareholders throughout the year, not just ahead of the Annual General Meeting (AGM), is essential to build trust and understanding regarding a company’s specific situation. This is particularly important given that a company also has to deal with powerful proxy advisors who sometimes use checklists and policies that management may regard as inadequate in the context of the concrete challenges a company needs to solve with incentive systems and governance choices.

3. We introduce the 5 Rs of value generation through effective governance: Recruit (select and retain the right board members, executives and employees), Reward (design and live incentives), Report (engage in value reporting and communication), Realise (execute value generation), and Rethink (reflect critically on practice of all four of the other Rs). An effective board has a holistic view of all of these matters. The weakest link of these five elements will determine the overall performance of the company.

Read the ExCo Insights 2017 – Part 3

We look forward to engaging in dialogue with you.

Dr. Robert Kuipers
Partner People & Organisation PwC
+41 58 792 45 30
robert.kuipers@ch.pwc.com

Remo Schmid
Partner People & Organisation, PwC
+41 58 792 46 08
remo.schmid@ch.pwc.com

Regulatory developments (TCFD)

Financial Stability Board Task Force on Climate-related Financial Disclosures (TCFD)

Context
The G20’s Financial Stability Board (FSB) Task Force on Climate-related Financial Disclosures (TCFD) was convened to address concerns that companies are not sufficiently disclosing the impacts that climate change poses to their strategy, businesses and financial plans. Without adequate disclosure markets cannot function efficiently and risks are not appropriately priced.

Broadly climate risks can be divided into:

  • Transition risks such as climate policy (e.g. a carbon tax) or technological shifts (e.g. the rise of electric vehicles) which impact demand and costs of supply; and
  • Physical risks such as the impacts of more frequent/extreme weather events on assets, operations or supply chains.

Scope
The TCFD’s recommendations were launched in June 2017 and presented to the G20 Summit on 7–8 July. The report’s scope covers all companies with listed equity/debt in the G20.

Additionally, to address where concentrations of risk might lie, the scope also includes asset managers and asset owners e.g. pension funds, so covering the whole investment chain. Shareholders and other capital providers are increasingly looking to understand the resiliency of the companies they are invested in or lend to. Major institutional investors have publicly called for companies to make disclosure of climate risks a priority or face shareholder action.

TCFD recommendations and implications
The TCFD structured its recommendations on climate-related disclosures around four thematic areas:

  • Governance: extent of board and senior management oversight on the issue;
  • Strategy: risks and impacts on strategy, business and forward looking scenario analysis;
  • Risk Management: how climate risks are identified, assessed, managed and integrated into existing risk management frameworks; and
  • Metrics and Targets: how is performance on climate risk being measured.

The TCFD recommends disclosure in mainstream annual reports. It is a major shift away from sustainability reports where climate issues typically currently reside. This means that functions such as Finance and Investor Relations as well as the Audit Committee need to understand the financial implications of climate change and be in a position to explain whether such implications are material and how this is being governed, managed and disclosed.

Strategy functions will also need to consider how to incorporate such implications into long term plans. The TCFD recommends that companies conduct forward-looking scenario analyses to understand how their businesses will be impacted by climate change.

Contacts

Stephan Hirschi
PwC ADV Consulting | Adv Consulting TIS
+41 58 792 2789
stephan.hirschi@ch.pwc.com

Raphael Rutishauser
ADV Consulting | Adv Consulting TIS
+41 58 792 52 15
raphael.rutishauser@ch.pwc.com

 

Pension reform “no vote”: no immediate impact, challenges remain

On 24 September 2017 the Swiss people and cantons rejected the proposed “AV2020” reform package. The reforms covered the 1st and 2nd pillar and were proposed by Government to increase financial stability in the system and maintain current pension levels in both pillars.

The “no vote”

Details of the rejected reforms can be found in our blog from earlier this year. The headline changes were to increase the “normal” retirement age of women from 64 to 65, increasing the earliest retirement age to 62 (with exceptions), as well as changing the pillar 2 contribution rates and minimum conversion rate to 6.0% from 6.8%. Transition arrangements were to be provided to over-45s.

Overall the changes did not get enough consensus from across the diverse political, geographical and demographic landscape of Switzerland. Campaigners for a “no” vote focused on disparities between generations with young portrayed as paying for older generations retirement. Some argued that the reforms did not go far enough. The vote and subsequent rejection shows the challenge of getting complex reforms passed through a national referendum.

What next? Potential impact of the no-vote

There are no immediate actions for employers from the “no” vote as plans do not need to be changed. But the long-term challenges that triggered the reforms remain and need to be managed:

De-risking even more important – as none of the proposed reforms come into force now, employers and funds do not need to change current plans. But the cost of retirement benefits and the risk around them continues to rise. We expect many funds to continue to face significant challenges from increasing longevity and lower (expected) asset returns, so additional measures and changes to manage benefits and risks are likely needed in the mid to long term.

Providers may reconsider providing (insured) minimum plans – the minimum guaranteed conversion rate of 6.8% remains expensive for multi-employer funds and fully insured plans to provide. Some funds will reconsider their approach and potentially pull out of providing pure legal minimum plans as the financing of such benefits becomes more and more challenging without cross-subsidies. Employers with mandatory minimum plans may find getting a provider increasingly tough.

No immediate IFRS/US GAAP pension accounting impact – companies with Swiss minimum plans or split solutions (e.g. mandatory and over-mandatory benefits are covered by different plans/funds) who report their pension obligation under international accounting standards will not “gain” from the law change as there are no automatic changes to mandatory minimum benefits.

The Swiss government will be working on a new package of reforms, but there is no timeframe for this as yet. Employers may not be able to wait and may need to review their plans now to ensure they are future proof and risks are managed.

Contact

Adrian Jones
Director, People and Organisation
Tel: +41 58 792 40 13
adrian.jones@ch.pwc.com

Richard Köppel
Pensionskassen-Experte SKPE, People and Organisation
Tel. +41 58 792 11 72
richard.koeppel@ch.pwc.com

Federal Act on Data Protection (FADP): Swiss Federal Council publishes Draft Bill

On September 15, 2017 the Swiss Federal Council published the draft bill to the revision of the Federal Act on Data Protection (FADP). The revised bill intends to strengthen the protection of personal data and to adapt the existing provisions to the digital age. Moreover, it aims at adapting Swiss data protection legislation to legislation at European level, i.e. the EU General Data Protection Regulation (GDPR). In this context, remaining recognized by the EU as a third country providing an adequate level of data protection is crucial for the Swiss economy.

Key Features of the Draft Bill and Differences to the EU-GDPR

The Federal Council answered the criticism of the Swiss business community by implementing extensive changes to the preliminary draft of the FADP, which it published in December 2016. In that regard, the Federal Council rejected a so called “Swiss finish”. The current draft bill does not exceed the EU standards stipulated in the EU data protection legislation with regard to key elements anymore.

Generally, the draft bill aims, as its counterpart in the EU, at generally increasing transparency in data processing as well as at enhancing data breach sanctions. Moreover, in different areas the draft adopts the relevant EU legal terminology. It also establishes a risk-based approach, e.g. the data protection duties of the data controller are expanded contingent to the privacy risks of the concerned data subjects. The revised FADP requires all data controllers and processors to keep records on their data processing activities, similar to the GDPR. Reflecting the same development as in the EU, the revised FADP strengthens the role and position of the Federal Data Protection and Information Commissioner (FDPIC).

However, in some areas the draft bill substantially differs from EU legislation. For example, it does not require data controllers to document FADP compliance. Thus, unlike the GDPR, it does not introduce a reversal of proof approach with regard to data protection. Specific provisions on the protection of children and the right to data portability have not been introduced to the draft bill either. With regard to the latter, the Federal Council wants to wait for the EU’s experience prior to taking similar steps. Comparable considerations apply to the “right to be forgotten”, which has been limited to personal data matters concerning deceased persons.

Further differences to the GDPR concern sanctions. The upper limit stated in the preliminary draft has been substantially reduced from CHF 500’000 to CHF 250’000 and thus is significantly lower than in the EU. In addition, data controllers in Switzerland are subject to less reporting and consultation obligations towards the FDPIC as their counterparties in the EU towards their data protection authorities.

Keeping the EU Adequacy Status

Keeping unrestricted access to the EU single market is an additional factor shaping the revision of the FADP. In that context, adapting to parts of the EU data protection legislation seems a precondition for Switzerland to remain recognized by the EU as a third country providing an adequate level of data protection and, thus, benefiting of cross-border data transfers absent of additional legal safeguards. This is particularly important to the Swiss economy.

Need for Action for Companies

The revision of the FADP will have a material and significant influence on how companies will process personal data in the future. Despite the differences to the GDPR and to the preliminary draft the intention of the recently published draft bill remains the same: Increased transparency and stronger sanctions for data breaches.

It is envisaged that the revision should be completed in the summer of 2018. We however strongly recommend that companies consider the upcoming data protection legislation already today. Companies operating in Switzerland should gain a complete and full view of their data processing. Following this analysis and in application of a risk-based approach, the necessary measures must be taken to ensure compliance of data processing with the future new law.

Contact us

Susanne Hofmann
Director
Legal Compliance Leader Switzerland
+41 58 792 17 12
susanne.hofmann@ch.pwc.com

Dr. Idir Laurent Khiar
Assistant Manager
Legal Compliance
+41 58 792 17 51
idir.laurent.khiar@ch.pwc.com

The new Precious Metals Code

The Global Precious Metals Code (Metals Code) has been published in and is effective as of May 2017. It sets out the standards and best practices expected from participants in the global OTC-wholesale market for precious metals, meaning gold, silver, platinum and palladium (Precious Metals). It has been prepared and is backed by the London Bullion Market Association (LBMA).

Although the Metals Code is not binding law, all organisations actively involved in the global OTC-wholesale trading market for Precious Metals are expected to act according to the broad principles of the Metals Code and have procedures designed to uphold its general terms. The Global Code will need to be applied proportionally, because of the varying degrees of sophistication and the diverse nature of the participants. Non-compliance is likely to have negative consequences on business activities, because certain market participants might no longer be willing to enter into transactions with non-compliant market participants. It is also likely that courts will rely on the Metals Code when interpreting contracts entered into in the Precious Metals wholesale market.

The Metals Code applies to the following market participants (Market Participants):

  • LBMA members
  • Physical market participants (such as refiners and miners)
  • Financial institutions such as banks, asset/fund managers, high frequency trading firms, brokers, investment advisers
  • Trading houses
  • Central banks and sovereign wealth funds
  • Logistics firms and fabricators
  • Jewellery companies
  • Benchmark execution service providers and benchmark process platform operators
  • Affirmation and settlement platforms

The Metals Code does not apply to price-streaming platform providers, private banking clients and the general retail public.

The Metals Code is organised around the following four leading principles:

  • Ethics: Market Participants are expected to behave in an ethical and professional manner to promote the fairness and integrity of the Precious Metals market. This means in particular that Market Participants should:
    • Strive for the highest ethical and professional standards.
    • Identify and address conflicts of interests.
  • Governance, Compliance and Risk Management: Market Participants are expected to have a sound and effective governance framework that provides clear accountability and a compliance and risk framework that provides for robust control and a compliance environment that effectively identifies and manages the risks associated with their engagement with the market. This means that Market Participants have to:
    • Put an adequate business strategy and financial soundness in place as well as effective structures and mechanisms to provide for appropriate oversight, supervision and controls.
    • Have appropriate policies and procedures designed to handle and respond to potentially improper practices and behaviours effectively.
    • Have a framework for compliance and risk management.
    • Familiarize themselves with and abide by all applicable laws, regulatory obligations and relevant industry standards, and should have an appropriate compliance framework in place.
    • Maintain an appropriate risk management framework with systems and controls to identify and manage the Precious Metals market risks they face.
    • Have processes in place to independently review the effectiveness of and adherence to the risk management and compliance framework.
  • Information Sharing: Market Participants are expected to be clear and accurate in their communications. They are also expected to protect confidential information and to promote effective communication that supports a robust, fair, open, liquid and appropriately transparent Precious Metals market. Market Participants have thus to:
    • Clearly and effectively identify and appropriately limit access to confidential information.
    • Not disclose confidential information to external parties, except under specific circumstances.
    • Communicate in a manner that is clear, accurate, professional and not misleading.
    • Communicate market colour appropriately and without compromising confidential information.
    • Have clear guidance on approved modes and channels of communication.
  • Business Conduct: Market Participants are expected to effectively manage each stage of the transaction life cycle, i.e. pre-trade, execution, and post-trade, in order to promote a robust, fair, open and appropriately transparent Precious Metals market. Market Participants must, however:
    • Obtain sufficient information to know each client.
    • Ensure the adoption of proportionate and responsible business practices, appropriate to their business.
    • Be clear about the capacities in which they act.
    • Handle orders fairly and with transparency in line with the capacities in which they act.
    • Handle orders fairly, with transparency and in a manner consistent with the specific considerations relevant to the different order types.
    • Only pre-hedge client orders when acting as a principal and should do so fairly and with transparency.
    • Apply only a mark-up to client transactions if fair and reasonable.
    • Not request transactions, create orders or provide prices with the intent of disrupting market functioning or hinder the price discovery process.
    • Employ a last look which is transparent regarding its use and provide appropriate disclosure to clients.
    • When providing algorithmic trading or aggregation services to clients, provide adequate disclosure regarding their operation.
    • Not engage in practices that disrupt the integrity of benchmarks.
    • Confirm trades as soon as practicable, and in a secure and efficient manner.
    • Identify and resolve confirmation and settlement discrepancies as soon as practicable.
    • Perform timely account reconciliation processes.
    • Identify settlement discrepancies and submit compensation claims in a timely manner.
    • Measure and monitor their settlement risk and seek to mitigate that risk when possible.
    • Utilize standard settlement instructions.
    • Request direct payments.

Please contact our expert on this topic for a free consultation:

Martin Liebi
Director
Tel: +41 58 792 2886
martin.liebi@ch.pwc.com

EU conflict minerals legislation

EU conflict minerals legislation will enter into force on 7 July 2017 and affect all EU importers of gold, tin, tungsten and tantalum (metals and ores).

The new EU conflict minerals regulation (“CMR”) was officially published on 9 May 2017 and will enter into force on 7 July 2017. The CMR introduces new compliance rules for EU importers of gold, tin, tungsten and tantalum, as well as their ores (“metals and minerals”), which stem from conflict-affected and high-risk areas, among others. The CMR is based on the OECD Due Diligence Guidance for responsible supply chains of minerals from conflict-affected and high-risk areas (“OECD Due Diligence Guidance”), including the annexes and supplements thereto. The USA have already introduced their version of a conflict minerals regulation in Section 1502 of the Dodd-Frank Act. This memorandum provides an overview of the key features of the CRM.

Summary

The EU Conflicts Minerals Regulation covers gold, tin, tungsten and tantalum, as well as their ores, which stem from conflict-affected or high-risk areas, among others. The CMR will affect all EU importers (or third parties acting on their behalf) of gold, tin, tungsten and tantalum, and those involved in the EU supply chain of the import of these metals and minerals. EU importers or third parties acting on their behalf must comply with the following key obligations: the creation of management and risk management systems, third party audits, disclosure obligations and ex-post checks. Non-EU importers must ensure that EU importers can fulfil their obligations by providing the required information and data for supply chain traceability. The CMR will enter into force on 7 July 2017. Its key obligations will however only come into effect on 1 January 2021.

Who is affected?

The obligations of the CMR will mainly affect EU importers of metals and minerals. An “EU Importer” is any natural or legal person declaring metals or minerals for release for free circulation, or any natural or legal person on whose behalf such declaration is made. Non-EU goods intended to be put on the EU market or intended for private use or consumption within the customs territory of the EU shall be placed under release for free circulation. Release for free circulation entails:

  1. the collection of any import duties due
  2. the collection, as appropriate, of other charges, as provided for under relevant and effective provisions relating to the collection of such charges
  3. the application of commercial policy measures and prohibitions and restrictions insofar as they do not have to be applied at an earlier stage
  4. the completion of other formalities established in respect of the import of goods.

Release for free circulation shall confer the customs status of EU goods on non-EU goods.

It is important to note, however, that EU importers sourcing metals and minerals not stemming from areas deemed to be “conflict-affected or high-risk” must maintain their responsibility to comply with the due diligence obligations of the CMR. In other words, all EU importer of metals and minerals must comply with the requirements of the CMR. Commodities traders who are not EU importers of metals and minerals are still affected by the CMR because they are part of the supply chain. These traders must ensure that EU importers can fulfil their traceability obligations and other duties under the CMR.

Which metals and minerals are affected?

The CMR impacts gold, tin, tungsten and tantalum and their ores (“metals and minerals”) if they exceed a certain threshold volume. EU authorities have outlined the affected metals and minerals in their “Combined Customs Nomenclature”. Please find below an indicative table of the affected CN codes and exempted volumes.

Affected minerals

Description EU CN code TARIC subdivision Exempted threshold volume (kg)
Tin ores and concentrates 2609 00 00 5,000
Tungsten ores and concentrates 2611 00 00 250,000
Tantalum or niobium ores and concentrates ex 2615 90 00 10 To be communicated
Gold ores and concentrates ex 2616 90 00 10 To be communicated
Gold, unwrought or in semi-manufactured form, or as a powder with a gold concentration lower than 99.5% that has not passed the refining stage ex 7108 100

Affected metals

Description CN code TARIC subdivision Threshold volume (kg)
Tungsten oxides and hydroxides 2825 90 40 100,000
Tin oxides and hydroxides ex 2825 90 85 10 To be communicated
Tin chlorides 2827 39 10 10,000
Tungstates 2841 80 00 100,000
Tantalates ex 2841 90 85 30 To be communicated
Carbides of tungsten 2849 90 30 10,000
Carbides of tantalum ex 2849 90 50 10 To be communicated
Gold, unwrought or in semi-manufactured form, or as a powder with a gold concentration of 99.5% or higher that has passed the refining stage ex 7108 100
Ferrotungsten and ferro-silico-tungsten 7202 80 00 25,000
Tin, unwrought 8001 100,000
Tin bars, rods, profiles and wires 8003 00 00 1,400
Tin, other articles 8007 00 2,100
Tungsten, powders 8101 10 00 2,500
Tungsten, unwrought, including bars and rods obtained by simple sintering 8101 94 00 500
Tungsten wire 8101 96 00 250
Tungsten bars and rods, other than those obtained by simple sintering, profiles, plates, sheets, strips and foil, and other 8101 99 350
Tantalum, unwrought including bars and rods, obtained by simple sintering; powders 8103 20 00 2,500
Tantalum bars and rods, other than those obtained by simple sintering, profiles, wire, plates, sheets, strips and foil, and other

 Which jurisdictions are concerned?

The CMR will affect all metals and minerals coming from areas in a state of armed conflict or fragile post conflict, as well as those areas witnessing weak or non-existent governance and security (such as failed states) and widespread and systematic violations of international law, including human rights abuses. It will be left to the discretion of the respective EU importer whether areas should be deemed “conflict-affected” or “high-risk”. An indicative, non-exhaustive, regularly updated list of conflict-affected and high-risk areas will be provided. This list will however not provide absolute clarity on the countries that are considered “conflict-affected” or “high-risk”. The authorities will prepare non-binding guidelines in the form of a handbook for economic operators, explaining how best to apply the criteria for the identification of conflict-affected and high-risk areas.

What are the obligations under the EU conflict minerals regulation?

EU importers of metals and minerals must comply with the supply chain due diligence obligations set out in the CMR, and keep documentation demonstrating their compliance with these obligations, including the results of independent third-party audits. The key obligations are the implementation of:

  1. Management system: A supply-chain policy for metals and minerals stemming from conflict-affected and high-risk areas must be created, adopted and overseen by senior management, and communicated to suppliers. A grievance mechanism as an early-warning risk-awareness system must also be implemented. A chain-of-custody or supply-chain traceability system must be developed that provides the following (and its respective documentation):
      • description of the metal or mineral, including its trade name and type
      • name and address of the supplier to the EU importer
      • name and address of the smelters and refiners in the supply chain of the EU importer
      • in the case of metals – records of the third-party audit reports of smelters and refiners, if available, or evidence of conformity with a supply chain due diligence scheme recognised by the European Commission
      • in the case of minerals only – the country of origin of the minerals and if available, the quantities and dates of extraction, expressed in volume or weight
      • in the case of metals or minerals originating from conflict-affected and high-risk areas – additional information in accordance with the specific recommendations for upstream economic operators, as outlined in the OECD Due Diligence Guidance.

     

  2. Risk management obligations: Identify and assess the risks of adverse impacts in the mineral supply chain on the basis of information provided on the standards of their supply chain policy. Implement a strategy to respond to identified risks, one that prevents or mitigates adverse impacts by:
    • reporting findings of the supply chain risk assessment to senior management
    • adopting risk management measures consistent with the OECD Due Diligence Guidance
    • implementing a risk management plan and tracking its performance
    • undertaking additional fact and risk assessments for risks requiring mitigation, or after a change of circumstances.

     

  3. Third party audit obligations: EU importers of metals or minerals shall have audits performed by an independent third party (‘third-party audit’). EU importers of metals shall be exempt from the obligation to carry out third-party audits provided they provide substantive evidence, including third-party audit reports, which demonstrate that all smelters and refiners in their supply chain comply with the CMR or that they source exclusively from smelters and refiners found on the “Globally-Responsible Smelters and Refiners” list (see below, “Acknowledged refiners and smelters”).
     
  4. Disclosure obligations: EU importers of metals and minerals shall provide reports of any third-party audits to the competent authorities, and provide their immediate downstream purchasers all information gained and maintained pursuant to their supply chain due diligence with regard to business confidentiality and other competitive concerns. Each year, they shall report as thoroughly as possible on their supply chain due diligence policies and practices for responsible sourcing, including on the Internet.
     
  5. Ex-post checks: The competent authorities will carry out appropriate ex-post checks in order to ensure that EU importers of metals and minerals comply with the established obligations. This includes the examination of the EU importer’s implementation of supply chain due diligence obligations, the examination of documentation and records demonstrating proper compliance and the verification of audit obligations. Ex-post checks will include on-the-spot inspections, such as those done on the premises of the EU importer.
     

What are the applicable exemptions?

There are multiple applicable exemptions, such as:

  1. Recycled metals: Where an EU importer can reasonably conclude that metals are derived only from recycled or scrap sources, and when it has, with due regard for business confidentiality and other competitive concerns, publicly disclosed its conclusion and described in reasonable detail the supply chain due diligence measures it exercised in reaching that conclusion.
  2. Stocks of affected minerals: When stocks were created in their current form on a verifiable date prior to 1 February 2013.
  3. Recognised due diligence schemes of industry associations and groups: Industry associations and groups may request recognition of their due diligence schemes from the European Commission.
  4. Acknowledged refiners and smelters: A list will be provided that contains the names and addresses of globally-responsible smelters and refiners.

When will the EU conflict minerals regulation and its obligations take effect?

The CMR will take effect on 9 July 2017. Its key provisions will however only enter into force on 1 January 2021. These key provisions are:

  • Compliance with supply chain obligations
  • Management systems obligations
  • Risk management obligations
  • Third-party audit obligations
  • Disclosure obligations
  • Ex-post checks on EU importers

What will be the impact?

The experience obtained from the enforcement of the conflict minerals regulations under Dodd-Frank has shown that it will take a considerable amount of time to plan, structure and implement the requirements set forth in the OECD Due Diligence Guidance. These requirements will affect corporate governance, risk management, supply chain and trading activities.

Please contact our experts on this topic for a free consultation.

Contacts

Martin Liebi
Director – Head of Commodities Trading Regulation
Tel: +41 58 792 2886
martin.liebi@ch.pwc.com

Guenther Dobrauz
Partner Tax and Legals
Tel: +41 58 792 1497
guenther.dobrauz@ch.pwc.com

MIFID2: Are you ready for the new era in record-keeping?

With the MIFID2 regulatory regime beginning on 3 January 2018, EU-based financial firms will not only face a new era of heightened record-keeping involving many more records than was previously required, but also the negative effects of new oversight, monitoring, e-discovery and forensics processes for the firm’s clients and regulators. MIFID2 recordkeeping will not just be about expanded content archival – it will deal with its implementation in a way that will help firms best execute processes in a strategic and efficient manner.

The task faced by management teams to ensure their firms are compliant with MIFID2 record-keeping may be daunting given the complexities of the directive and its regulations. We feel this task is best completed by way of an overall approach to record-keeping operations, culminating in the decision to create a firm-level “programme” that is designed to handle all the new requirements posed by MIFID2 – as opposed to ad-hoc, tactically focused processes, which ensure minimal compliance with great risk and little preparation for the processes of oversight, monitoring, e-discovery and forensics. With a strategic programme, firms will have the means to ensure record-keeping compliance and be prepared to effectively deal with the negative effects of MIFID2.

Ultimately, a robust and strategic recordkeeping programme should encompass a process of integrating content archiving into the management of line-of-business applications from the very first day of MIFID2. This process should put operational archiving best practices into place to ensure that records are archived in such a way that their state and inventory are always known – thus making oversight, searching and retrieval easier in the future.

Read the whole article

Contacts PwC:

Guenther Dobrauz
Partner|Leader PwC Legal Services Switzerland
Tel. +41 58 792 1497
guenther.dobrauz@ch.pwc.com

Michael Taschner
Senior Manager|Legal FS Regulatory and Compliance Service
Tel. +41 58 792 1087
michael.taschner@ch.pwc.com

Philipp Rosenauer
Manager|Legal FS Regulatory and Compliance Services
Tel. +41 58 792 1856
philipp.rosenauer@ch.pwc.com

Orkan Sahin
Senior |Legal FS Regulatory and Compliance Services
Tel. +41 58 792 1994
orkan.sahin@ch.pwc.com

Contacts KSF Technologies:

Michael Imfeld
Managing Partner, Business Development
michael.imfeld@ksftech.com

Allen Frasier
Director of Compliance
allen.frasier@ksftech.com

SWIFT Customer Security Programme – mandatory specifications to protect your local SWIFT infrastructures

The growing number of cyber-attacks, including those on the local infrastructures of SWIFT participants, has prompted SWIFT to create a security programme for its participants in order to fight together against cyber threats.

SWIFT published its Customer Security Programme in April 2017. It defines specific requirements to be met by all connected participants. The programme aims to improve the exchange of information within the SWIFT community, to ensure a high level of security for the local SWIFT infrastructure of participants, and to put in place an assurance framework to counter the ever growing number of cyber threats and strengthen the ability of SWIFT participants to combat cyber-attacks.

SWIFT Customer Security Programme

The programme calls upon all SWIFT participants to implement a control and assurance framework. The control framework consists of a set of 16 mandatory and 11 advisory security controls. The controls are based on existing SWIFT security guidelines, and are in line with good practice standards such as NIST, ISO/IEC 27002 and PCI-DSS. The mandatory controls establish a security baseline for the entire SWIFT community. SWIFT also recommends implementing the advisory controls to provide optimal protection for local SWIFT infrastructures.

Demands placed on SWIFT participants

The SWIFT Customer Security Programme will come into force on 1 January 2018. As well as applying to financial service providers, it is also valid for all companies that participate in the SWIFT network. Before the introduction of the programme, each SWIFT participant must conduct a self-assessment and notify SWIFT of its status regarding compliance with the controls (by the end of 2017). From 2018, all participants must confirm their compliance with controls on an annual basis. This confirmation can be provided via a self-assessment (self-attestation), internal audit (self-inspection) or external audit (third-party inspection). Participants are free to choose the type of confirmation they wish to submit. SWIFT will however also carry out regular spot checks of confirmations via internal or external audits for quality assurance purposes.

SWIFT participants must consider the following points in particular:

  • Should only the mandatory controls be implemented, or also the advisory ones?
  • How should the assurance framework be structured? Is self-assessment sufficient, or should an internal or external audit be conducted on a regular basis?
  • Should the status regarding compliance with controls be made public to other SWIFT participants?
  • How can it be ensured that controls continue to be adhered to in the future?

The support we offer you

SWIFT Readiness Assessment

We can help make sure you comply with the SWIFT requirements by 1 January 2018 by assessing your current status and highlighting any gaps.

SWIFT control support

We can provide support for the implementation of controls by means of a post-implementation review.

SWIFT compliance confirmation

We can assist you with your annual confirmation of compliance with SWIFT requirements.

Please feel free to contact our experts if you are interested in the topic.

More information

Contacts

Jens Probst
Director, Systems & Process
Assurance
+41 58 792 29 59
jens.probst@ch.pwc.com

Claudia Hösli
Senior Manager, Specialist Cyber Security
+41 58 792 14 85
claudia.hoesli@ch.pwc.com

Marco Schurtenberger
Senior Manager, Specialist Cyber Security
+41 58 792 22 33
marco.schurtenberger@ch.pwc.com