Ukraine overhauls the regulatory framework for the financial services industry
As reported earlier, last year, the Ukrainian central bank — the National Bank of Ukraine (NBU) —conducted a public consultation with respect to a draft law (“Draft Law”) on financial services (available in Ukrainian). The Ukrainian Parliament registered the Draft Law on 15 February 2021 (available in Ukrainian). The current regulatory framework was adopted in 2001. The Draft Law aims to replace it with a set of refreshed rules addressing the current challenges. The following is a summary of certain peculiar features of the Draft Law compared with the current regime.
Architecture of the financial services market
It is contemplated under the Draft Law to catch under the new framework a number of financial and supplementary services, most of which align with the currently regulated ones. The key difference is that the draft contemplates the regulation of categories of financial services rather than specific services. Thus, a competent authority may allocate a specific service/activity having a requisite of one or more categories into the relevant category of financial services. Hence, the regulatory framework seems to be becoming a bit more flexible because, under the current rules, it is prohibited to carry out activity that is not specifically listed in the law.
On the right, you may note the allocation of responsibilities among the two competent authorities vis-a-vis various financial services providers. Historically, three different regulators were responsible this sector. On 01 July 2020, the National Commission Carrying out State Regulation of the Financial Services Markets (“Financial Services Commission”) ceased to exist. Therefore, the remaining two regulators have shared the oversight for specific entities that were previously overseen by the Financial Services Commission.
How do Ukraine’s licensing requirements apply to cross-border business into Ukraine?
The Draft Law proposed by the NBU last year explicitly touched upon this matter. It contained a general rule that a foreign financial institution or a legal entity authorized to render financial service(s) under the foreign law would be able to render the same on the territory of Ukraine pursuant to the requirements of: (i) the special law(s) applicable to such activity; and (ii) secondary legislation adopted by the competent authority.
Unfortunately, the registered revised text does not contain this rule. At the same time, the Draft Law contains certain provisions that may indirectly imply the possibility of such cross-border offering (e.g., each competent authority is authorized to oversee the activity of foreign service providers active in Ukraine and to collaborate with the responsible foreign regulators).
Given this, any financial service proposed on a cross-border basis may need to be reviewed on a case-by-case basis to identify whether it would be in line with the general requirements and requirements of any special law applicable to the service at hand.
Noteworthy novelties of the Draft Law
- Risk-based approach
The Draft Law contemplates that the competent authorities will not spend an equal amount of time or resources on each category of regulated financial services providers. In other words, they will have an opportunity to allocate such categories into more or less risky categories and adopt and enforce either a heavier or a “light touch” set of rules accordingly. Thus, the Draft Law indicates that the relevant competent authority will be authorized to adopt criteria to define: (i) the risk profile of the respective financial/supplement service provider; and (ii) respective oversight actions vis-a-vis the same.
- Professional opinion of a competent authority
The Draft Law envisages that a competent authority may apply so-called “professional opinion” when dealing with its tasks. Apparently, this refers to a case when the competent authority would deal with non-routine matters subject to more comprehensive assessment. It is noteworthy that such professional opinion will be issued in the form of an official document and the respective market participant will be able to challenge such opinion within 15 business days from its receipt. Moreover, any harm caused to the service provider as a result of the application of such professional opinion may be compensated in accordance with the applicable process.
- Financial secrecy
The Draft Law aims to resolve one of the legacy issues on the financial services market and defines all client and third-party data handled by involved intermediaries (except banks) as “financial secrecy.” The data handled by the banks will remain governed by the rules applicable to “banking secrecy.” This will hopefully resolve a current legal uncertainty whereby there are different piecemeal rules defining the rules for privileged data handled by the engaged service providers. It is not always straightforward to identify which piece of data falls into which regime. It is curious that the Draft Law does not envisage a general disclosure regime of such data by the relevant service provider but rather by the competent authority (except for a few use cases, such as disclosure to: (i) a third-party contractor; or (ii) based on the consent of the data controller). Moreover, it seems to indicate that the Draft Law’s provisions may override any conflicting disclosure provisions envisaged under other applicable pieces of legislation. The practical implication of this may be that such disclosure may face difficulties in certain cases not specifically addressed in the law.
The Draft Law has substantially changed its approach to outsourcing comparing it with the public consultation stage. In particular, it used to define “outsourcing” as a transfer of processes to a third party based on a contract with a view to optimize both the cost and processes of a service provider. The revised version has removed the reference to the above condition and it indicates that any performance by a third party of a process or function of a service provider would qualify as “outsourcing.” That said, the competent authority will be authorized to define the criteria the potential outsourcing providers would be required to meet.
The revised draft also changed the approach toward permitted outsourcing. It used to indicate that special laws (and secondary legislation) would contain a list of such activities. Now, it contains a general rule that both this law and special laws should provide for a list of functions (or processes within functions) that may be outsourced. However, currently, the Draft Law provides such list only for financial services providers regarded as “financial companies” and “pawn shops,” which do not include banks, insurance companies, credit unions and capital markets intermediaries. Moreover, the Draft Law provides for a rather narrow list of processes (functions) that may be outsourced. In particular, it only includes “accounting,” “internal audit,” “risk management” and/or “compliance function.” This is also subject to a “financial company” and “pawn shop” not being regarded as an “enterprise with a social interest.”
Given this, it appears that the Draft Law provisions on outsourcing lack substance and may need to be updated: (i) to enable the financial services industry to benefit from the existing opportunities in the outsourcing industry; and (ii) to make such opportunities available to all financial services providers in Ukraine.