Market Integrity Update - COVID-19 Special Issue - 31 March 2020
- Fairness in equity raisings during COVID-19
- Business continuity and supervision arrangements in response to COVID-19
We recognise that some listed companies may need to raise capital due to the COVID-19 pandemic.
When deciding on the timing and structuring of any capital raising, we expect directors will continue to act in the best interests of the company. This requires directors to balance a range of considerations such as the need for quick and certain capital, and the cost to and possible dilution of existing shareholders.
We remind directors that it’s important for issuers to consider fairness between shareholders – both institutional and retail – in capital raisings. Where circumstances allow, pro rata rights offers and share purchase plans (SPPs) can help achieve fairness between investors. Where SPPs are offered, we advise directors to carefully consider the implications for fair treatment of retail shareholders if scale-backs on allocations under the SPP are required.
Report 605 Allocations in equity raising transactions outlines a number of better practices for directors of listed companies to consider when raising capital. These practices include proactive engagement with advisers associated with the transaction to understand their allocation recommendations and consider the impact of capital raising on existing security holders.
We’re committed to working constructively and pragmatically with the market intermediaries we regulate, mindful they may encounter difficulties in complying with their regulatory obligations because of the impact of the COVID-19 pandemic.
We’ve engaged with market participants, investment banks, securities dealers and issuers of OTC derivatives to understand and assess the effectiveness of their business continuity and supervision arrangements.
Market intermediaries should monitor the effectiveness of their business continuity plans and alternative working arrangements. It is important to maintain robust monitoring and supervision controls to ensure financial services are provided efficiently, honestly and fairly.
Business continuity and back-up arrangements
We expect market intermediaries to:
- Identify critical systems and staff as part of their business continuity plans and ensure back-up arrangements operate as planned with allocated resources, including human and technological resources (e.g. location, capacity, internet load and systems licences). Market intermediaries should allocate more than one person to back up critical staff if required.
- Undertake periodic and frequent testing of remote working access and critical systems/technology.
- Monitor the effectiveness of cyber resilience arrangements given increased numbers of staff working remotely and the increased use of email. For example, some market intermediaries have observed an increased number of phishing emails. In response they’ve circulated warnings to staff not to click on links in emails received from unknown sources.
- Assess the potential disruption to services and functions provided by offshore intra-group entities and have in place contingency arrangements to ensure the continued operation of critical services and functions.
- Engage with external third-party service providers to ensure their business continuity arrangements are operating effectively and they have contingency arrangements to ensure the continued provision of services.
- Consider whether additional testing of outsourced and off-shored services are necessary to maintain the efficient, honest and fair operation of their business, especially services in jurisdictions where it may be difficult to maintain adequate controls over staff working from home.
- Hold frequent meetings with supervisory staff to monitor the effectiveness of their business continuity plans and supervision arrangements, and update their plans and arrangements as required.
Supervision of staff
Where alternative working arrangements are in place and staff are working remotely or split across different sites, market intermediaries should:
- Have in place a management structure that ensures its operations and processes are supervised by one or more persons who have appropriate supervisory skills, knowledge and experience – and who can manage these responsibilities across the evolving, fragmented operating environment. They should have enough seniority and authority to control, lead, influence and supervise those operations and processes. We expect that governance, incident management and escalation forums, including compliance committees, will continue to operate.
- Maintain written supervisory procedures specifying the staff responsible for supervision of their business operations and processes, identified by name or title and position. We expect market intermediaries to maintain records relating to the allocation of, and any changes to, supervisory responsibilities given to supervisory staff. For example, some market intermediaries already had plans documenting where staff and supervisors would sit and how supervision would be conducted in the event of the BCP being implemented (which has now occurred). Some market intermediaries had previously made staff and supervisors aware of which functions are critical.
- Have in place adequate arrangements to manage conflicts of interest and handle confidential information, where staff continue to be physically situated together (e.g. at a disaster recovery site). This may include segregation of relevant teams and the approval of seating plans by compliance staff. Supervisory staff should be allocated to supervise teams at physical sites in-person where possible. For example, some market intermediaries have disaster recovery sites exclusively for their use with secure access and appropriate segregation of staff within the space. In these instances, compliance, legal and supervisory staff are commonly distributed between the main and disaster recovery sites.
- Adhere to their existing policies for staff working remotely and the use of mobile devices. Where policies need to change to reflect the current conditions, they should be robustly reviewed and approved by compliance and other control functions to ensure they do not introduce any undue compliance, conduct or operational risk. For example, market intermediaries should carefully consider if it’s appropriate to have staff dealing with confidential client information while working from home. If they do work from home, they should be set up so they can’t be overheard, their screens can’t be seen by others at home and phone calls are recorded (or there are other equivalent record-keeping arrangements). They should be required to lock their screen or log-off when they leave their computer. Market intermediaries should consider what additional monitoring of staff practices and behaviour is necessary when working from home (e.g. whether more or fewer calls are being made from work/recorded lines and whether login patterns change unexpectedly).
- Record conversations concerning client instructions and orders given by phone, where obliged to do so. Where staff are working remotely, there should be protocols in place to ensure a market participant’s compliance with their mandatory recording obligations under the market integrity rules. Staff should be advised to only make calls using a software-based phone system that enables recording, or to take instructions and orders by email and chat message, providing a clear audit trail. Only authorised communication channels should be used and this should be monitored. In the rare instance this isn’t possible, the participant must ensure there is some form of written record. For risk mitigation, this should be followed by electronic confirmation by the client as soon as possible.
Market intermediaries should contact their ASIC Intermediary Supervisor if there:
- are any significant changes to business continuity or supervision arrangements that may affect their ability to meet their regulatory obligations or provide financial services in accordance with their licence authorisations
- is a risk of significant financial impact to the market intermediary.
While we acknowledge some market intermediaries are experiencing delays in the review and processing of surveillance system alerts, they should continue to report any suspicious activity to ASIC – refer to Section H of Regulatory Guide 265 Guidance on ASIC market integrity rules for participants of securities markets for more information.