The Financial Markets Authority has released an updated guide on the obligations of client money or property service (“CMPS”) providers. The guide replaces the original 2014 guide. The most significant change since 2014 is the addition of guidance for custodians, who are one type of provider. We consider the updated guide below and proposals to improve the relevant law under the Financial Markets Conduct Act (“FMC Act”). This blog post contains summary information only, is not legal advice and is based on the law as at the date of the blog post. This blog post was written by Simon Papa and Brandon Lim.
The guide is relevant to various types of financial service providers (“FSPs”) that receive, hold and/or transfer money and financial assets (including shares, bonds) on behalf of clients and investors. That includes stockbrokers, discretionary investment management service (“DIMS”) providers, portfolio administration service providers, some types of crypto-asset service providers, and some issuers of financial products. The guide is also relevant to any FSP that deals with providers, even if the FSP is not itself a provider. The guide is not relevant to retail managed investment funds and their custodians, derivatives issuers, and some insurance intermediaries (see the Insurance Intermediaries Act), who are each subject to their own regulatory regimes. NZX listed entities have additional obligations under listing rules.
The core attribute of providers is that they receive and hold money and property on trust for clients, and use them as directed by clients. This can be contrasted with FSPs such as banks (as one example), who do not hold financial assets on trust but enter into a debtor/creditor relationships with clients.
Key provider obligations
The guide addresses key obligations of providers under the FMC Act and regulations, and FMA’s interpretation of those obligations. We consider the guidance on custodian obligations separately below. Key matters addressed in the guide include the following (that guidance has not changed substantially since 2014):
- The provider obligation to “exercise the care, diligence, and skill” of a prudent person. FMA interprets that as including an obligation to carry out extensive due diligence on businesses that offer outsourced custodial and administration services. Due diligence is required to make sure the provider is satisfied that the outsourced business will ensure the provider’s compliance with law.
- The provider obligation to ensure that client funds are held in client money trust accounts at banks. The guide notes the importance of ensuring that those accounts are appropriately named and that banks (and other relevant counterparties) acknowledge that the funds are held on trust. That acknowledgement is important as, without it, there is otherwise a risk that the funds will not be recognised by the bank or other counterparties as the ultimate property of clients of the providers.
- The law prohibits the mixing of client funds and property held under a CMPS with a provider’s own funds and property. There are exceptions but they are subject to strict controls. The guide notes that and reminds providers that they cannot use funds of one client to make up shortfalls in funds of another client.
- FMA considers that all providers are subject to an obligation to regularly reconcile actual client money and property holdings against records (for example, bank statements), and to ensure that any discrepancies are fully resolved. This is not an express requirement for providers generally but custodians are subject to specific rules about reconciliations.
- The obligation to only use client money and property “as expressly directed by the client”. FMA notes concerns with provider “salami slicing” of margins from client funds without appropriate disclosure and client approval, particularly from interest earned on client funds and when carrying out FX transactions for clients. FMA states that any such margin deductions require “express, clear and unambiguous disclosure [in the relevant contract and that it ] should state the value of the margin (e.g. as a dollar amount or percentage of interest earned) and the purpose for which the margin is taken”, and that the purpose should generally be for services provided to the client.
Custodian obligations
Additional obligations apply to providers who are “custodians”. A custodian is a provider that “holds” (rather than simply receiving or transferring) client money and property in relation to financial products (with some exceptions). Custodian obligations include the obligations noted above for providers generally as well as:
- An obligation to maintain adequate processes, procedures and controls in relation to various objectives, including that “transactions are authorised, processed, and recorded in an appropriate, accurate, and timely manner” and that “accounts are administered in accordance with [law]”. Custodians must obtain an annual assurance engagement from an FMA approved auditor. The auditor reviews and confirms whether the processes, procedures and controls are effective and are being complied with. These are significant and costly obligations.
- An obligation to provide regular reporting to the clients on the money and financial products held, and of transactions conducted, during the reporting period.
These obligations and others were implemented in direct response to the David Ross Ponzi scheme that was identified in 2012. However, they were a piecemeal response that, in our view, have failed to properly address all underlying risks.
FMA identified that the custodian servicing Barry Kloogh, another financial adviser who operated a Ponzi scheme, often sent reports to Kloogh, rather than his clients. In the guide FMA addresses that by interpreting the custodian obligation to obtain client addresses for custodian reports as an obligation to ensure that “the address specified by the client [is] the client’s own address”. That is a strained interpretation of the law. However, it is likely in the interests of custodians to follow the guidance, as any misconduct by an FSP engaging the custodian may have serious consequences for the custodian.
Some FSPs are not required to engage independent custodians. Such FSPs can provide all CMPSs themselves including custodian services and reporting is not independent of the FSP (DIMS providers are one exception- they must ensure that client money and property are held by an independent custodian).
Also, FMA provides detailed guidance in the guide on the use of electronic reporting platforms.
Responsibility for client money or property services at law
Only the entity with the immediate contractual relationship for such CMPS is regulated– outsourced providers of CMPSs that are engaged by that entity are not regulated. In our experience some relevant client contracts, and contracts between FSPs and providers of CMPSs, are unclear with respect to exactly who has relevant CMPS obligations. In the guide FMA notes that as a concern. It creates real risk of non-compliance and of unintended assumption of responsibility. For FSPs that are providers, or who engage providers, it is critical to clarify in contract the extent to which the FSP is (or is not) providing CMPSs (including custodial services) and the other party’s corresponding role and responsibilities. So we recommend that FSPs and providers carefully prepare and/or review relevant contracts in that regard.
See also FMA’s “Custodian’s obligations information sheet”. The information sheet is based on repealed law but the replacement law is largely unchanged.
Wholesale clients
The obligations under the CMPS regulatory regime apply to CMPSs provided to retail clients only, with some exceptions. Following the Ross Ponzi scheme, the categories of wholesale clients in relation to CMPSs were significantly narrowed (reflecting that many Ross clients were, at the time, categorised as wholesale clients). The result is that clients who may be “wholesale” in relation to some financial products and services, may not be wholesale in relation to CMPSs. Clients can choose to opt out of the wholesale categorisation. So, providers should not assume that a CMPS client is “wholesale” just because they may fall into that category for other financial products or services. In the guide FMA states that “Providers should maintain adequate processes, systems and records in relation to identifying wholesale clients”.
Law reform proposals
In our view the systemic risks in the CMPS sector are large. In particular, a few, large, custodians provide underlying CMPSs for hundreds of FSPs, New Zealand investors hold increasingly large quantities of financial products offshore, and Ponzi schemes arise on a fairly regular basis.
The collapse of Lehman brothers in 2008 led to years of litigation in the UK in relation to the ownership and allocation of client money in the UK under equivalent UK law, only concluding in 2017 in the Supreme Court. The UK law was, even at the time, much better developed than New Zealand’s is currently. So the risk of protracted litigation following a failure of a provider is real. In New Zealand customers of the failed derivatives issuer and CMPS provider Halifax New Zealand Limited had to wait over 4 years to receive the first tranche of commingled investor funds, following High Court and Court of Appeal proceedings.
In its October 2023 report “Lessons learned from the Barry Kloogh Ponzi scheme” FMA noted it had sent proposals to reform the CMPS law to the Ministry of Business, Innovation and Employment. As of July 2024 there is no sign of action to implement those proposals. FMA’s Kloogh report was issued 4½ years after the Ponzi scheme was identified by FMA and 3 years after Kloogh was jailed for his crimes. The Ross and Kloogh Ponzi schemes were not the only Ponzi schemes operated by FSPs identified in New Zealand in recent years.
Cygnus Law has advocated since 2016 for reform to address shortcomings in the regulation of CMPSs. The International Monetary Fund recommended the licensing of custodians in its 2017 Financial System Stability Assessment report on New Zealand.
Despite all of those factors, the regulatory regime for CMPSs in New Zealand is still, in our view, relatively light and underdeveloped. Change appears glacial. FMA’s guide is helpful but is not a substitute for a more effective regulatory regime. The need for licensing seems clear to us. However, significant attention and resource has been focused on further regulation and licensing of already heavily regulated banks and insurers via the “conduct of financial institutions” regime that comes into force next year.
The Kloogh report states that “History shows that such fraud is difficult to detect”. Rather, in our view, history has shown that regulators have failed to put sufficient resource into detecting such fraud. And fraud is not the only risk. Failure of provider systems (particularly those operated by systemically important custodians) is also a risk.
In practice banks are very cautious about opening client money trust accounts for FSPs, because of concerns about anti-money laundering compliance. So this acts as a significant barrier to entry for many FSPs that need to operate a client money trust accounts as part of their businesses. This is another area that would likely benefit from improved law and a licensing regime for providers.