Financial Services

ESMA highlights risks arising from securities lending to retail investors

Written by

Dr. Michael Huertas

RegCORE Client Alert | Capital Markets Union


On 12 July 2023, as most of Europe headed off into the summer holiday season, the European Securities and Markets Authority (ESMA) issued a public statement highlighting the risks of securities lending and other securities financing transactions (collectively SFTs) in relation to retail client financial instruments and clarifying certain important MiFID II investor protection requirements (the Statement).Available here.Show Footnote The Statement may be succinct and straight-to-the point in its four pages but it packs quite a punch to those wishing to offer SFTs (especially to retail clients) – notably by clarifying the need for active explicit consent.

The Statement acknowledges that while SFTs may be able to generate extra returns on financial instruments, they are also a risky and complex practice “that is difficult to understand for the average retail client.” Specifically, the Statement highlights counterparty and collateral shortfall riskThe risk that an investor faces if their financial instruments are loaned out, and the external borrowers cannot return those (or acceptable equivalent) financial instruments and the value of the collateral is insufficient to cover the loss of the financial instrument that was lent out and the investment firm cannot cover the loss.Show Footnote as issues that the average retail investor may be exposed to. Moreover, ESMA’s Statement clarifies that measures taken by a firm to safeguard the client’s ownership rights will not apply to financial instruments used in SFTs.For further reading on these issues, and perhaps as read by ESMA, please visit here.Show Footnote MiFID II accordingly imposes strict requirements regulating the use of client financial instruments. The Statement also states that “revenues arising from SFTs should accrue to the client”.

Importantly, while the Statement defines SFTs it does not limit that definition to SFTs covered by the EU’s SFT Regulation (SFTR)Available here.Show Footnote and thus should be read to apply widely to traditional SFTs but also could be interpreted as applying to those transactions (such as staking and atomic swaps) involving crypto-assets that could, where the crypto-asset qualifies as a financial instrument, fall into SFTR or at least MIFID II, as supplemented by IFR/IFD.

This Client Alert assesses the salient legal and regulatory issues emanating from the Statement setting out ESMA’s supervisory expectations and what affected market participants will want to consider regardless of whether engaging in SFTs for “traditional” financial instruments and/or crypto-assets.

ESMA’s supervisory expectations on SFTs

MiFID II (and equally SFTR) has strict rules when it comes to client permission, providing collateral, and disclosure of information to clients. ESMA is clear in stating that in the context of SFTs the provisions of Article 24(1) of MiFID II apply. That article stipulates an overarching obligation that firms must behave honestly, fairly, and professionally to serve the best interests of their clients. ESMA is clear in repeating the principle that while retail clients can also lend securities, the bar for protecting investors is higher when a firm uses financial instruments from retail clients, as explained in the Statement.

The Statement reminds readers that Article 16(8) of MiFID II states that a firm has to make sure that clients’ ownership rights are protected and that a client’s financial tools cannot be used for the firm's own account without the client’s permission. Article 5 of the MiFID II Delegated Directive gives more details about the rules for firms that enter into SFTs for financial assets owned by clients. Specifically, this means that:

  • A client should give written, signed permission for the use of their financial instruments on certain terms before the use of those instruments;
  • Financial instruments of a client should only be used under the terms to which the client agrees; and
  • Firms must make specific plans to make sure that the person who borrows client financial instruments provides enough collateral and that the firm monitors such collateral to make sure it is sufficient and takes the steps needed to keep it in line with the value of the client financial instruments.  

ESMA’s Statement sets out some practical examples on how firms should comply with MIFID II requirements applicable to SFTs with retail clients. These examples however focus on some of the bad practices that ESMA has identified and correspondingly ESMA’s supervisory expectations. These include:

  • Revenues from securities lending should directly accrue to the retail client, net of a “normal compensation” for the firm’s services (i.e., direct and indirect operational costs and a fair and proportionate fee). ESMA stresses that the amount of normal compensation deducted from the revenues arising from securities lending should be included in any costs and charges information provided to the client whose financial instruments are being, or have been, lent out;
  • ESMA is aware that some firms engaging in SFTs in relation to retail client financial instruments retain revenues arising from this activity. In such cases, the additional returns from securities lending do not accrue to the client, while the client does incur the higher risk due to lending out his or her financial instruments. Some firms using SFTs in this way argue that the practice still benefits their clients because it enables lowering trading commissions charged to clients. ESMA’s Statement does not state what “normal compensation” is. This affords firms a requisite degree of flexibility but equally supervisors’ an ability to apply scrutiny in a risk-based proportionate manner;
  • Firms using retail client financial instruments to generate additional revenues for the firm may not be acting fairly and professionally in accordance with the best interests of its retail clients, in accordance with MiFID II; and
  • The prospect of any indirect ‘benefit’, such as lower trading commissions, may not justify exposing a retail client to the risks of securities lending. Furthermore, such an indirect ‘benefit’, if any, would not necessarily and proportionately accrue to all retail clients exposed to the risks arising from the lending of their securities, but to retail clients exhibiting more active trading behaviour.

On top of that, ESMA has issued stringent expectations on how a firm may use the assets of retail clients and how they should be protected when the securities firms lend them out. Accordingly, ESMA states:

  • “A firm is required to make adequate arrangements to safeguard the ownership rights of their clients and to prevent the use of clients’ financial instruments deposited in their accounts except where the clients have consented”;
  • “…firms shall adopt specific arrangements to ensure that the borrowers of the clients’ financial instruments provide sufficient collateral…”; and  
  • “…firms shall continue monitoring the appropriateness of the collateral in relation to the value of the client’s financial instrument.”

In addition to the above, ESMA is clear in its expectations of how firms should document SFTs and obtain consent from those persons categorised as “retail clients”.  

Obtaining explicit consent and providing timely information are critical

Firms that enter into SFTs with clients’ financial assets are required to give the client enough information before and after the SFT transaction. Before entering into SFTs with clients or using their financial instruments for their own or another client’s account, firms must give the client clear, full, and accurate information about the firm’s obligations and responsibilities regarding the use of those financial instruments, including the terms for refunds and the risks involved (Article 49(7) of the MiFID II Delegated Regulation). Article 58(c) of the MiFID II Delegated Regulation states that firms must put the terms of how SFTs with client financial instruments will make money for the client in the written client agreement.

Moreover, Article 63(2)(b) and (c) of the MiFID II Delegated Regulation states that firms should include personalised information in their periodic statements on the assets of retail clients they hold. This information should include the extent to which any retail client financial instruments have been the subject of SFTs, the extent of any benefit that has accrued to the retail client as a result of participation in any SFTs, and the basis on which that benefit has accrued.  

ESMA is unequivocally clear that: It is not appropriate to request express prior consent through the use of the firm’s general terms and conditions. Moreover, ESMA is also aware that certain firms require a client’s permission before engaging in SFTs as a condition of consenting to the firm’s general terms and conditions. In this manner, when the customer offers their approval to the general terms and conditions, they are also giving their approval to the loan out of their financial instruments.

ESMA is of the opinion that, regardless of whether the firm states that the client does so or not, requesting a client’s consent to SFTs as part of a written agreement that outlines the general rights and obligations of the parties should not be considered as satisfying the requirement to obtain express prior consent evidenced in writing, through signature or equivalent. This is because the agreement is intended to set out the general rights and obligations of the parties.  For instance, if a statement to the effect that the client “expressly consents to the firm using his or her financial instruments” is included in a general document that outlines all of the client’s rights and obligations, it does not constitute asking for the client’s express prior agrees even if the firm declares that the client “expressly consents to the firm using his or her financial instruments.”

Equally, if the provision on the client’s consent is contained in a document providing broader information, without giving specific prominence to such a clause, in ESMA’s opinion, the client has not been made sufficiently aware of consenting to the firm utilising his or her financial instruments. This is because the clause on the client’s consent is, at least in ESMA’s view considered to be “buried in the document”.

According to ESMA, the requirement to obtain a client’s express prior consent to SFTs, is a separate requirement from the obligation to record rights and obligations of the parties in a basic written agreement. This means that a firm should give specific prominence to requesting such consent from clients, for example by having a separate record of the client’s specific consent for SFTs. This is because the obligation to record rights and obligations of the parties in a basic written agreement is a separate requirement.

ESMA’s Statement also explains that “in a setting that is conducted online, for example, the express prior consent of a customer might be solicited by including a new and separate stage in the procedure for onboarding the customer that is devoted to the explicit prior consent of the customer being solicited. For the avoidance of ambiguity, this express prior consent shall not be in the form of a pre-ticked box or any other manner of passive assent. Rather, it shall take the form of a free-form statement.”

ESMA’s Statement concludes by reiterating a general principle that “Firms owe it to their customers to present them with sufficient information about the dangers associated in SFTs well in advance of asking for their express prior consent. This is necessary for ensuring that customers are informed of the potential consequences of supplying their express prior consent. For instance, information about the risks that are involved can be offered at the additional and separate stage in the process of onboarding the customer before asking for the client’s prior express agreement. This step is part of the onboarding procedure.”

Outlook and next steps

ESMA added that it will continue to monitor the activities of the securities lenders and their engagement with the retail clients and issue any further guidance to the European Commission regarding SFTs. While the Statement may be a timely (and possible welcome) recap of existing EU rules and expectations, it should be noted that the fact it is being issued at all, highlights supervisory interest of ESMA and relevant national competent authorities (NCAs) in this area. Equally, while ESMA’s Statement is pan-EU in application, contractual law and consumer protection rights and obligations are, despite the EU’s best efforts on improving harmonisation, still a matter driven largely by national law and market specifics that may also be particular to individual jurisdictions. This still applies to any cross-border provision of SFTs as well as to any cross-border (common) supervisory action whether led by ESMA or any NCAs.

The same is true in jurisdictions beyond the EU, notably the UK, and the corresponding supervisory scrutiny. While the UK’s pre-Brexit rules on SFTs and/or rights of reuse in part laid the ground for the EU rules, compliance therewith is also now back on the agenda of supervisors assessing how firms comply with the relevant requirements and best practices expected of them. That expectation applies both to “traditional” financial instruments and equally to those crypto-assets that in the EU, at least, qualify as MiFID financial instruments.

Given the above, financial services firms (both in the EU, the UK and further afield) engaging in SFTs (with retail clients but more broadly) will want to critically review their client-facing documentation, how and when they obtain consent and disclose information and ultimately whether they are in fact meeting all that is expected of them.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.  

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 750 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business.  

Moreover, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.   

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via or our website.