FMA censures CTRL Investments for breaching client suitability and outsourcing requirements

  • Legal update

    04 March 2022

FMA censures CTRL Investments for breaching client suitability and outsourcing requirements Desktop Image FMA censures CTRL Investments for breaching client suitability and outsourcing requirements Mobile Image

The Financial Markets Authority (FMA) censured CTRL Investments Limited (CTRL Investments) for contravening the conditions of its licence conditions in relation to client suitability checks and outsourcing. The censure serves as a timely reminder for derivatives issuers (and other FMA license holders) to review their ability to demonstrate to the regulator that they have assessed client suitability and have conducted sufficient due diligence on providers before outsourcing any of its functions.

A link to the FMA’s media release is available here.

Who needs to read it? Why?

Licensed derivatives issuers should consider the censure and, more broadly, the FMA’s focus on whether derivatives issuers are complying with their licence obligations generally.

Other holders of FMA licenses including managed investment scheme managers, financial advice providers, discretionary investment management service providers and even financial markets supervisors (ie corporate trustees) should also consider whether the FMA could have similar concerns in relation to their systems and processes for outsourcing.

What does it cover?

The FMA considers that CTRL Investments materially contravened two standard conditions of its licence by:

  • allowing clients who did not understand derivatives and associated risks to trade; and
  • failing to comply with requirements for certain outsourcing arrangements.

The FMA has required CTRL Investments to remedy these issues and develop and carry out an action plan to be approved by the FMA.

Client suitability

Licensed derivatives issuers must, as a condition of their licence, ask retail investors to provide information about their knowledge, experience and understanding of the relevant derivative for the purpose of considering whether the derivative is suitable for the individual. Where an investor does not provide the information or does not have the ability to understand, the issuer must not enter into the derivative with the investor.

The FMA found instances of CTRL Investments providing the investor with a warning statement where the investor could not demonstrate the necessary skills and knowledge, as opposed to not entering into the trade.


Licensed derivatives issuers must, where they choose to outsource essential processes and systems, satisfy themselves that a third-party provider can perform the service to the standard required which enables the issuer to meet their licence obligations. All derivatives issuers must also have legally binding agreements with those third-party providers.

CTRL Investments outsources its account management, sales and onboarding functions to a third-party provider. However, the FMA considered that it could not demonstrate why it was satisfied the provider was capable of providing the services or that there was a legally binding agreement between the parties.

Our view

The censure of CTRL Investments acts as notice to all derivatives issuers of the FMA’s focus on whether derivatives issuers are meeting their licence obligations.

In particular, derivatives issuers can expect the FMA’s focus to be on the medium and high risk areas identified by the FMA in its 2020 Derivatives Sector Risk Assessment (Assessment). In the Assessment, the FMA identified, among other things, that there was a high risk that issuers were not taking reasonable steps to determine whether derivatives are suitable for retail investors and a medium to high risk that the oversight of outsourced functions may be inadequate.

We encourage all derivatives issuers to consider whether they can demonstrate that they are complying with the client suitability and outsourcing requirements as well as the other areas of concern identified by the FMA in its Assessment.

In particular, we consider that derivatives issuers should ensure that:

Client suitability checks
  • their client suitability checks include (among other things) consideration of a customer’s prior trading experience and understanding of the risk;
  • they keep written records of client suitability assessments made; and
  • their client suitability checks are proportionate to the risk of the derivative offered – for example, the FMA considers that cryptocurrency contracts for difference are not suitable for most retail investors;
  • they conduct due diligence on proposed outsource service providers;
  • they have legally binding and enforceable written agreements with outsource providers; and
  • their outsourcing arrangements include clauses which specify the standards of performance required, allow effective monitoring of an outsource provider’s performance, enable the issuer to take action where the provider has not performed to the required standard, and allow for periodic review to ensure that the arrangements continue to allow the issuer to meet its regulatory obligations.

Other FMA licensed entities should consider whether the FMA may have similar expectations in relation to their outsourcing arrangements.

Appropriately, expectations are less than for the systemic registered banks under the Reserve Bank BS 11 standard. It is now clear that the FMA is also turning its mind to how its licensees are able to meet their clients needs if essential services are outsourced.

What next?

If you have any questions in relation to the FMA’s recent censure or are considering how this event may affect your business, please contact one of our experts.