1 Markets and Securities Services | International

AS NEW TECHNOLOGIES CONTINUE TO DISRUPT, LAWMAKERS PREPARE TO BYTE

As digital technologies continue to change all aspects of our working and non-working lives, governments and regulators around the world are looking at the upsides and downsides of new technologies and are asking themselves whether they should be influencing fintechs to not just move fast and break things but to move faster and fix the planet.

We are in the midst of a new .1 the overworking of child labourers in some 3,000 textile mills in Britain. As with previous industrial revolutions, the status quo is being challenged by disrupters: innovative More recently, the flash crash of May 2010, where companies and individuals devising new ways the Dow Jones Industrial Average fell more to do existing tasks faster, cheaper and more than 1,000 points in 10 minutes and is said to efficiently using new technologies. From steam have been exacerbated by , in the late 18th century, through electricity in the resulted in regulators enhancing market circuit 19th to the development of computers during the breakers (originally introduced after 1987’s Black second half of the 20th, technology has changed Monday) and influenced the European Union’s the way we work and live and continues to do so. approach to algorithmic trading in MiFID II.

The almost unfettered development of new Through 240 years of industrial and technological technologies has created great wealth but not progress, regulation has almost always been without causing harm. During the first industrial reactive, restricting practices that have already revolution as farms became industrialised caused harm or have shown the potential to do so. and as factories opened, so people moved to increasingly overcrowded cities where they encountered poor living and working The approach is changing conditions. Unprecedented pollution arose as In recent years, governments and regulators more and more countries industrialised (it’s no have become proactive. They have seen the coincidence that atmospheric carbon dioxide is spread of technologies that have the power measured against preindustrial levels) and as to link and unite people throughout the world. working life relied less on physical exertion and They have seen the spread of online global more on machines and food became cheaper, commerce. Advances in artificial intelligence processed and more plentiful, so diseases linked (AI), robotics and the internet of things (IoT) to obesity, such as heart disease, diabetes and improving the lives of many. Even the ongoing certain forms of cancer, increased. covid pandemic has demonstrated the need for stable infrastructure and operational resilience. So for all the good technology can do — for How many of us have, at least once, cursed example, advances in medicines, improving our internet provider for slow or non-existent social mobility, enhanced wealth and quality of connection over the past eight months? life — it can also cause harm. But governments and regulators are also In response, governments and regulators recognising the harm these advances can introduced laws and regulations in an attempt cause. They have seen social media companies, to protect society against the downsides of with access to over half the world’s population, technological advances, usually after those maliciously used to spread false information. downsides had already made an impact. For They have seen unconstrained industrialisation example, the United Kingdom introduced the damaging the environment. Advances in AI, Factories Act 1833 in response to injuries and Global Trustee and Fiduciary Services News & Views | Issue 54 | 2021 2 robotics and the IoT have the potential to deceive have an impact on the efficiency of financial and to further disenfranchise those in society who markets and could result in consumer harm. do not have access to the latest technologies. And the ongoing pandemic has given rise to a new IOSCO’s industry engagement revealed that breed of criminal, preying on people’s fear and the evolution and increasing adoption of AI isolation through telephone and online scams.2 and ML may raise a number of conduct (either intentional or unintentional) concerns for market As a result, governments and regulators are intermediaries and asset managers, including: looking at current trends in technology and are attempting to predict the potential harms and • Governance and oversight introduce regulations to prevent them. For example, • Algorithm development, testing and ongoing regulators like the UK Financial Conduct Authority monitoring (FCA) have created Sandboxes, where fintechs • Data quality and bias can demonstrate their systems in a controlled environment while regulators see if they comply • Transparency and explainability with existing regulations or whether new or • Outsourcing adapted regulations require development. Globally, • And ethical concerns the FCA has joined with over 50 organisations in the Global Financial Innovation Network, with a As a result of this engagement and building on commitment to support financial innovation in the previous work, IOSCO has proposed guidance interests of consumers. And on top of that, some that seeks to address the potential risks and regulators are looking at how regulation can be harms that may be caused by the use of AI used to ensure new technologies benefit society and ML by market intermediaries and asset and contribute to the zero-carbon economy. managers and looks to help ensure that market intermediaries and asset managers have:

The global view • Appropriate governance, controls and oversight On 25 June 2020, the International frameworks over the development, testing, use Organization of Securities Commissions (IOSCO) and performance monitoring of AI and ML. published a consultation paper on the use • Staff with adequate knowledge, skills and of AI and machine learning (ML) by market experience to implement, oversee, and 3 intermediaries and asset managers. challenge the outcomes of the AI and ML.

The aim of the consultation is to assist IOSCO • Robust, consistent and clearly defined members in providing appropriate regulatory development and testing processes to enable frameworks on the supervision of market firms to identify potential issues prior to full intermediaries and asset managers that utilise deployment of AI and ML. 4 AI and ML. • And appropriate transparency and disclosures to their investors, regulators and other IOSCO acknowledges that although the use of relevant stakeholders. AI and ML may create significant efficiencies and benefits for firms and investors, including The proposed guidance consists of six measures increasing execution speed and reducing the cost that reflect expected standards of conduct by of investment services, their use may also create market intermediaries and asset managers or amplify certain risks, which could potentially using AI and ML. 3 Markets and Securities Services | International

IOSCO proposed guidance on the use of AI and ML by market intermediaries and asset managers

Measure 1 Regulators should consider requiring firms to have designated senior management responsible for the oversight of the development, testing, deployment, monitoring and controls of AI and ML. This includes requiring firms to have a documented internal governance framework, with clear lines of accountability. Senior Management should designate an appropriately senior individual (or groups of individuals), with the relevant skill set and knowledge to sign off on initial deployment and substantial updates of the technology.

Measure 2 Regulators should require firms to adequately test and monitor the algorithms to validate the results of an AI and ML technique on a continuous basis. The testing should be conducted in an environment that is segregated from the live environment prior to deployment to ensure that AI and ML: (a) behave as expected in stressed and unstressed market conditions; (b) operate in a way that complies with regulatory obligations.

Measure 3 Regulators should require firms to have the adequate skills, expertise and experience to develop, test, deploy, monitor and oversee the controls over the AI and ML that the firm utilises. Compliance and risk management functions should be able to understand and challenge the algorithms that are produced and conduct due diligence on any third-party provider, including on the level of knowledge, expertise and experience present.

Measure 4 Regulators should require firms to understand their reliance and manage their relationship with third-party providers, including monitoring their performance and conducting oversight. To ensure adequate accountability, firms should have a clear service level agreement and contract in place clarifying the scope of the outsourced functions and the responsibility of the service provider. This agreement should contain clear performance indicators and should also clearly determine sanctions for poor performance.

Measure 5 Regulators should consider what level of disclosure of the use of AI and ML is required by firms, including:

a) Regulators should consider requiring firms to disclose meaningful information to customers and clients around their use of AI and ML that impact client outcomes. b) Regulators should consider what type of information they may require from firms using AI and ML to ensure they can have appropriate oversight of those firms. Measure 6 Regulators should consider requiring firms to have appropriate controls in place to ensure the data that the performance of the AI and ML is dependent on is of sufficient quality to prevent biases and sufficiently broad for a well- founded application of AI and ML. Global Trustee and Fiduciary Services News & Views | Issue 54 | 2021 4

Europe’s global ambitions • And the expansion of Europe’s supercomputing capacity to develop innovative solutions for On 19 February 2020, the European Commission medicine, transport and the environment. (EC) published its plans for shaping Europe’s 5 Digital Future. A fair and competitive digital economy Defined as a frictionless single market, where The EC has recognised the impact modern companies of all sizes and in any sector can technology is having on daily life and has laid compete on equal terms and develop, market out plans not just to regulate the application of and use digital technologies, products and technologies but also to promote Europe as a services at a scale that boosts their productivity global role model for the digital economy, based and global competiveness, and where consumers on three streams of action: can be confident that their rights are respected.

Technology that works The EC’s key actions include: for people • A European Data Strategy, published 19 February 2020, to make Europe a global leader in the A fair and competitive data-agile economy, a legislative framework digital economy for data governance and a possible Data Act. • An Industrial Strategy Package putting forward a And an open, democratic range of actions to facilitate the transformation and sustainable society towards clean, circular, digital and globally competitive EU industries, including SMEs and Technology that works for people the reinforcement of single market rules. Defined as the development, deployment • Create a framework to enable convenient, and uptake of technology that makes a real competitive and secure digital finance, difference to people’s daily lives and a strong including legislative proposals on crypto and competitive economy that masters and assets, and on digital operational and cyber shapes technology in a way that respects resilience in the financial sector and a European Values. The EC’s key actions include: strategy towards an integrated EU payments • A Digital Education Action Plan to boost market that supports pan-European digital 8 digital literacy and competencies at all levels payment services and solutions. of education and a reinforced Skill Agenda to • And delivering a new Consumer Agenda that will strengthen digital skills throughout society.6 empower consumers to make informed choices • A European Cybersecurity Strategy, including and play an active role in digital transformation. the establishment of a joint cybersecurity The EC’s ambitious and wide-ranging plan seeks to unit, a review of the of Network and leverage off the European Union’s regulatory power, Information Systems Directive (NIS), and reinforced industrial and technological capabilities promoting a single market for cybersecurity. and diplomatic strengths to advance the European • Ensuring AI is developed in ways that respect approach and shape global interactions. The EC cites people’s rights and earn their trust, including the success of the EU data protection regime which a White Paper setting out options for a has been mirrored by countries around the world. legislative framework for trustworthy AI published on 19 February 2020.7 An open, democratic and sustainable society Defined as a trustworthy environment in which • Accelerating investments in Europe’s gigabit citizens are empowered in how they act and connectivity through a revision of the Broadband interact, and of the data they provide both Cost Reduction Directive, an updated Action Plan on- and offline, and a European way to digital on 5G and 6G, and a new Radio Spectrum Policy transformation that enhances democratic values, Programme. 5G corridors for connected and respects fundamental rights, and contributes automated mobility, including railway corridors, to a sustainable, climate neutral and resource will be rolled out between 2021 and 2030. efficient world. The EC’s key actions include: 5 Markets and Securities Services | International

• The use of technology to help Europe become • Empower European citizens with better climate neutral by 2050. Named Destination control and protection of their data. Earth, the initiative includes the development of a • Create a European health data space to foster high-precision model of Earth (its “Digital Twin”) targeted research, diagnosis and treatment. that would improve Europe’s environmental prediction and crisis management capabilities. • Fight disinformation online and foster diverse and reliable media content, including • Reduction of the digital sector’s carbon guidelines to help member states implement emissions through a circular electronics the revised Audiovisual Media Services initiative, mobilising existing and new Directive, published on 2 July 2020.10 instruments in line with the policy framework for sustainable products of the circular • And initiatives to achieve climate-neutral, economy action plan, published on 11 March highly energy efficient and sustainable 2020, to ensure devices are designed for data centres by no later than 2030 and durability, maintenance, dismantling, reuse and transparency measures for telecoms recycling and including the right to repair or operators on their environmental footprint. upgrade to extend the lifecycle of electronic devices and to avoid premature obsolescence.9

A Renewed Sustainable Finance Strategy and the development of digital tools In a joint letter following the EC’s public consultation on a Renewed Sustainable Finance Strategy, the European Supervisory Authorities (ESAs) provided their thoughts on other areas of focus that they would like to see development in.11 One of these related to the development of digital tools.

The ESAs strongly believe in the potential for digital tools. In particular, they discuss the establishment of a publicly accessible, single EU data platform, covering financial and environmental, social and governance (ESG) information. In their view this would grant all market participants with equal and timely access to publicly reported information.

The availability of financial and ESG information through a single gateway is also mentioned by the ESAs as preventing potential overlaps or inconsistencies in ESG reporting.

The ESAs feel that the comparability and reliability of ESG data will only improve if clear and sufficiently granular taxonomies for “green”, “brown” and “social” activities are developed and consistently implemented by financial services, together with common and uniformly enforced ESG-related disclosure standards for companies, as already signalled in the ESAs’ responses to the EC’s consultation on a revision of the Non-Financial Reporting Directive.

Global approach As a complement to the above and to other topics discussed, the ESAs highlight that while much can be achieved at EU level, both financial markets and sustainability challenges are by their nature global, and global approaches must therefore be sought. Worldwide initiatives, such as global disclosure standards, in fora such as IOSCO, the Basel Committee on Banking Supervision, the International Association of Insurance Supervisors, the Network for Greening the Financial System, and the European Commission’s International Platform on Sustainable Finance, would help to enhance further international cooperation to promote regulatory convergence at international level, thereby preventing potential negative spill-overs from policy fragmentation and limiting arbitrage opportunities. Global Trustee and Fiduciary Services News & Views | Issue 54 | 2020 6

Singapore: The Smart Nation Digital Society Digital inclusion is about ensuring all citizens Despite the breadth of the European plans, have access to technology that can enhance they lag behind Singapore and its Smart everyday lives, and equipping people with the Nation programme. Launched in 2014, when skills and know-how to use technology safely Singapore was already a world leader in digital and confidently. infrastructure, Smart Nation aims to create a nation where people live meaningful and Since the launch of Smart Nation, the fulfilled lives, enabled seamlessly by technology, government of Singapore has published 12 offering exciting opportunities for all. extensive plans for its implementation, with key milestones from 2019 to 2021 and Smart Nation’s goals are supported by three beyond. In addition to its domestic plans, the pillars: Digital Economy, Digital Government government of Singapore recognises that the and Digital Society.13 digital future is a global issue, and as a result it Digital Economy helped form the ASEAN Smart Cities Network, The Smart Nation vision is to build a vibrant a collaborative platform where its 26 members economy that is attractive to foreign investment, exchange best practice and urban solutions with good opportunities for Singaporeans. The and aims to adopt an inclusive approach to aim is to digitalise industries to increase business smart city development that is respectful of efficiency, and create new jobs and opportunities. human rights and fundamental freedoms as inscribed in the ASEAN Charter.14 Digital Government Here the aim is to create a government that uses data, connectivity and computing Up in the cloud decisively to transform the way citizens and Outsourcing has become an important part of businesses are served, and the way public the financial industry. Over the past 30 years, the officers are enabled to contribute fully to their trend for asset management firms to outsource work. The Digital Government should be able virtually all their functions to outsource service to automate work where possible in order to providers has become the norm, and as this provide a personal touch in a way that enriches new industry has grown so it has attracted the the citizen’s experience. attention of technology firms with no previous experience in financial services. 7 Markets and Securities Services | International

Both ICOSCO and the European Securities and Markets Authority (ESMA) published proposed guidance on the oversight of outsource service providers during the first half of 2020.

IOSCO’s proposed guidance, published on 28 May 2020 and an extension of its existing Principles on Outsourcing by Markets, is technology neutral and does not address the use of cloud outsource providers directly. However, IOSCO acknowledges that outsourced tasks are, in parts of some markets, concentrated in a small number of highly specialised, often IT-based companies and that disruption to the functioning of these companies could constitute a source of risk.15

ESMA, on the other hand, published on 3 June 2020 a consultation paper on guidelines that specifically address the risks associated with the outsourcing of functions to cloud service providers.16 ESMA identified the need to develop guidance on outsourcing to cloud service providers following the EC’s Fintech Action Plan and feedback received from firms and stakeholders. The purpose of the guidelines is to provide guidance on the outsourcing requirements applicable to firms where they outsource to cloud service providers. The guidelines are intended to help firms identify, address and monitor the risks that may arise from their cloud outsourcing arrangements and cover:

• Making the decision to outsource. • Selecting a cloud service provider. • Monitoring outsourced activities. • And providing for exit strategies.

ESMA has built on the work previously done by the EBA and EIOPA to ensure the risks associated with cloud outsourcing are addressed consistently across the European System of Financial Supervision.

The US SEC shines a light on potential areas of concern In the United States, the Securities and Exchange Commission (SEC) issued a Risk Alert on 12 August 2020 detailing some of the findings of the Office of Compliance Inspections and Examinations (OCIE) during the pandemic.17 One of the areas for concern identified by the OCIE is the protection of sensitive information. OCIE staff have observed that firms are Global Trustee and Fiduciary Services News & Views | Issue 54 | 2021 8 requiring personnel to use videoconferencing The lawmakers have seen the disruption and other electronic means to communicate new technologies can bring and they like it while working remotely. and they want to be involved, but they are sharpening their teeth to ensure the benefits However, despite their usefulness, these far outweigh the costs. applications have, in the opinion of the OCIE, created risks in relation to potential loss of sensitive information, including personally Matthew Cherrill identifiable information, due to remote access to Senior Fiduciary Technical Analyst networks and the use of web-based applications, Global Trustee and Fiduciary Services, Citi the use of personal devices, and changes in Amanda Hale controls over physical records, such as sensitive Head of Regulatory Services documents printed at remote locations. Global Trustee and Fiduciary Services, Citi As a result, the OCIE believes that there are more opportunities for fraudsters to use phishing and other means to improperly access 1 For the purpose of this article, we are using the generally systems and accounts by impersonating firms’ accepted view that we are currently in the 4th Industrial personnel, websites and/or investors. Revolution, one of advances in AI, big data, robotics, IoT, blockchain and crypto. The previous Industrial Revolutions were: 1st, steam; 2nd, steel, oil, electricity and combustion engines; and 3rd, personal computers and the internet.

Digital sector at the forefront 2 See Fake FCA emails, websites, letters and phone calls, of regulator’s minds at www.fca.org.uk. 3 As we have seen, globally governments and At www.isoco.org. regulators have identified that a technological 4 ISOCO defines AI as a combination of mass data, sufficient future could benefit all life on Earth but not computing resources and machine learning. ML is a subset of AI, which can be defined as a method of designing a sequence without controls. The downsides of AI, IoT of actions to solve a problem, which optimise automatically and Big Data are known and regulations are through experience — with or without human intervention. being developed to restrict their use, ensuring 5 See Shaping Europe’s Digital Future, at ec.europa.eu. developments are in the best interests of global 6 A public consultation on a new Digital Action Plan was held citizens and the planet. between 18 June and 4 September 2020. Feedback can be read, at ec.europa.eu. The global pandemic has demonstrated just 7 See White Paper on Artificial Intelligence — A European how much we rely on technology and how approach to excellence and trust at ec.europa.eu and for fast an individual firm’s infrastructure can be more information on the approaches regulators are taking improved to ensure sections of the economy towards trustworthy AI see our earlier article “A Question of Trust: Ethics and Artificial Intelligence” in Issue 53 of can be maintained. At the outset of the Global News & Views at www.citibank.com. pandemic, firms had to prioritise operational 8 A public consultation on a new digital finance strategy for needs to ensure that they were able to keep Europe/fintech action plan was held between 3 April and their core business activities going. 2 June 2020. For feedback see ec.europa.eu.

9 See Circular Economy Action Plan For a Cleaner and More But this has not come without consequences. Competitive Europe, at ec.europa.eu. As previously stated, the increased use of personal 10 See the Audiovisual Media Services Directive (AVMSD) devices to access usually office-based systems webpage, at ec.europa.eu. and applications has reportedly aided in the 11 See Public consultation on a Renewed Sustainable Finance increase in cybercrime. As a result, companies and Strategy, at www.esma.europa.eu. individuals will need to think about longer-term 12 See speech by Prime Minister Lee Hsien Loong at Smart adjustments to working practices and culture. Nation launch, 24 November 2014, at www.smartnation.gov.sg.

13 However, further regulatory input will be See Pillars of Smart Nation, at www.smartnation.gov.org. needed, ensuring that both newly emerging risks 14 See asean.org. and changing priorities can be encapsulated. 15 See Principles on Outsourcing Consultation Report, Governments and regulators are working to at www.iosco.org. ensure the fourth industrial revolution results in 16 See Consultation Paper: Draft Guidelines on Outsourcing a cleaner, healthier planet where citizens’ rights to Cloud Services Providers, at www.esma.europa.eu. come before corporate gain, while still promoting 17 See Risk Alert: Select COVID-19 Compliance Risks and innovation and the entrepreneurial spirit. Considerations for Broker-Dealers and Investment Advisers dated 12 August 2020, at www.sec.gov. CONTACTS

If you would like to comment on any of the articles covered in this edition of Global Trustee and Fiduciary Services News and Views, share ideas for future content or write an article in the next issue, contact Amanda Hale, Andrew Newson or Matthew Cherrill at [email protected].

INTERNATIONAL LUXEMBOURG David Morrison Patrick Watelet Global Head of Trustee and Fiduciary Services Head of Fiduciary Services, Luxembourg [email protected] [email protected] +44 (0) 20 7500 8021 +352 451 414 231

Amanda Hale Pascale Kohl Head of Regulatory Services Fiduciary Relationship Manager [email protected] [email protected] +44 (0) 20 7508 0178 +352 451 414 279

Ann-Marie Roddie Ulrich Witt Head of Product Development Fiduciary Relationship Manager [email protected] [email protected] +44 (0) 1534 608 201 +352 451 414 520

ASIA SWEDEN Caroline Chan Johan Ålenius APAC Head of Fiduciary Services Head of Swedish Fiduciary Services [email protected] [email protected] +852 5181 2602 +46 8 723 3529

Stewart Aldcroft Chairman Cititrust Limited UNITED KINGDOM [email protected] Thérèse Craig +852 2868 7925 Head of Trustee and Fiduciary Services — Edinburgh [email protected] EUROPE +44 (0) 131 524 2825 Shane Baily Richard Thomas EMEA Head of Fiduciary Services Head of Trustee and Fiduciary Services — London UK, Ireland and Luxembourg [email protected] [email protected] +44 (0) 20 7508 4880 +353 1 622 6297 Fiona Craig Jan-Olov Nord Fiduciary Client Manager EMEA Head of Fiduciary Services [email protected] Netherlands and Sweden +44 (0) 131 524 2881 [email protected] Rhiannon Jones +31 20 651 4313 Fiduciary Client Manager [email protected] IRELAND +44 (0) 20 7500 8576 Finola Feely Head of Fiduciary Services, Ireland REGULATORY SERVICES TEAM [email protected] Andrew Newson +353 1 622 0991 Senior Fiduciary Technical Analyst [email protected] NETHERLANDS +44 (0) 20 7500 8410 Petra Daaleman Matthew Cherrill Fiduciary Services Netherlands Senior Fiduciary Technical Analyst [email protected] [email protected] +31 20 651 4309 +44 (0) 20 7500 3382 www.citibank.com/mss The market, service, or other information is provided in this communication solely for your information and “AS IS” and “AS AVAILABLE”, without any representation or warranty as to accuracy, adequacy, completeness, timeliness or fitness for particular purpose. The user bears full responsibility for all use of such information. Citi may provide updates as further information becomes publicly available but will not be responsible for doing so. The terms, conditions and descriptions that appear are subject to change; provided, however, Citi has no responsibility for updating or correcting any information provided in this communication. No member of the Citi organization shall have any liability to any person receiving this communication for the quality, accuracy, timeliness or availability of any information contained in this communication or for any person’s use of or reliance on any of the information, including any loss to such person. This communication is not intended to constitute legal, regulatory, tax, investment, accounting, financial or other advice by any member of the Citi organization. This communication should not be used or relied upon by any person for the purpose of making any legal, regulatory, tax, investment, accounting, financial or other decision or to provide advice on such matters to any other person. Recipients of this communication should obtain guidance and/or advice, based on their own particular circumstances, from their own legal, tax or other appropriate advisor. Not all products and services that may be described in this communication are available in all geographic areas or to all persons. Your eligibility for particular products and services is subject to final determination by Citigroup and/or its affiliates. The entitled recipient of this communication may make the provided information available to its employees or employees of its affiliates for internal use only but may not reproduce, modify, disclose, or distribute such information to any third parties (including any customers, prospective customers or vendors) or commercially exploit it without Citi’s express written consent. Unauthorized use of the provided information or misuse of any information is strictly prohibited. Among Citi’s affiliates, (i) Citibank, N.A., London Branch, is regulated by Office of the Comptroller of the Currency (USA), authorised by the Prudential Regulation Authority and subject to regulation by the Financial Conduct Authority and limited regulation by the Prudential Regulation Authority (together, the “UK Regulator”) and has its registered office at Citigroup Centre, Canada Square, London E14 5LB and (ii) Citibank Europe plc, is regulated by the Central Bank of Ireland, the European Central Bank and has its registered office at 1 North Wall Quay, Dublin 1, Ireland. This communication is directed at persons (i) who have been or can be classified by Citi as eligible counterparties or professional clients in line with the rules of the UK Regulator, (ii) who have professional experience in matters relating to investments falling within Article 19(1) of the Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 and (iii) other persons to whom it may otherwise lawfully be communicated. No other person should act on the contents or access the products or transactions discussed in this communication. In particular, this communication is not intended for retail clients and Citi will not make such products or transactions available to retail clients. The information provided in this communication may relate to matters that are (i) not regulated by the UK Regulator and/or (ii) not subject to the protections of the United Kingdom’s Financial Services and Markets Act 2000 and/or the United Kingdom’s Financial Services Compensation Scheme. © 2021 Citibank, N.A. (organized under the laws of USA with limited liability) and/or each applicable affiliate. All rights reserved by Citibank, N.A. and/or each applicable affiliate. Citi, Citi and Arc Design and other marks used herein are service marks of Citigroup Inc., used and registered throughout the world. GRA32230 01/21