Back in 2016 when the concept of the United Kingdom’s exit from the European Union (“EU”) seemed like a fantastical proposition, the prospect of the referendum’s success let alone its implications seemed like a mystery. The question for financial institutions now becomes how to implement and maintain a newly-domesticated compliance framework in the face of regulatory uncertainty.
The larger focus for financial services will be on sustainability of domestic and international compliance frameworks for areas such as data, sanctions, and overall governance.
The UK has implemented a host of regulatory expectations in the past few years, from MiFID to the Senior Managers’ Regime. While those regulations will continue, financial services must continue to enmesh international laws with touch and concern to the UK in their programs.
Despite the UK’s exit from the EU, the parameters of the General Data Protection Regulation (“GDPR”) will continue to be enforceable. In fact, GDPR has been a primary area of international enforcement, with two UK-centric breaches in 2020 totaling in USD $56 million in penalties alone.
Similarly, despite infrequent enforcement actions for sanctions violations from the UK in the past few years (OFSI issued its first ever sanctions penalty in 2020 since its establishment four years prior), the UK Sanctions and Anti-Money Laundering Act of 2018 will continue to pose challenges for UK banks wishing to keep a foot in the international space.
In late December, the Financial Conduct Authority (“FCA”) issued the final Temporary Transitional Power (TTP) directions. Firms should be well-versed in the TTP directions, as they outline which regulations are expected to be maintained throughout the transaction and which have exemptions until the end of the transition period in March 2022. While these provisions apply to existing entities, the FCA was careful to note that the TTP does not apply to new European Economic Area entities seeking to onshore.
Business as Usual
As part of the EU, the UK would have historically been adhering to the framework of the EU’s Anti-Money Laundering Directives (“AMLD”). This would have been leveraged to set the framework for an anti-money laundering compliance program, from the “pillars” approach derived from the Financial Action Task Force (FATF) standards, to threshold for transaction monitoring.
From a practitioner’s perspective, the EU AMLD set basic criteria that were then enhanced or supplemented, as needed, at the country level. In the absence of those directives, the UK will now rely entirely on the Proceeds of Crime Act (“POCA”) and its interpretation by regulators to determine firms’ adherence to AML standards. The FCA has not had a particularly robust enforcement year in terms of AML enforcement, with only two notable penalties issued for compliance-related failures. In fact, the absence of such enforcement actions has been cited in the press as a relative laxity by the regulator.
Perhaps due to Brexit or exacerbated by it, the FCA has not made clear that AML compliance will be a priority over conduct-related enforcement in the coming year. Given the EU’s spate of Baltic-related fines and penalties, the first AML fine of 2021 may in fact be related to the same.
The Way Forward
There is, as was expected when Brexit was first announced, a bit of trailblazing to be expected in the next few years. The shifting regulatory expectations around conduct over AML and sanctions enforcements is suggestive, but not dispositive. While the FCA has recently provided a rulebook with post-Brexit expectations, unlike their peers in the US, wavers have been embedded with those expectations, some as far out as 2022. Perhaps drawing from their peers (subsidiaries and affiliates too) in the US, UK-based banks will need to leverage a far more conservative risk-based approach until the updated regulatory expectations become more certain.
In the meantime, new technology such as regulatory knowledge automation can help financial firms keep tabs on enforcements, updates, and rule changes as they are issued. Today, many firms continue to try to manage and synthesize this influx of information in the same ways that it always has — by increasing personnel to do the work manually.
INFOGRAPHIC: Regulatory Knowledge Automation, Explained
But missing even the finest detail within a body of regulation or rule amendment can be disastrous for a firm. Like the proverbial needle in the haystack, any obligation missed among the thousands of lines of regulatory information could have severe consequences come audit time.
Regulatory knowledge automation uses machine learning (ML) and natural language processing (NLP) to complete this work in mere minutes, at a fraction of the cost, and with greater accuracy than manual efforts.
For more information about RegTech, regulatory knowledge automation, and articles like these, subscribe to our monthly Cliff Notes newsletter.