After voting to leave the European Union (EU) on June 24, 2016, the United Kingdom (UK) invoked the Article 50 of the Lisbon Treaty of European Union on March 29, 2017, indicating UK’s scheduled departure from the EU at 11 pm UK time on March 29, 2019. Recent BBC reports suggest that negotiations have now moved on to future relations, after an agreement was reached on the 21-month ‘transition’ period, to pave the way for smooth post-Brexit relations.
Among other things, Brexit spells considerable change for the way UK firms handle financial crime compliance for both, their UK as well as pan-EU operations. This is because aspects such as passporting rights and movement of people will depend on the UK-EU relationship model that would be adopted. To draw up this model, the UK can take inspiration from the ones pertaining in Norway, Swiss, Canada, and the World Trade Organization. Adopting one of these relationship models would provide the UK with several options: remain within the European Economic Area (EEA); become a member of the European Free Trade Association; join a customs union; or exit the single market entirely and negotiate with the EU as a member of the WTO.
Currently, the EU is implementing the Fourth Money Laundering Directive (transposed into Member States’ domestic legislation by June 26, 2017). As the UK’s AML legislation is normally considered to be more stringent than the EU norms, UK firms may not see much impact in this regard. However, UK branches of EU-based banks will have to become separate UK entities and can no longer be monitored centrally from the EU. In this scenario, the UK entity will have to set up a complete, independent AML programme. This may entail starting right from the scratch, i.e., drafting policies and procedures, building an AML platform, and establishing a compliance framework.
More critical would be the reverse scenario where AML monitoring for pan-EU operations of a UK-based bank is done out of the UK. This may not be a sustainable practice in the post-Brexit scenario that does not allow passporting rights and free movement of people. Further, there could be divergences in AML regulations (specifically on the sanctions front) between the EU and UK. The issue would also be complicated from the data availability perspective. As AML reviews require cross-border investigations, the restrictions with regard to movement, storage, and processing of data will pose a host of challenges.
Given the uncertainty around the post-Brexit scenario, there are no straight-forward solutions to the aforementioned challenges. Financial institutions could look at relocating their centralized units from the UK to EU regions. A Reuters report says that UK based banks are moving thousands of jobs from the UK to various locations in Europe such as Paris, Frankfurt, Amsterdam, and Dublin. Service providers or vendors with expertise and experience in the AML domain who have a presence in these locations could offer complete outsourcing support, partial resourcing support, and so on.
The ability of these service providers in managing the processes in multiple European languages could be a critical aspect. Further, financial institutions can utilize the opportunity to fine-tune their AML processes using industry leading consulting and analytics support programmes, such as process improvement consulting and false positive management using analytics, to ensure that a lot more efficient and cost effective AML programme is being migrated to the new location.
As regards the data aspect, the transfer of personal data from the EU to UK (or the reverse) could get tricky in the post-Brexit scenario. Given the locational and business proximities, it is expected that the UK and EU would have a legally valid arrangement in place for data sharing in mutual interest. In the interim, financial institutions could explore modifying their client contracts to allow data sharing within their jurisdictions, safeguarding them from money laundering threats and helping avoid legal action from clients.
Post Brexit, UK and EU regulations may require financial institutions to deploy different sanctions (negative lists of individuals or entities from anti-money laundering and combating financing of terrorism perspective). Any incongruence in these lists can facilitate fund routing to the sanctioned entities through available ‘relaxed’ regions. However, given the geographical proximity between the UK and EU, and for the sake of stability for the region as a whole, both regions should adopt well-aligned stances. Given the situation, it is desirable that financial institutions deploy both the negative lists as long as they can defend their position legally. Further, as such a stance would result in very high level of false positives (due to overlaps between the lists), financial institutions would need advanced analytical tool to make the screening programme effective. The technology solutions should include proper de-duping algorithms so that the consolidated list is kept to the minimum.
While the UK’s departure from the EU brings with it many uncertainties on various fronts, financial institutions have initiated changes, such as moving to non-UK locations, to be ready for any eventuality. Further, for financial institutions this is also an opportunity to review their processes, fine-tune them using automation and analytics tools, and establish more effective and efficient AML compliance programmes at the new locations. What do you think?