What the UK election result means for compliance

Understanding the impact of the Conservative landslide

Many would have thought Boris Johnson’s victory in the 2019 general election would bring some certainty to British politics. The UK will be leaving the European Union on 31 January 2020 for one thing. But for compliance departments, uncertainty is actually the most evident outcome of the election.

Issues that had long been on the regulatory agenda, such as IR35, whistleblowing, ePrivacy, GDPR and even money laundering, could all now be subject to the details of the free trade deal the UK government now must start negotiating with the EU. Otherwise, the UK will default to a no-deal scenario at the end of the transition period, currently set for 31 December 2020.

What were the compliance-related commitments of the Conservative Party?

Although rather light on detail, there are a few key compliance-related commitments the Tories want to deliver. 

There’s likely to be a new tax avoidance and evasion law, which would consolidate existing legislative measures and double the maximum prison term to 14 years for tax fraud. New mothers are expected to get increased protection from redundancy on their return to work, and we’re still awaiting the government’s response to a consultation on strengthening the law against sexual harassment in the workplace.

You can download our Regulatory Agenda – Election 2019 Special, for more detail on what the Conservatives promised.

What impact will leaving the EU have on compliance?

The key promise of the manifesto was, of course, getting Brexit done. Leaving the EU at the end of January will have an immediate impact across various areas of compliance.

Goodbye EU GDPR, hello UK GDPR

From Exit Day, the Data Protection, Privacy and Electronic Communications (EU Exit) Regulations will come into effect. This will result in hundreds of changes to both the GDPR text under UK law and the Data Protection Act 2018.

All these amendments are identified in a Keeling Schedule – an unofficial document that will outline British data protection law until the government implements a Data Protection Consolidation Act. 

While the effect of the law is likely to remain broadly similar; all EEA countries are recognised as adequate, all Binding Corporate Rules and EU Standard Contractual Clauses will also be valid; the change does set the stage for significant UK divergence from the EU’s GDPR in the near future.

The most immediate change is which piece of legislation to refer to. ‘Applied GDPR’ disappears in favour of the UK’s version of GDPR, and until these bits of statute are consolidated, the Keeling Schedule should be every information officer’s main point of reference. 

Brexit and the ePrivacy debate

A new ePrivacy regulation was meant to come into force along with GDPR back in May 2018. But that never happened, because the EU was unable to agree to a new text. The Finnish Presidency of the EU tried and failed 10 times in the second half of 2019 to reach an agreement, and the Croatian Presidency in the first half of 2020 will try once again.

During the transition period, from the day the UK leaves the EU and until a new trading agreement is reached, the UK is supposed to implement all new EU laws. Depending on the date of implementation of the ePrivacy regulation, the UK may not have to apply it. If the ePrivacy regulation is implemented during this period, thereby technically requiring the UK to implement it as well, the government could decide to delay it, ignore it, revoke it, or stick to it.

Hold your whistles?

The EU adopted a new Whistleblowing Directive on 7 October 2019. It lays down minimum standards for whistleblower protection and company procedures that member states must incorporate into national law by October 2021. 

Barring an explicit requirement in the resulting UK-EU free-trade agreement to implement this directive, it remains to be seen whether the UK will decide to legislate for it. Since it lays additional burdens on private companies, this could be the sort of EU legislation the government prefers to drop.

In fact, in a recent letter to the House of Commons’ European Scrutiny Committee, the UK government addressed the fact that it would not implement the Whistleblowing Directive. Rather, they will review the UK’s own whistleblowing framework, “once the recent [EU] reforms have built the necessary evidence of their impact.”

Will Brexit spell the end of the AML directives?

The Fifth Directive was due to be implemented into UK law by 10 January 2020. This is only a few weeks prior to Exit Day, and given the lack of draft legislation at present, a commitment to pass EU withdrawal legislation before Christmas, and an existing Sanctions and Money Laundering Act designed to Brexit-proof the UK regime, the government could very well decide that implementing the Fifth Directive is not a priority.

The Sixth Directive was due to be implemented into national law by 3 December 2020. While the UK anti-money laundering regime already complies with a great deal of it, the Sixth Directive called for the introduction of a new corporate offence for failing to prevent money laundering, which is not included in the UK regime.

The UK already has a few corporate ‘failure to prevent’ laws on the books in the form of failure to prevent bribery and tax evasion. Whether the UK is required to implement this new failure to prevent money laundering rule will depend on the status of the transition period at the time, and could also depend on what the government decides to do about the Fifth Directive.

Will the government delay IR35?

IR35, the law requiring contractors disguised as employees to pay increased tax, was due to be rolled out to the private sector in April 2020. This might now be subject to change. During the election campaign, the Chancellor Sajid David said the Conservatives would look again at the rules. Labour and the Liberal Democrats have also pledged to review IR35 before its planned implementation.

The policy change is likely to net the Treasury an additional £1.3bn, so whether pre-election promises turn into concrete changes remains to be seen. Nevertheless, businesses are well advised to continue preparations for IR35.

What next?

VinciWorks will be publishing an updated Regulatory Agenda following the next Queen’s Speech.