Will Brexit Affect the Fourth Money Laundering Directive?

Probably not. Here are four reasons why.

The problemBrexit Money Laundering Terrorist Financing

In the immediate wake of Brexit, there was considerable confusion surrounding the details and ramifications of the UK leaving the European Union. That confusion is unlikely to dissipate any time soon. Regulatory uncertainty will be a reality until the ink has dried on a separation agreement.

Money laundering laws under Brexit are particularly flummoxing. The EU’s Fourth Anti-Money Laundering Directive came into force in June 2015. It requires European member states to update their respective money laundering laws and “transpose” the new requirements into local law by 26 June 2017.

This timetable for transposition, aligning UK and EU law, clashes head on with the timetable for Brexit.

The Fourth Money Laundering Directive includes some fundamental changes to the anti-money laundering procedures, including changes to CDD, a central register for beneficial owners and a focus on risk assessments.

The question on every risk manager’s mind is: should we prepare for these changes and modify internal procedures? Here are four reasons why the answer is yes.

1. Brexit won’t happen in time

The process of Brexit begins only after the British government invokes a provision of the
European Union’s governing treaty known as Article 50. Once Article 50 is invoked, the EU and Britain have two years to finalise the details of their divorce. Even if Article 50 is invoked tomorrow, Brexit will not officially happen until late 2018.

During the period before Brexit, the UK remains a full member state, with all of the regulatory requirements of a European nation.

The deadline for modifying UK law to abide by the Fourth Directive is a full year before the best case scenario for Brexit. Officials from HM Treasury have indicated in the past that they are prepared for transposition. They plan to update two laws just before the deadline: the Money Laundering Regulations and the Proceeds of Crime Act.

Therefore the implementation of the Fourth Directive will be required for at least the year that Brexit money laundering terrorist financingthe UK is part of the EU. For that period the laws must change and AML procedures at companies will follow the new law.

Once Brexit occurs, it is unlikely that legislators will have the patience to revert the law back to its previous form and appear weak on financial crime.

 

2. Fourth Directive stems from FATF (of which the UK is a member)

The Fourth Directive stems from the latest recommendations of the Financial Action Task Force(FATF), an inter-governmental body that develops and promotes policies to combat money laundering and terrorist financing. The UK are members of the FATF and therefore bound by its AML rules. So the UK would still need to abide by the FATF’s requirements regardless of Brexit.

3. FATF evaluators are coming in 2018

The FATF Mutual Evaluation of the UK is due to take place in 2018, which could coincide with the UK actually leaving the EU. Any perceived deviation in UK AML standards due to Brexit could have a negative impact on the FATF’s country report.

4. The UK are leaders in AML, not laggers

The UK has often been ahead of the European curve on AML legislation. In many cases it has ‘gold plated’ the EU legislation, for example it has adopted an ‘all crimes approach’ to AML regulation, so there is no minimum offence level below which offences need not be reported.

The UK already has its measures in place to increase transparency of beneficial ownership of companies. The London Anti-Corruption Summit in May 2016 showed Britain’s willingness to not only lead the way in setting up a public register of beneficial ownership, but also to encourage other countries to create their own registers. Now, any foreign company that wants to buy property in the UK or bid for government contracts will be required to publicly disclose their ultimate beneficial owner.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.