Brexit and Know Your Customer Compliance – What It Means for UK Firms Operating in Europe

The UK’s impending exit from the EU brings with it many new
decisions, functions, and costs for UK-based companies already
operating in or considering a move into the bloc. As of January
1st, Great Britain will be considered a ‘third country’ in its
relations with the EU, which will have significant implications for
financial institutions and other reporting entities’ business
models, structures, and compliance requirements.

Namely, companies must continue to meet national and
EU Anti-Money Laundering (AML) and Know Your Customer (KYC)
regulations. The ability to ‘passport’ UK legislation and
practices across the EU’s internal borders will no longer be
available to UK firms, and in order to meet equivalent standards
and regulations, businesses must fully prepare.

Rayissa Armata is the
head of regulatory affairs at IDnow

In this article Rayissa Armata, head of
regulatory affairs at
IDnow, looks at how
companies must find suitable partners and make adjustments where
they are needed.

While an EU member state, UK-based companies simply had to
demonstrate compliance by following and adhering to EU AML and KYC
regulations and law, even passporting into the EU. However, once
the Brexit transition period ends the UK will no longer have access
to simplified verification and enhanced due diligence checks will
be required to fulfil newer AML amendments and requirements.

UK companies that onboard customers in the EU will be required
to follow local laws and regulations specific to individual
countries. In doing so, they will also have to ensure that no
matter which country their customer is based in, their AML and KYC
regulatory standards meet or exceed those of the UK.

The degree of change for many companies in Britain and Northern
Ireland will depend on their current European footprint. For
businesses that are obliged under AML law, notably in the banking,
financial, insurances, mobility, telecoms, and online
entertainment/gaming sectors, several factors will need to be taken
into account in order to fully understand the scale and extent that
Brexit will affect their business. These include: 

  • Loss of Passporting – the establishment of
    automatic cross border provisions and services
  • Their Prudential Framework
  • Revisions to capital structures
  • Revisions to their legal entity structures
  • How to implement and learn of different AML and
    KYC regulations – Data Protection
  • Potential implications for holding or
    transferring data
  • Legal arrangements
  • Tax considerations
  • Restructuring client relationships

Loss of Passporting

Passporting allows a financial entity to establish a branch in
one EU member state in order to provide direct cross-border
services across the European Economic Area (EEA). Supervision is
primarily carried out by the home country unless specified.

After December 31st, authorisation requirements will need to be
met under European and Member State law. This means that UK firms
may need to get authorisation from competent authorities among EU
member states to access the EU market (i.e. setting up
subsidiaries). They will have to comply with both UK and host
country regulation to conduct regulated activities, and EU firms,
in turn, will need to become authorised by UK authorities to access
the UK market.

Relocation, relocation, relocation

As third country status begins, the UK government will have to
make significant efforts to develop new trade agreements with
individual member countries. Cross-border entities may have to
restructure, and UK entities are going to be impacted especially
considering the UK’s strength in investment banking, where
passporting has been critical across the EU. 

These changes may require significant changes to an entity’s
investments in capital, staff and infrastructure and as a
consequence, banks may need to transfer parts of their UK based
business to existing or new EU locations. 

KYC Obligations: Meeting compliance requirements
across EU AMLD5

For businesses in the banking and finance industry as well any
entities obliged to follow AML laws, KYC screening is compulsory.
Heavy fines and penalties leave little room for non-compliance, and
obliged industries must have measures and procedures in place to
meet these requirements. 

Within Europe, national AML laws can vary and UK businesses must
ensure they meet KYC procedures that are permissible in particular
member states. Members follow a combination of guidelines
established under the Financial Action Task Force (FATF) and
implementation of AML Directives, the latest being AMLD5 and the
upcoming AMLD6, and national AML Acts. 

While the 5th Directive was implemented before the UK’s Brexit
deadline, the UK will have to follow its own laws under its own
authorities. This forces all compliance operations to understand
what these differences are and how it will affect their
corporations’ business obligations.

This year, the 5th Directive introduced changes across several
EU member states, introducing stricter adherence for AML
legislation, widening the types of institutions that must comply
with AML law, amendments to the use of digital KYC solutions, and
cross border services for trust services under the eIDAS

Although the UK currently complies with legislation already in
force within the EU and will need to implement the 5th AML
Directive, member states and their regulators have variations in
their interpretation of how the rules are applied in their
jurisdictions. Corporations will need to review their existing
structures and determine how they can continue to serve existing
clients in the EEA.

Financial institutions routinely need to elevate their AML and
KYC standards in order to satisfy various requirements. For some
reporting entities, the differences in digital KYC compliance
results in significant uplifts and requires new partners to meet
such changes. (i.e. Video Identification in Germany vs automated
KYC in UK).

Money laundering, terrorist financing, drug trafficking, and
identity fraud continue to be real threats and efforts to combat
these risks have become stricter and more focused. Dangers in using
regulatory loopholes between member states existed prior to Brexit
and could pose even greater risks if entities such as banks,
financial institutions, online entertainments and e-commerce are
not prepared.

Data Privacy and GDPR

The exchange of customer data between corporations in the UK and
EU will mandate corresponding arrangements when it comes to data
protection and privacy. The EU has stated it is willing to grant
unimpeded access to UK-based financial corporations only if they
are subject to equivalent privacy and data laws.

UK businesses operating in the bloc should consider how they
will address data transfer in order to clarify any outstanding
issues. Financial and other reporting institutions should ask
themselves a number of questions:

  • Can your existing customer data be transferred
    to a new jurisdiction or will a new KYC profile need to be created
  • How will this impact your existing client
  • What are the costs involved to meet regulatory

Throughout this process, protecting the existing client
experience should be of paramount importance and any refresh of
client KYC data thanks to Brexit will be critical. A due diligence
process that is cost-effective and ensures a secure and
client-friendly process.

The critical role of the identity verification

Selecting the right identity verification partner for the
post-Brexit journey is critical. An identity
verification-as-a-service (IVaaS) provider that operates across
Europe and that has software built on some of the strictest
regulations, like those of Germany’s Federal Financial
Supervisory Authority, can easily meet European regulations to
onboard customers.

The post
Brexit and Know Your Customer Compliance – What It Means for UK
Firms Operating in Europe
appeared first on The Fintech Times.