With the latest and supposedly final, Brexit deadline of October 31st 2019 now just days away, it’s extraordinary, to say the least, how hard it remains to offer any definitive guidance on a change with such profound implications for the UK financial services sector.
Sometime in the very near future, we may learn that we’re leaving with ‘a deal’ (and hence a transitional period), leaving with no agreement in place, moving into another extension period, or even – just conceivably – not leaving at all.
The Government’s advice to businesses roughly translates as ‘be prepared for all eventualities’. The FCA is doing its best to contend with this unprecedented degree of uncertainty and to issue appropriate guidance – some of which we review below.
Preparing for Brexit
The European Union (Withdrawal) Act 2018 will translate current EU legislation into UK law from the moment we withdraw. From that point onwards, however, the UK government has the power to amend this legislation as it deems that circumstances require it. This creates something of a moving target for both regulator and regulated. The FCA has set out its position on legislative change on a page on its website first published last year.
When it last updated its guidance on Preparing your firm for Brexit, on 11 September this year, the FCA focused on issues around passporting, data sharing, and preparing customers for how Brexit might affect them. It also set out how it intends using the temporary transitional power granted it by the Treasury to apply a degree of flexibility in enforcing post-Brexit requirements. The regulator’s proposed transitional provisions specifically exclude a range of regulated firms and individuals – including those subject to the MiFID transaction reporting regime and those subject to EMIR reporting obligations.
In a press release issued on 11 October, the FCA returned with some urgency to the MiFID and EMIR reporting requirements that will face affected firms from day one, stressing that they should be ‘as prepared as possible if there is a no-deal exit, and be aware of what they need to do.’
With the possibility of an imminent no-deal Brexit seemingly very much front of mind, the FCA’s latest press release also reiterated that this would immediately end passporting, with obvious implications for EEA firms operating without UK authorisation, as well as for any affected UK firms yet to provide against this eventuality. However, EEA firms can register for the three-year Temporary Permission Regime and will need to do so very soon if they haven’t already, and some EEA regulators have put transitional arrangements in place of their own, To qualify for some of these, firms may need to register before the withdrawal date.
The FCA has stressed that it expects firms to consider in detail how Brexit could affect the various categories of customers and stakeholders with whom they interact. Having done so, firms are then expected to communicate ‘clearly’ with customers ‘in good time’ and ‘taking care to avoid confusion with multiple messages which could change over time.’
If that sounds like a tall order, given the current political chaos, the regulator concedes that ‘continued uncertainty around Brexit may cause tension between the timeliness and clarity of your communications.’ On which basis, we can probably assume that the crucial consideration is being able to show that you have been through the relevant thought processes and endeavoured to act appropriately under the circumstances.
Data sharing after Brexit
Whatever the outcome of the current Brexit negotiations, the regulatory position on data sharing will not look dramatically different after departure, as GDPR was transposed into UK law in the form of the Data Protection Act 2018.
The UK government has already confirmed that it regards EEA data protection law as adequate. So there will be no impediment to the flow of personal data from the UK to the EEA. The issues arise in respect of data travelling in the opposite direction.
The high probability that UK data protection law will ultimately satisfy the EU is complicated by the fact that the EU has stated that taking a decision on the adequacy or otherwise of the UK data protection regime does not form part of its contingency planning. This creates the prospect of an interim during which UK firms receiving data from EEA entities would need to establish an alternative legal basis on which to do so, pending a formal decision from the EU.
The FCA has stressed that UK firms whose business involves inward data flows from within the EEA should make contingency plans taking account of a) the extent to which their business depends on this (e.g. because of where customers or data centres are located) and b) what risks they would face if no central solution has been found at the time of departure. A key point of reference here is the ICO’s guidance on data protection and Brexit.
Sector by sector
The FCA has published sector-specific guidance on preparations for Brexit covering general insurance, life insurance, wholesale financial markets, retail investment, and banking and payment services.
We can help
In the meantime – with time potentially in very short supply – if you’d like immediate practical assistance with the process of preparing your firm for Brexit, Thistle’s expert team can help.
Contact us today on 0207 436 0630 – or email firstname.lastname@example.org.