2019 has been quite a year: we had the implementation of PSD2, Brexit uncertainty, increased sanctions brought on by the changes in US foreign policy and Facebook was fined a record-breaking penalty of 5 billion dollars by the Federal Trade Commission (TFC) for violating consumers’ privacy rights.
In 2020 we will see an ever-increasing focus on proactively preventing money laundering and financial crime, rather than compliance being a simple 'tick-the-box' exercise. Regulators will be progressively looking at outcomes rather than processes. This will further compound the workload for regulated businesses as they will be under pressure to increase both the number of checks they perform together with understanding the ‘fuzziness’ of any checks.
As Chief Product Officer working within the compliance industry, I want to share my predictions, recommendations and advice on the latest regulations and trends that will come into effect in 2020 and beyond.
The 5th Money Laundering Directive
The 5th Money Laundering Directive (5MLD) will come into effect on 10th January 2020 and is more radical than its predecessor 4MLD.
A key change in 2020 is the requirement for all member states to collect and publicise beneficial ownership information for companies. However, with only a few weeks to go, it looks likely that the deadline to make this data available will be missed by many member states, and even in states where it is available, such as the UK, there may be no independent verification process. It is expected that obliged entities will be required to report where they find discrepancies in the register, adding further to their regulatory burden.
The 5MLD extends the reach of anti-money laundering provisions, bringing virtual assets, such as cryptocurrencies and fine art into scope. It also requires customer due diligence on prepaid cards with a value as low as 150 euros and any remote payment transaction of more than 50 euros.
Other changes include support for electronic customer due diligence and enhanced obligations for information-sharing to prevent money laundering and the finance of terrorism.
Overall, the impact of the directive will be far-reaching and companies will need to ensure their compliance processes are ready for 2020.
Digital transformation of compliance
As regulation becomes ever tighter and wide-ranging, electronic customer identification becomes the preferred method (if not yet mandated) and meeting customer expectations becomes more challenging, digital transformation is becoming essential for any organisation.
In 2020 we will see more firms investing in the digital transformation of their compliance function as an integral part of the customer onboarding journey.
Brexit and Right to Work compliance in UK
On 31st December 2020 free movement of EU Nationals to the UK is due to end. The Home Office has confirmed that this date applies even if the UK leaves without a deal. Depending on whether the UK leaves with or without a deal, all EU Nationals (except Irish passport holders) residing or working within the UK will need to register either by the end of the year or 30th June 2021. Irish passport holders will retain the right to work in the UK without registering.
The revised regime for EU Nationals has led to several different statuses for EU citizens including: Settled Status, Pre-settled Status, Temporary Leave to Remain, Border worker, all of which have different rights and durations. There is a new online service to enable employers to verify the status, although they will still be required to retain proof that the check was completed.
The situation remains fluid, but it seems likely that employers will be expected to revisit all existing right to work checks and confirm that their employees have completed their registration. It also seems likely that there will be some confusion about who does and does not have the right to work in the UK, and what evidence they are required to show to demonstrate right to work.
With the increased focus on immigration following the 2019 general election, it seems likely that there will be changes in immigration requirements for nationals of all countries, not just from the EU. It seems unlikely that this will aim to inhibit recruitment to better paid jobs, but government policies often have unexpected consequences.
Open Banking’s increased adoption
Open Banking was created to enable innovation, transparency and competition in the UK financial services market, by making it easier and safer for individuals and SMEs to share the financial information held by their banks with third parties.
Open Banking has shown encouraging signs in 2019 of its potential to rebalance the market in favour of consumers and SMEs. Some exciting proof points are emerging such as, material demand from third parties, exciting propositions in development and the very early stages of customer adoption.
At the request of the Competition and Markets Authority (CMA) the Open Banking Implementation Entity (OBIE) have launched a consultation into its future roadmap and a revised roadmap is due to be submitted to CMA by the end of January 2020
The 6th Money Laundering Directive becomes law
In December 2020 member States are required to transpose the 6th Money Laundering Directive (AMLD) into national law by 3 December 2020. After which, relevant regulations must be implemented by firms within Member States by 3 June 2021.
Although the UK is currently expected to withdraw from the EU, the deadline of 3 December still applies. If the UK ratifies the EU-UK Withdrawal agreement, then the UK will enter a transitional period for Brexit which would last beyond the date of implementation. In this case the UK would likely be bound to implement the requirements of the Directive. Even if not bound to do so in a no-deal scenario, it may choose to adopt the Directive to ensure alignment with the block.
Regulator bares teeth for GDPR non-compliance
It has been just over a year since the General Data Protection Regulation (GDPR) was implemented across the EU member states. The legal framework was designed to help businesses develop better compliance cultures around their clients and prospects data, whilst increasing awareness amongst citizens of their data rights.
Now that GDPR is no longer ‘new’ we are starting to see regulators show their teeth with more stringent requirements, steeper penalties and the likelihood of fines in 2020. The initial targets have been high-profile, such as Facebook's, but it seems likely the regulators will also turn their attention to some of the smaller companies suffering data breaches.
Compliance teams face challenging times ahead with increasing regulation, internal scrutiny and an expectation that they will prevent crime without inhibiting the customer experience. The pace of change continues unabated, and 2020 looks like being no exception. For most companies, throwing more people at the problem is not viable, so I expect to continue to see growth in digital transformation as companies respond to the challenges ahead.