Are banks Brexit-ready?

With the latest uncertainty in Brexit and October fast approaching, banks need to take stock of their preparation. Firms have carried out significant work to ensure that they are able to continue to operate post Brexit regardless of the outcome. However, once the nature of Brexit is known, there will be further work required to comply with the new regulatory and legal framework as well as changes to processes, data and technology systems.

Passporting ceases on exit or at the end of a transition period if a deal is agreed

• European Economic Area (EEA) firms that could provide services into the UK through passporting will need to seek authorization to continue after exit day. Similarly, EEA Financial Market Infrastructures (FMIs) will need to seek recognition. Her Majesty’s (HM) Treasury has brought forward legislation that will allow EEA firms, FMIs, and funds to continue their activities in the UK for three years after exit day before requiring full authorization or recognition. Hence, EEA firms and FMIs may plan on the assumption that full Prudential Regulation Authority (PRA) authorization or bank recognition will only be needed by the end of the implementation period. In the UK, this is irrespective of a deal, whereas in the EU, if a deal is struck, activities may continue for two years, but passporting will terminate immediately without a deal.
• As the UK leaves the EU’s single market, passporting rights into the UK will cease to exist. The Financial Services and Markets Act (FSMA) is being amended so that EEA firms, Treaty firms, operators and depositaries of Undertakings for Collective Investment in Transferable Securities (UCITS) and Alternative Investment Fund Managers (AIFM) qualifiers will no longer qualify as authorized persons.

Post-Brexit, the FCA Handbook will get updated to reflect the transposition of EU directives and regulation into UK law and will form the basis for regulation of UK financial services firms

• EU law has supremacy over domestic law among EU member states. It takes the form of directives that need transposition into domestic law of EU member states. In the UK, EU directives have been incorporated into the Handbook or UK legislation.
• By contrast, EU regulations are directly applicable. This means they do not need to be transposed into the Handbook or UK legislation.
• When the UK leaves the EU, directly applicable EU regulations will (in the absence of a transitional arrangement) no longer apply, leaving a legislative gap. To compensate for that, the European Union Withdrawal Act (EUWA) incorporates EU regulations into UK law. They will be amended to make them work effectively by a series of statutory instruments (SIs). Similarly, the government is proposing in a series of SIs equivalent amendments to UK laws that: i/ relate to previously transposed directives ii/ reflect the UK’s current membership of the EU or, where applicable, the EEA, iii/ otherwise refer to the EU or EEA concepts.

The work done so far 

So, what further changes do firms need to do post Brexit?

• Payments - In the unlikely outcome that the UK does not retain SEPA access under one leg in, there will be increased settlement risk, which will also be the case under Second Payment Services Directive (PSD2) and Open Banking (OB).
  • Retaining SEPA and Target 2 membership would require migrating existing technology systems to an EU branch
  • Loss of two-leg access would require redesign of technology and processes to support more complex operations
• Clearing and Settlement - The outcome of a transition period will determine if clearing can continue from the UK under equivalence. The impact of a move to the EU based on political drivers may cause a significant increase in systemic risk based on operational and liquidity factors. This would require the migration of operations and technology from existing clearing platforms in the UK to existing or new platforms within the EU.
• Passporting – firms will need to seek approvals under the equivalence regime post-Brexit, the timeframe for this will depend on whether the UK leaves with or without a deal.
• GDPR - EU GDPR will continue to apply to EU citizens whilst the transposed UK GDPR will apply to UK Citizens. This would require modification to data systems and records including labelling natural persons with regional identity based on citizenship with different processes applied for existing customers and new ones.
• Capital and Reporting – Firms will need to make changes to regulatory reporting systems to change both their aggregation rules and capital weightings for third-country status. Analytical tools to assess the impact, and MIS reporting to manage this are required with further analysis on how to optimize capital versus where and how business is conducted.
• Trade and Transaction Reporting – Trade Repositories (TR) will need to change their systems to send UK derivatives to the FCA’s Derivative Reporting System and exclude them from their feed to European Securities and Markets Authority’s (ESMA) TRACE.
  • Minor changes will be required for securities transactions with modifications to the PRA data systems to stop copies of data being sent to EEA supervisors’ systems.
• Consumer Protection -  Distance Marketing Directive (DMD) / Electronic Commerce Directive (ECD) - After Brexit, UK banks will be limited in the reach of their product marketing as distance marketing to EU consumers will be revoked with vice versa applied to EU banks
  • Setting up a branch in an opposite region would enable a bank to conduct this activity, with a need to migrate operations and processes to that region and reconfiguring the technology

E-commerce business from the EU to UK customers will be impaired if the Temporary Permissions Regime (TPR) does not gain approval with changes made to online sales data systems and technology required to terminate this activity and closure of any outstanding business. In the interim, should a deal not be struck, online sales from the EU to the UK will cease immediately and the changes will need to be accelerated.

To conclude

While financial institutions have made significant investments to continue to operate post Brexit regardless of the type of deal, there is still work that will be required post Brexit to comply fully with the new requirements. What these will be will become clearer over the coming months once the new government negotiates the future Brexit deal. 

Richard Thornton

Head of Risk and Compliance Practice - Banking, Financial Services and Insurance, Wipro

Richard has over 39 years’ experience in Financial Services spanning Retail Banking, Wholesale & Investment Banking, and Asset Management. He has worked in Risk and Compliance for over 25 years and has delivered large-scale change programs covering Basel III, MiFID, EMIR, Financial Crime and Dodd Frank.