Talk about tempting fate! We pondered whether to publish this article now or wait just a little longer.
In favour of waiting? The regular little hints in news and online that the final deadline for an agreement on trade is ‘the end of next week’. Trouble is, the next week deadline has been there for at least two months!
The fact that you are reading this clearly indicates that we decided not to wait. If there is a deal agreed in the near future, and Sod’s Law would indicate that will happen around ten minutes after this article goes live, then so be it. But if there is no deal announced then the fact that there is less than six weeks to go before the transition period ends and all bets are off suggests that firms really need to review their level of readiness for the brave new world of 2021 onwards, outside the EU. Especially since those six weeks include the interruptions of Covid-19, and Christmas and New Year downtime.
In addition, we need to remember that the negotiations that have been dragging on for a year with everyone’s favourite French man, Michel Barnier, are TRADE talks about an agreement on TRADE, not services. So they are not likely to throw up much for the financial services sector.
Thus far and over the last couple of years, credit can be given to the FCA for the rolling preparations they have made. Much of it has been related to ensuring that institutional activities such as banking and financial trades can continue with as little disruption as possible. That has given rise to things like a temporary permission regime enabling non-UK Banks etc. to continue to operate in the UK post transition and so maintain London’s position as a leading financial centre. But, while the FCA has been giving attention to such matters and coming up with solutions to assist EU firms, there has been a noticeable lack of reciprocation from EU countries in relation to UK firms. There has been much talk about rule equivalence, whereby the EU would recognise financial regulations in the UK as being equivalent to those in the EU and so life would carry on as before. That seems an eminently sensible approach, especially since the UK rules, at time of writing at least, are indeed equivalent, by dint of the UK having been a member state of the EU when those rules were created, with many actually being born in some EU Directive or other. Who can forget MiFID and MiFIDII, or GDPR or IMD – even if you’d like to!
Accordingly, with six weeks to go, this article is by way of a quick reminder for firms to identify whether and how they might be affected by end of the transition period.
The FCA has been publishing regularly updated bulletins on EU withdrawal and how firms should prepare, so we do not intend to replicate that in full here. Instead, we will concentrate on the two specific issues that are most likely to have an immediate impact, namely passporting and data protection.
Unless there is some agreement around equivalence, passporting ends on 31 December. Firms that currently undertake ‘cross-border activity’, or who intend to going forward, will need to make appropriate arrangements. Nothing has changed since we last wrote about this. See previous articles here and here.
Recall the heady early months of 2018 when firms not only had to implement the monster that was MiFIDII but also had to incorporate a whole new set of data protection rules in their dealings with clients. GDPR – just four little letters but they caused much angst in all businesses, not least in financial services. The good news is that as we went through the pain of implementing GDPR in the shape of the Data Protection Act 2018 back then, that is one less thing to worry about at the end of the transition period.
WRONG! Just as there has thus far been little or no apparent reciprocation or consideration of equivalence in relation to financial regulations, there has not to date been any decision made by the EU on whether our version of GDPR is ‘adequate’! This has implications for firms that transfer personal data in to or out from the EU. Firms should refer to the ICO website for the latest updates in this regard. The key points are as stated there:
“If the transition period ends before the EU Commission makes an adequacy decision about the UK, most of the data protection rules affecting small to medium-sized businesses and organisations will stay the same.
The UK is committed to maintaining the high standards of the GDPR (General Data Protection Regulation) and the government plans to incorporate it into UK law at the end of the transition period.
If you are a UK business or organisation that already complies with the GDPR and has no contacts or customers in the EEA, you do not need to do much more to prepare for data protection compliance at the end of the transition period.
If you are a UK business or organisation that receives personal data from contacts in the EEA, you need to take extra steps to ensure that the data can continue to flow at the end of the transition period.
If you are a UK business or organisation with an office, branch or other established presence in the EEA, or if you have customers in the EEA, you will need to comply with both UK and EU data protection regulations at the end of the transition period. You may need to designate a representative in the EEA.”