Budapest Post

Cum Deo pro Patria et Libertate
Budapest, Europe and world news

Game of Laws: Compliance in the Age of Regulatory Proliferation

Game of Laws: Compliance in the Age of Regulatory Proliferation

Even if the pace at which regulations are drafted seems to be slowing down, at least at the EU-level, regulations in general are still trending toward bullish proliferation. In the financial-crime field alone, around 1,300 binding pieces of legislation have been brought to light in the span of 20 years (2000-2020), with about 228 directives and 1100 regulations.

Today, around 186 directives and 800 regulations are in effect.

Additional potential regulations are also looming, including those that could establish a long-debated European central anti-money laundering authority or new, potentially extraterritorial, regulations in the post-Brexit UK.

Until fairly recently, the response from compliance officers to such new mandates could be compared to that of a soldier replying to an order: “Roger Wilco,” short for “received and will comply.” And then one day, it happened.

On July 18, 2018, the High Court of Justice in the UK ruled in favour of a claimant who had requested that his bank disclose the contents of Suspicious Activity Reports (SARs) filed to the National Crime Agency (NCA). Breach of the non-tipping-off principle? Not at all, according to the court.

Will this decision broader political conflict over the imposition of regulations and laws? Perhaps. Will it open a Pandora’s box of long proceedings to challenge the existing anti-financial crime and compliance legislative framework? Most probably.

At least one thing is clear: with all our legitimate and justified intentions to combat financial crime, we have been living in some sort of a legislative paradise, where all laws and regulations match together as the pieces of a jigsaw puzzle. But what if this paradise is lost?

The road paved with good intentions

We all seem to agree that the whole point behind compliance efforts is ultimately to serve the general welfare of humanity. Still, one may argue where the limits of the “general interest/common good” umbrella end.

Let’s take the example of AML/CTF requirements on the collection of data related to Politically Exposed Persons (PEPs). We remember that their 1st and 2nd degree relatives and close associates are also considered to be PEPs. Oftentimes, the research performed by financial institutions can be inclusive but also highly intrusive. What if a client has an extramarital affair? And what if it concerns a same-sex partner?

These cases clearly fall under the GDPR provisions regarding sensitive personal data. No particular issue with this unless we consider, for example, that many financial institutions operate in countries whose AML regulations do not impose any data protection for the information collected during compliance procedures; therefore, it seems that the key European requirement of the same level of safeguards is not met. Moreover, PEP definitions may vary even across the EU (e.g., Italy where a list of national PEPs has been published), further amplifying the scope.

More food for thought: national FIUs receive hundreds of SARs containing sensitive data. If we refer to Recital 14 of the GDPR, it seems that FIUs are not covered by the regulation’s provisions in general, nor by its specific safeguards. What will happen in case of a major breach or a cyberattack? Off the radar for now.

How about counterterrorist financing? Even when there are genuine security and welfare objectives, there may be data-privacy concerns. One of the most well-known affairs relates to SWIFT. Indeed, in 2006, the world was shocked with the revelations published by The New York Times that US authorities secretly and illegally gained access to SWIFT messages containing personal data as part of their Terrorist Finance Tracking Program. Back in 2006, this practice was judged as a breach of the then-applicable regulations. Two years later, however, the initial position was entirely reversed to recognize the legitimacy of the US program. In France, for instance, such practices would be violating the Blocking Statute of July 1968, updated in July 1980, which prohibits companies incorporated in France from transferring specific data to foreign authorities without using the channel of international criminal cooperation. Have you ever tried to use this channel, via Mutual Legal Assistance Treaties or otherwise? Well, good luck, and arm yourself with patience and snacks to nosh during your long legal siege.

In the context of such legal instability, we seem to be shifting towards a completely new compliance order.

Strange new world

We already know – and the European Commission itself highlighted this fact in a July 2019 press release – that AML and other financial crime regulations drastically lack harmonisation, whether it be across the EU Member States or between the EU and third countries, such as the US.

The US example is a flagrant one; suffice it to mention the fundamental difference between the FCPA and the rest of most well-known, anti-corruption laws lies in the treatment of passive bribery and facilitation payments. A small historical digression: several US Courts of Appeal confirmed at every occasion that their constitutional double jeopardy provision does not apply to the FCPA when it comes to foreign judgements, while most of the countries recognize, at least partially, the non bis in idem principle. A dangerous mismatch.

However, certain discrepancies may cause genuine issues or even larger disorder.

This is very often the case when it comes to the conflict between AML laws and privacy regulations. Let’s take the example of Lonsdale v National Westminster Bank. The claimant’s business and personal accounts were frozen by his bank. A barrister himself, he put two-and-two together, assumed a SAR was filed, and, according to the then in-force Data Protection Act 1998, requested access to the SAR. However, we all know that disclosing a SAR to the customer concerned is tantamount to the tipping-off offence, already clearly prohibited in the 3AMLD and seq. Legal crossroads in its splendour.

The court judged that “there was no evidence that the SARs are required to be kept confidential. The SARs were plainly relevant to the assessment of whether the bank’s employees genuinely held a relevant suspicion” .

Guillaume Rudelle, a Parisian barrister and Associate at Norton Rose Fulbright in France admits: “Practically speaking, such action could only be successful if the customer is able to demonstrate that the suspicious activity report (SAR) was unlawful, which is impossible if one cannot have access to the content of the SAR. Accordingly, denying a request made by the customer to obtain the disclosure of the SAR could be seen as a denial of the right to a fair trial”.

According to American lawyers, such an action would be impossible in the United States. The same holds true for France, though with nuances.

“SARs are confidential (art. L.561-18, French Monetary Code). Both their existence and the content of the report, along with any follow-up action, cannot be disclosed to the subject of the report or to any third party. Should an individual concerned by a SAR wish to consult what personal data was used in the SAR, he/she can ask the CNIL for “indirect access” which then nominates one of its members, who is also (or has been) a member of one of the French Supreme Courts, in order to investigate and potentially make relevant amendments to personal data. The individual gets access when the CNIL establishes with the bank that communicating the information will not reveal any sensitive information (i.e. the SAR itself, the amount at stake, declarations from bank employees, follow-up actions etc.) and, most importantly, does not risk to hinder the objectives of anti-money laundering and terrorism financing”, specifies Emmanuel Breen, Counsel at Laurent Cohen-Tanugi Avocats (Paris, France).

It remains unclear what the purpose of such a disclosure to the claimant would be, absent the above data.

Additionally, we must not forget the French Constitutional Council’s decision that deemed the public register of trusts required by the 4AMLD to be unconstitutional due to its infringement of the right to privacy. As of today, there is still no further progress on this point, at least in France.

While still a member of the EU, the UK somewhat customised their approach by creating a trust register that is not accessible to the public and therefore less of an invasion of privacy. This regime seems unlikely to be amended after Brexit.

In Italy, it seems that the UBO of a trust can oppose the publication of his/her data in the register.

Speaking of registers: what a fascinating exercise as to compile the data on the UBO registers in countries on every continent in terms of existence and availability. We can note that, in some cases, even the so-called “developing” countries have exceeded the developed European ones; Ghana, would be a good example of this.

On this basis, the recent decision taken by the European Commission to designate “high-risk” jurisdictions is more than nebulous. Nor will the EU’s plan to create a unique European AML supervisory body sort out this lack of consistency and harmonisation; this proposal gloomily promises only to add another layer to the bureaucratic blame game.

Finally, there is the mismatch between sanctions regulations, with perhaps the most conspicuous being the differences between OFAC’s programs and those under the EU Blocking Statute. In a nutshell, the problem arises because entities established or incorporated in the EU are prohibited from complying with specific US sanctions regimes, on pain of penalties.

“It is important to note, however, that the EU Blocking Regulation does not provide for a formal sanction mechanism and leaves it to Member States to define sanctions and enforce them. There are therefore huge discrepancies in the enforcement record of the EU Blocking Regulation among Member States. Certain governments have been more aggressive than others in this respect. For example, the UK adopted the Extraterritorial US Legislation Sanctions against Cuba, Iran and Libya – Protection of Trading Interests Order in February 2019, which provides for an unlimited fine. At the other extreme, countries like France and Luxembourg have yet to introduce any national legislation on this issue and are not yet in a position to prosecute violations of the EU Blocking Regulation”, says Mr. Breen. “The EU is not, though, alone in this aspect. Canada and Mexico also implemented their own blocking statutes to respond specifically to the US Helms-Burton Act”, he adds.

If jurisdictions continue this ping-pong game, who can unhesitatingly and confidently say where we are headed?

Towards a No-Man’s Land?

Mr. Breen tilts toward a further increase in regulations. During our discussion, he used the term “overcompliance”. Quite a fair one. Despite its positive connotations – i.e., going beyond explicit regulatory requirements and expectations – Mr. Breen still considers it a risk.

Pierre-Manuel Sroczynski, ex-Director of the Compliance and Permanent Control department at the French La Banque Postale and now a consultant at Somerset Advisory, holds a diametrically opposed view.

“The AML and sanctions-related legislative and regulatory corpus is already quite extensive and complete. A further increase? Definitely not. I guess the governments have taken heed of the fact that the crux of the matter now lies with the relevant and appropriate supervision, coordination and harmonisation”, he believes.

Today, we are waiting to find out what lies ahead, and what the current and upcoming regulatory efforts have in store for Compliance Officers. The territory remains challenged and contentious. Personally, being a Cartesian Compliance Officer, I believe that the “holy war” Compliance wages on financial crime may justify specific gambits, i.e. sacrifices (for example, data protection), in order to effectively pursue a just cause, unless there are truly no regulatory conflicts involved. I am also convinced that compliance should go beyond regulatory expectations, not to complicate our lives but to make it easier.

I have to admit that sometimes it feels like compliance has taken the wrong path, with regulations having too many loopholes that seem designed to satisfy particular shadow interests. Even the FATF Executive Secretary David Lewis admits that no country has a solid AML framework that works as it should. Take the recent EIB case, as an example: the drastic shortcomings in the AML framework were known to EIB’s top management, who actually considered the regulations and rules and insisted on their implementation throughout Europe. Or the whatever-Leaks or Papers: how many of you know what the state of play is after all the whistleblower-journalists to and fro, and the books written and disclosures published?

But as a compliance professional, I hope that no regulatory evolution in this field will force the return to ground zero.

AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.
Newsletter

Related Articles

0:00
0:00
Close
Emails Leaked: How Passenger Luggage Became a Side Income for Airport Workers
Polish MEP: “Dear Leftists - China is laughing at you, Russia is laughing, India is laughing”
Western Europe Records Hottest June on Record
BRICS Expands Membership with Indonesia and Ten New Partner Countries
Elon Musk Founds a Party Following a Poll on X: "You Wanted It – You Got It!"
China’s Central Bank Consults European Peers on Low-Rate Strategies
France Requests Airlines to Cut Flights at Paris Airports Amid Planned Air Traffic Controller Strike
Poland Implements Border Checks Amid Growing Migration Tensions
Emirates Airline Expands Market Share with New $20 Million Campaign
Amazon Reaches Milestone with Deployment of One Millionth Robot
Yulia Putintseva Calls for Spectator Ejection at Wimbledon Over Safety Concerns
House Oversight Committee Subpoenas Former Jill Biden Aide Amid Investigation into Alleged Concealment of President Biden's Cognitive Health
Amazon Reaches Major Automation Milestone with Over One Million Robots
Extreme Heat Wave Sweeps Across Europe, Hitting Record Temperatures
Meta Announces Formation of Ambitious AI Unit, Meta Superintelligence Labs
Robots Compete in Football Tournament in China Amid Injuries
China Unveils Miniature Insect-Like Surveillance Drone
Marc Marquez Claims Victory at Dutch Grand Prix Amidst Family Misfortune
Germany Votes to Suspend Family Reunification for Asylum Seekers
Budapest Pride Parade Draws 200,000 Participants Amid Government Ban
Southern Europe Experiences Extreme Heat
Xiaomi's YU7 SUV Launch Garners Record Pre-Orders Amid Market Challenges
Jeff Bezos and Lauren Sanchez's Lavish Wedding in Venice
Russia Launches Largest Air Assault on Ukraine Since Invasion
Massive Anti-Government Protests Erupt in Belgrade
Iran Executes Alleged Israeli Spies and Arrests Hundreds Amid Post-War Crackdown
Hungary's Prime Minister Criticizes NATO's Role in Ukraine
EU TO HUNGARY: LET THEM PRIDE OR PREP FOR SHADE. ORBÁN TO EU: STAY IN YOUR LANE AND FIX YOUR OWN MESS.
Hungarian Scientist to Conduct 30 Research Experiments on the International Space Station
NATO Members Agree to 5% Defense Spending Target by 2035
NATO Leaders Endorse Plan for Increased Defence Spending
U.S. Crude Oil Prices Drop Below $65 Amid Market Volatility
International Astronaut Team Launched to Space Station
Macron and Merz: Europe must arm itself in an unstable world
Germany and Italy Under Pressure to Repatriate $245bn of Gold from US Vaults
Iran Intensifies Crackdown on Alleged Mossad Operatives After Sabotage Claims
Trump Praises Iran’s ‘Very Weak’ Response After U.S. Strikes and Presses Israel to Pursue Peace
Oil Prices Set to Surge After US Strikes Iran
BA and Singapore Airlines Cancel Dubai Flights Amid Middle East Tensions
Trump Faces Backlash from MAGA Base Over Iran Strikes
Meta Bets $14 B on Alexandr Wang to Drive AI Ambitions
FedEx Founder Fred Smith, ‘Heart and Soul’ of the Company, Dies at 80
Chinese Factories Shift Away from U.S. Amid Trump‑Era Tariffs
Pimco Seizes Opportunity in Japan’s Dislocated Bond Market
Labubu Doll Drives Pop Mart to Status as China’s Most Valuable Toy Maker
Global Coal Demand Defies Paris Accord Goals
United States Conducts Precision Strikes on Iran’s Nuclear Sites
US strikes Iran nuclear sites, Trump says
Telegram Founder: I Will Leave My Fortune to Over 100 of My Children
16 Billion Login Credentials Leaked in Unprecedented Cybersecurity Breach
×