Updated: May 30
Can Brexit threats UK's jewel for economic success?
Fintech companies cover all regions of Europe while operating from their London headquarters. They have hired qualified native speakers advisors from all levels of seniority. UK clearly leads the European Fintech market, although post-article 50 future limits their operation under such European integrated employment rules.
Therefore, many Fintech corporations announced their intention to relocate their headquarters, however UK will remain the centre for global Fintech after Brexit. The loss of labour law advantages from EU may not defeat Uk’s flexible regulatory frame.
If these concerns remain strictly hypothetical, UK is engaged in global negotiations to define its equivalency principles for Fintech legal agreements without compromising European Finance regulations. This note considers Brexit’s impact on Legal Finance and Consumer regulations currently applicable to the disintegrated UE-UK Fintech market.
March 2017 White Paper legislating Brexit Annex A= EU Law can be converted into UK law however UK Courts jurisdiction to interpret EU-derived law is affirmed over the Court of Justice of the European Union case law which will no longer rule in the UK. Past CJEU decisions can remain applicable if UK Supreme Court takes a similar approach.
Are Finance EU Regulations, Directives and decisions accepted by UK? EU Regulations contain detailed rules having force of law in the UK, Directives are only recommendations that may be followed or not by the State Members and Decisions are addressed and binding to State Members or individuals that may have direct effect. With regard to e-payments EU has adopted a second Directive (P2) in 2015 (including interchange fees), a traditional E-money Directive since 2009, within many other financial market rules. The UK is not bounded by EU Directives anymore, but its interest for compliance is directly related to maintaining the financial service leadership in Europe.
EU General Data Protection Regulation (GDPR, 2016) and UK Data Protection Act (DPA, Royal Assent May 23 2018): compliance will not be affected by Brexit (UK’s Department of Culture Media and Sports stated in Aug 7,2017 and Data protection Bill from Sept 13 2017 now Data Protection Act 2018). Definition of Personal Data: DPA follows GDPR, considers internet cookies, DNA, IP, etc.Privacy by design or by default: not considered by GDPR, no European rule. UK’s DPA requires that companies take privacy measures from the designing stage of a system under data minimization and limited accessing principles.Scope of DPA: processing of personal data subjects in the UK by a controller or processor out of the UK. In that sense UK jurisdiction is expanded over UE and any other country applicable to non-UK businesses processing data of UK citizens. Like GDPR, DPA requests to appoint a UK representative for these businesses.Consent: DPA adopts almost same principles than GDPR, consent to use personal data must no be ambiguous, not based on the use of default opt-out or pre-checked tick boxes, must be explicit for sensitive data, easy . Differences: guardians and parent consent for minors <13 years old (16 under GDPR); preventive or counselling services are excluded from the definition of information society services.Data Portability: DPA has new rules about data mobility between different service providers. Transfer is simplified in Chapter 5: 3 conditions to transfer data to 3rd countries ( article 73: necessary for enforcement, based on adequate decision, based on relevant authority).Data Subject Rights: DPA follows GDPR by recognizing right to be forgotten (data erasure), however DPA admits the right to be forgotten from search engines, allowing Uk courts to require searching engines to remove links to personal information even if it was legally published (taken from ECJ case Google Spain SL v. Agencia Española de Protección de Datos, Case C 131/12 May 2014)Transparency: follows same GDPR principles, right to get personal disclosed that a corporation holds.Notifications or Registrations requirements: same internal records requirement to demonstrate compliance with the rules and to prove that Model Contract Clauses were respected.No Collective Redress Option in DPAProfiling: under DPA decisions made on automated processing can be reviewed by a person.
+40 Financial regulations and Directives were incorporated by UK when it was part of EU= ongoing cooperation will ensure financial stability.
UK financial services are provided within the EU through the pan-EU passport that allows to open branches and operate in any European country, based on prudential capital regime under mutual licensing recognition and EU rules. Passporting may be ending and replaced by a more complex recognition system.
EU Passporting rights are granted by Capital Requirements Directive (CRD IV), Solvency Directive, Markets in Financial Instruments Directive (MiFID), Undertakings for Collective Investment in Transferable Securities (UCTITS) and Alternative Investment Fund Managers Directive (AIFMD).
UK Consumer Rights Act and digital contents= UK consumer law predates EU competence.Buying digital content that must be of satisfactory quality, fit for a particular purpose and “as descried”. Digital content is neither goods nor services: consent is required for downloads and e-payments, the cooling off period is 14 days from the payment date. E-payments: are considered monetary price already even for on-going subscriptions. Statutory rights do not apply if digital content is given away which does not exempt for possible damages liability. How and what to get as Partial Refund: 1) Value of digital content is disproportionate with cost of repair/replacement; 2) Repairing/replacement is impossible; 3) repair/replacement is unreasonably long or unsuccessful.Compensation= faulty dowloaded digital deliveries must be repaired only when they wouldn’t occurred if reasonable care and skill was exercised to provide it.Refunds= ruled under terms & conditions, right to cancel may be waived, usually genuine mistake has to be proven.
D) What professionals need to know about Fintech post-Brexit applicable regulations:
As per 1995 EU Directive, UK can be designated for an adequacy decision in accordance to article 46 GPR to allow secure international data transfers.UK is not bound by any EU-3rd Country treaty on data security anymore and needs to adopt its own standards of equivalency with them. UK will leave the EU Single Market getting free flow of financial services across any EU Member State and any other country entering alone to the globalized financial system.However a mutual market access is being ruled relocating Clearing Activity of Central Counter-parties. A Free Trade Agreement model will be used between UE and UK with an acquis communautaire transposing of EU’s body of laws, Bank of England, Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) will become crucial to exercise these powers.International Financial standards are not binding, such as the standard provided by Base Committee on Banking Standards (Basel III), Financial Stability Board, International Organization of Securities Commissions, International Association of Insurance Supervisors, International Accounting Standards Board. However, these international standards are going to be used to mitigating UK’s loss of influence at the EU level shaping global standers post-Brexit.The EU will possibly reduce its rule making preferring to undergo in a steady-state ruling procedure moving towards the end of the post-financial crisis regulatory reform agenda.UK financial regime has very sophisticated rules on banking accountability, (Bank Act 2009), distinct from what the UE has done, specifically about consumer protection and ethical rules.UK leads the Fintech market comparatively to the EU.However it has so little specific regulation at the moment, the Financial Authority Committee commits to create flexible rules to protect innovation in a highly supervised environment. UK’s shapes standards for innovative supervisory practices and EU is now following them in order to create a regulatory sandbox for Fintech that cannot ignore UK’s avances. UK has a unique “Senior Managers and Certification Regime” regulated by FCA and PRA that changed banking culture since March 2016.Cybersecurity remains a priority for Fintech that will require more cooperation between the UK Parliament and the EU Commission.While UK is the larger European Fintech hub, many relocations of Fintech giants are expected from UK. Germany, Sweden and France will quickly catch up to host these firms.