KazPost

Kazakhstan News
Friday, Mar 29, 2024

Game of Laws: Compliance in the Age of Regulatory Proliferation

Game of Laws: Compliance in the Age of Regulatory Proliferation

Even if the pace at which regulations are drafted seems to be slowing down, at least at the EU-level, regulations in general are still trending toward bullish proliferation. In the financial-crime field alone, around 1,300 binding pieces of legislation have been brought to light in the span of 20 years (2000-2020), with about 228 directives and 1100 regulations.

Today, around 186 directives and 800 regulations are in effect.

Additional potential regulations are also looming, including those that could establish a long-debated European central anti-money laundering authority or new, potentially extraterritorial, regulations in the post-Brexit UK.

Until fairly recently, the response from compliance officers to such new mandates could be compared to that of a soldier replying to an order: “Roger Wilco,” short for “received and will comply.” And then one day, it happened.

On July 18, 2018, the High Court of Justice in the UK ruled in favour of a claimant who had requested that his bank disclose the contents of Suspicious Activity Reports (SARs) filed to the National Crime Agency (NCA). Breach of the non-tipping-off principle? Not at all, according to the court.

Will this decision broader political conflict over the imposition of regulations and laws? Perhaps. Will it open a Pandora’s box of long proceedings to challenge the existing anti-financial crime and compliance legislative framework? Most probably.

At least one thing is clear: with all our legitimate and justified intentions to combat financial crime, we have been living in some sort of a legislative paradise, where all laws and regulations match together as the pieces of a jigsaw puzzle. But what if this paradise is lost?

The road paved with good intentions

We all seem to agree that the whole point behind compliance efforts is ultimately to serve the general welfare of humanity. Still, one may argue where the limits of the “general interest/common good” umbrella end.

Let’s take the example of AML/CTF requirements on the collection of data related to Politically Exposed Persons (PEPs). We remember that their 1st and 2nd degree relatives and close associates are also considered to be PEPs. Oftentimes, the research performed by financial institutions can be inclusive but also highly intrusive. What if a client has an extramarital affair? And what if it concerns a same-sex partner?

These cases clearly fall under the GDPR provisions regarding sensitive personal data. No particular issue with this unless we consider, for example, that many financial institutions operate in countries whose AML regulations do not impose any data protection for the information collected during compliance procedures; therefore, it seems that the key European requirement of the same level of safeguards is not met. Moreover, PEP definitions may vary even across the EU (e.g., Italy where a list of national PEPs has been published), further amplifying the scope.

More food for thought: national FIUs receive hundreds of SARs containing sensitive data. If we refer to Recital 14 of the GDPR, it seems that FIUs are not covered by the regulation’s provisions in general, nor by its specific safeguards. What will happen in case of a major breach or a cyberattack? Off the radar for now.

How about counterterrorist financing? Even when there are genuine security and welfare objectives, there may be data-privacy concerns. One of the most well-known affairs relates to SWIFT. Indeed, in 2006, the world was shocked with the revelations published by The New York Times that US authorities secretly and illegally gained access to SWIFT messages containing personal data as part of their Terrorist Finance Tracking Program. Back in 2006, this practice was judged as a breach of the then-applicable regulations. Two years later, however, the initial position was entirely reversed to recognize the legitimacy of the US program. In France, for instance, such practices would be violating the Blocking Statute of July 1968, updated in July 1980, which prohibits companies incorporated in France from transferring specific data to foreign authorities without using the channel of international criminal cooperation. Have you ever tried to use this channel, via Mutual Legal Assistance Treaties or otherwise? Well, good luck, and arm yourself with patience and snacks to nosh during your long legal siege.

In the context of such legal instability, we seem to be shifting towards a completely new compliance order.

Strange new world

We already know – and the European Commission itself highlighted this fact in a July 2019 press release – that AML and other financial crime regulations drastically lack harmonisation, whether it be across the EU Member States or between the EU and third countries, such as the US.

The US example is a flagrant one; suffice it to mention the fundamental difference between the FCPA and the rest of most well-known, anti-corruption laws lies in the treatment of passive bribery and facilitation payments. A small historical digression: several US Courts of Appeal confirmed at every occasion that their constitutional double jeopardy provision does not apply to the FCPA when it comes to foreign judgements, while most of the countries recognize, at least partially, the non bis in idem principle. A dangerous mismatch.

However, certain discrepancies may cause genuine issues or even larger disorder.

This is very often the case when it comes to the conflict between AML laws and privacy regulations. Let’s take the example of Lonsdale v National Westminster Bank. The claimant’s business and personal accounts were frozen by his bank. A barrister himself, he put two-and-two together, assumed a SAR was filed, and, according to the then in-force Data Protection Act 1998, requested access to the SAR. However, we all know that disclosing a SAR to the customer concerned is tantamount to the tipping-off offence, already clearly prohibited in the 3AMLD and seq. Legal crossroads in its splendour.

The court judged that “there was no evidence that the SARs are required to be kept confidential. The SARs were plainly relevant to the assessment of whether the bank’s employees genuinely held a relevant suspicion” .

Guillaume Rudelle, a Parisian barrister and Associate at Norton Rose Fulbright in France admits: “Practically speaking, such action could only be successful if the customer is able to demonstrate that the suspicious activity report (SAR) was unlawful, which is impossible if one cannot have access to the content of the SAR. Accordingly, denying a request made by the customer to obtain the disclosure of the SAR could be seen as a denial of the right to a fair trial”.

According to American lawyers, such an action would be impossible in the United States. The same holds true for France, though with nuances.

“SARs are confidential (art. L.561-18, French Monetary Code). Both their existence and the content of the report, along with any follow-up action, cannot be disclosed to the subject of the report or to any third party. Should an individual concerned by a SAR wish to consult what personal data was used in the SAR, he/she can ask the CNIL for “indirect access” which then nominates one of its members, who is also (or has been) a member of one of the French Supreme Courts, in order to investigate and potentially make relevant amendments to personal data. The individual gets access when the CNIL establishes with the bank that communicating the information will not reveal any sensitive information (i.e. the SAR itself, the amount at stake, declarations from bank employees, follow-up actions etc.) and, most importantly, does not risk to hinder the objectives of anti-money laundering and terrorism financing”, specifies Emmanuel Breen, Counsel at Laurent Cohen-Tanugi Avocats (Paris, France).

It remains unclear what the purpose of such a disclosure to the claimant would be, absent the above data.

Additionally, we must not forget the French Constitutional Council’s decision that deemed the public register of trusts required by the 4AMLD to be unconstitutional due to its infringement of the right to privacy. As of today, there is still no further progress on this point, at least in France.

While still a member of the EU, the UK somewhat customised their approach by creating a trust register that is not accessible to the public and therefore less of an invasion of privacy. This regime seems unlikely to be amended after Brexit.

In Italy, it seems that the UBO of a trust can oppose the publication of his/her data in the register.

Speaking of registers: what a fascinating exercise as to compile the data on the UBO registers in countries on every continent in terms of existence and availability. We can note that, in some cases, even the so-called “developing” countries have exceeded the developed European ones; Ghana, would be a good example of this.

On this basis, the recent decision taken by the European Commission to designate “high-risk” jurisdictions is more than nebulous. Nor will the EU’s plan to create a unique European AML supervisory body sort out this lack of consistency and harmonisation; this proposal gloomily promises only to add another layer to the bureaucratic blame game.

Finally, there is the mismatch between sanctions regulations, with perhaps the most conspicuous being the differences between OFAC’s programs and those under the EU Blocking Statute. In a nutshell, the problem arises because entities established or incorporated in the EU are prohibited from complying with specific US sanctions regimes, on pain of penalties.

“It is important to note, however, that the EU Blocking Regulation does not provide for a formal sanction mechanism and leaves it to Member States to define sanctions and enforce them. There are therefore huge discrepancies in the enforcement record of the EU Blocking Regulation among Member States. Certain governments have been more aggressive than others in this respect. For example, the UK adopted the Extraterritorial US Legislation Sanctions against Cuba, Iran and Libya – Protection of Trading Interests Order in February 2019, which provides for an unlimited fine. At the other extreme, countries like France and Luxembourg have yet to introduce any national legislation on this issue and are not yet in a position to prosecute violations of the EU Blocking Regulation”, says Mr. Breen. “The EU is not, though, alone in this aspect. Canada and Mexico also implemented their own blocking statutes to respond specifically to the US Helms-Burton Act”, he adds.

If jurisdictions continue this ping-pong game, who can unhesitatingly and confidently say where we are headed?

Towards a No-Man’s Land?

Mr. Breen tilts toward a further increase in regulations. During our discussion, he used the term “overcompliance”. Quite a fair one. Despite its positive connotations – i.e., going beyond explicit regulatory requirements and expectations – Mr. Breen still considers it a risk.

Pierre-Manuel Sroczynski, ex-Director of the Compliance and Permanent Control department at the French La Banque Postale and now a consultant at Somerset Advisory, holds a diametrically opposed view.

“The AML and sanctions-related legislative and regulatory corpus is already quite extensive and complete. A further increase? Definitely not. I guess the governments have taken heed of the fact that the crux of the matter now lies with the relevant and appropriate supervision, coordination and harmonisation”, he believes.

Today, we are waiting to find out what lies ahead, and what the current and upcoming regulatory efforts have in store for Compliance Officers. The territory remains challenged and contentious. Personally, being a Cartesian Compliance Officer, I believe that the “holy war” Compliance wages on financial crime may justify specific gambits, i.e. sacrifices (for example, data protection), in order to effectively pursue a just cause, unless there are truly no regulatory conflicts involved. I am also convinced that compliance should go beyond regulatory expectations, not to complicate our lives but to make it easier.

I have to admit that sometimes it feels like compliance has taken the wrong path, with regulations having too many loopholes that seem designed to satisfy particular shadow interests. Even the FATF Executive Secretary David Lewis admits that no country has a solid AML framework that works as it should. Take the recent EIB case, as an example: the drastic shortcomings in the AML framework were known to EIB’s top management, who actually considered the regulations and rules and insisted on their implementation throughout Europe. Or the whatever-Leaks or Papers: how many of you know what the state of play is after all the whistleblower-journalists to and fro, and the books written and disclosures published?

But as a compliance professional, I hope that no regulatory evolution in this field will force the return to ground zero.

Newsletter

Related Articles

KazPost
0:00
0:00
Close
It's always the people with the dirty hands pointing their fingers
Paper straws found to contain long-lasting and potentially toxic chemicals - study
FTX's Bankman-Fried headed for jail after judge revokes bail
Blackrock gets half a trillion dollar deal to rebuild Ukraine
America's First New Nuclear Reactor in Nearly Seven Years Begins Operations
Southeast Asia moves closer to economic unity with new regional payments system
Today Hunter Biden’s best friend and business associate, Devon Archer, testified that Joe Biden met in Georgetown with Russian Moscow Mayor's Wife Yelena Baturina who later paid Hunter Biden $3.5 million in so called “consulting fees”
Singapore Carries Out First Execution of a Woman in Two Decades Amid Capital Punishment Debate
Google testing journalism AI. We are doing it already 2 years, and without Google biased propoganda and manipulated censorship
Unlike illegal imigrants coming by boats - US Citizens Will Need Visa To Travel To Europe in 2024
Musk announces Twitter name and logo change to X.com
The future of sports
Unveiling the Black Hole: The Mysterious Fate of EU's Aid to Ukraine
Farewell to a Music Titan: Tony Bennett, Renowned Jazz and Pop Vocalist, Passes Away at 96
Alarming Behavior Among Florida's Sharks Raises Concerns Over Possible Cocaine Exposure
Transgender Exclusion in Miss Italy Stirs Controversy Amidst Changing Global Beauty Pageant Landscape
TikTok Takes On Spotify And Apple, Launches Own Music Service
Global Trend: Using Anti-Fake News Laws as Censorship Tools - A Deep Dive into Tunisia's Scenario
Arresting Putin During South African Visit Would Equate to War Declaration, Asserts President Ramaphosa
Hacktivist Collective Anonymous Launches 'Project Disclosure' to Unearth Information on UFOs and ETIs
Typo sends millions of US military emails to Russian ally Mali
Server Arrested For Theft After Refusing To Pay A Table's $100 Restaurant Bill When They Dined & Dashed
The Changing Face of Europe: How Mass Migration is Reshaping the Political Landscape
China Urges EU to Clarify Strategic Partnership Amid Trade Tensions
Europe is boiling: Extreme Weather Conditions Prevail Across the Continent
The Last Pour: Anchor Brewing, America's Pioneer Craft Brewer, Closes After 127 Years
Democracy not: EU's Digital Commissioner Considers Shutting Down Social Media Platforms Amid Social Unrest
Sarah Silverman and Renowned Authors Lodge Copyright Infringement Case Against OpenAI and Meta
Why Do Tech Executives Support Kennedy Jr.?
The New York Times Announces Closure of its Sports Section in Favor of The Athletic
BBC Anchor Huw Edwards Hospitalized Amid Child Sex Abuse Allegations, Family Confirms
Florida Attorney General requests Meta CEO's testimony on company's platforms' alleged facilitation of illicit activities
The Distorted Mirror of actual approval ratings: Examining the True Threat to Democracy Beyond the Persona of Putin
40,000 child slaves in Congo are forced to work in cobalt mines so we can drive electric cars.
Historic Moment: Edgars Rinkevics, EU's First Openly Gay Head of State, Takes Office as Latvia's President
An Ominous Shift in Warfare: Western Powers Risk War Crimes and Violate International Norms with Cluster Bomb Supply to Ukraine
Bye bye democracy, human rights, freedom: French Cops Can Now Secretly Activate Phone Cameras, Microphones And GPS To Spy On Citizens
The Poor Man With Money, Mark Zuckerberg, Unveils Twitter Replica with Heavy-Handed Censorship: A New Low in Innovation?
The Double-Edged Sword of AI: AI is linked to layoffs in industry that created it
US Sanctions on China's Chip Industry Backfire, Prompting Self-Inflicted Blowback
Meta Copy Twitter with New App, Threads
The New French Revolution
BlackRock Bitcoin ETF Application Refiled, Naming Coinbase as ‘Surveillance-Sharing’ Partner
Corruption in the European Parliament - Business as usual
UK Crypto and Stablecoin Regulations Become Law as Royal Assent is Granted
Paris Suburb Grapples with Violence as Curfew Imposed: Saint-Denis Residents Express Dismay and Anger
A Delaware city wants to let businesses vote in its elections
Alef Aeronautics Achieves Historic Milestone with Flight Certification for World's First Flying Car
Google Blocked Access to Canadian News in Response to New Legislation
French Politicians Advocate for Pan-European Regulation on Social Media Influencers
×