Compliance in post-Brexit Britain

"The overall impact is that GDPR and ePrivacy regulation are likely to grow rather than diminish after Brexit," says Dr Nirmala Lee, Associate Professor in Banking and Finance

Date: 17 January 2020

The conservative victory in the general election is widely construed as a mandate to ‘get Brexit done’.  Some news channels such as Sky News dubbed it ‘the Brexit election’, underpinning the relevance of Brexit for the election outcome.  What might be the biggest changes and challenges likely to arise in relation to compliance issues for UK companies post-general election?

The future is unknown, and there are well documented research studies that show that humans are no better than chimps when it comes to predicting the future.  However, this has not stopped forecasters and others from making predictions; so, here are some predictions!

The Conservatives have promised a review of IR35 but have qualified that such a review would need to be “appropriate” and “right”.  It is not likely that off-payroll rules are abolished altogether, and there may be difficulties in the short-term for UK contractors subject to UK taxes currently working for EU companies, with many companies opting for insurance and other protective measures to ensure compliance, leading to an increase compliance-related costs.  However, despite IR35 self-employment is already on the rise, and it is likely that self-employed professionals such as contractors and consultants will thrive and increase notwithstanding in post-Brexit UK.

While the General Data Protection Regulation (GDPR) applies to companies based in the EU, post Brexit UK is likely to be unable to ignore the extraterritorial reach of the regulation, as GDPR is also deemed to apply to companies which have EU citizens as their customers.  EU customers who feel aggrieved by any perceived breach of GDPR, may sue the non-EU company. Compliance costs are likely to increase as the heavy reliance of companies on technology to monitor GDPR infringements may have to be offset by human inputs as GDPR permits computer-based decisions to be overturned and for people to review such decisions.  The overall impact is that GDPR and ePrivacy regulation are likely to grow rather than diminish, resulting in increased compliance requirements for the UK and indeed all global companies.

The EU’s Fifth Money Laundering Directive (5MLD) has just recently come into force on 10th January 2020 and companies are expected to be prepared and in compliance with areas such as Politically Exposed Persons (PEPs), digital identity technologies, information on ultimate beneficial ownership, cyber currencies, and other key areas, and there are increased compliance costs on companies and also the government.  Consequently, there is bound to be some debate as to whether the UK would need to comply with EU’s 5MLD as well as the forthcoming 6MLD and succeeding directives when there is no compulsion to do so. Expect a case by case approach and debate on the introduction of EU money laundering directives in a post-Brexit UK.

UK companies will be continuing to look to the Chartered Governance Institute to provide thought leadership and guidance for navigating the complex and changing compliance landscape in post-election and post-Brexit UK.

Portrait of Nirmala Lee