There are
awards for everything these days, especially during the transition from one
year to the next. Merriam-Webster, the publisher of dictionaries and other
language-oriented books annually select a “word of the year”, and
for 2020, (in what might be the least surprising choice ever) “pandemic” topped
their charts. Meanwhile, the people over
at the Oxford English Dictionary, while acknowledging that the use of the term
“pandemic” had increased “57,000%” felt that 2020 was an “unprecedented” year
and broke tradition to name an entire slate of “words of the year”. These included “bushfires, Covid-19, WFH,
lockdown, circuit-breaker, support bubbles, keyworkers, furlough, Black Lives
Matter and moonshot”. That’s quite a
mouthful of words, but, then again, – it was quite a year.
One of the
words Oxford noted as being substantially down in usage throughout 2020 was
“Brexit”, which comes as somewhat of a surprise. Of course, the reduced rate of usage is
relative as one can imagine that during 2019 there may have been times when a sentence
in your typical BBC report consisted of “Brexit [verb], [adjective] Brexit,
Brexiteer, Brexit [verb] [expletive] Brexit”.
Now that
Brexit is fully upon us one might expect to see similar peaks and troughs
in usage of the “B” word as the finer details of its workings are
developed. Perhaps of even more
importance will be some of the Brexit associated words that will come to the
fore as everyone starts to incorporate the reality of a separate and distinct
UK and EU into their respective commercial lives. As the contest begins to choose which Brexit
related term might become the 2021 “word of the year” an early favourite has
emerged.
That would
be “EQUIVALENCE”.
You see, up
to now much of what has driven the Brexit movement has been the urge to
emphasise the differences between Britain and the rest of the EU. You have heard about contrasts in language, culture, sovereignty
concerns, unique relationships with Commonwealth partners and the United
States, an unwillingness to defer to “Brussels” in multiple areas – all of
which may or may not be legitimate but which, now that Brexit is a reality –
become of less urgency.
What will
remain (and increase) in importance will be the areas where the UK will attempt
to show that they remain much the same as their former EU partners. Areas where the standards under which the UK
operates are substantially similar to and compatible with those of the EU and
therefore should be viewed as (that word again) “equivalent”.
The various
governments’ ongoing assessment of where the EU and UK retain (or build)
equivalent standards will take up a significant amount of time and will
evidence itself in a variety of forms.
It is well worth exploring in some detail what those will look like. The
idea of “equivalance” in a legal or regulatory sense will arise in a variety of
circumstances – but the concept will essentially be the same for each – it will
be an attempt to answer some form of this question:
Can one
view the laws, regulations, guidelines and principles under which the two
jurisdictions operate as sufficiently compatible for each to acknowledge and
accept the sufficiency of those standards?
So where
will we find situations where this question arises – and how do we establish
the answers when it does? One place that
will certainly give rise to queries concerning equivalence will be the field of
financial services regulation. Here are a
couple of helpful examples of where regulators will be faced with determining
“equivalence” in the very near future.
First,
let’s consider the topic of “outsourcing” – a key focus of European regulatory
reform within just the past couple of years, and one which gives rise to many
instances of cross border interaction.
If an EU based subsidiary of a UK parent company wishes to make use of
the parent as a provider of outsourced services (such as for internal audit) –
or if they wish to use a UK based company for other such remote services (e.g.
cloud based storage), then the status of that relationship will likely have
changed as the result of Brexit. There would have been, under a pre-Brexit EU
based regime, minimal legal differentiation between an entity based in, say,
Ireland and that same entity’s registered branch in the UK (and vice-versa). Post-Brexit, with branches not being
recognised by the EU as a viable means of establishment for UK based entities,
and with only a temporary permissions regime in place in the UK itself, a split
in recognised authority has taken place.
As many will be aware, a number of changes were made to many group
structures to address this circumstance, particularly where a UK based parent
had previously operated cross-border branches.
In those instances, parent structures were often re-located to a
jurisdiction that retained EU membership (and thus passporting rights). The
remaining UK entity now will offer its regulated services only to U.K. based
customers. But what if that U.K. entity still offers certain “outsourced”
services to the other group companies?
What if they still provide things like the group’s sanctions screening
process, vendor management programme or IT security upgrades? What if they receive those services
from other group companies or 3rd parties? When formulating their
restructures did groups factor in the need to answer these questions (for both
internal and external outsourcing)? What standards will apply, what will the
contracts have to look like – where are the rules to be found?
For
questions surrounding outsourcing the answer used to be relatively simple – you
would look to the “EBA Guidelines on Outsourcing Arrangements” as a primary
source. The “EBA” is, of course, the
European Banking Authority – a distinctly EU based organisation. Post-Brexit that means that the answer (at
least with respect to services touching in some way upon UK based entities) is
not quite so straightforward. Given that
many groups had undertaken a restructure to address Brexit – had they also
fully considered whether their outsourcing profile had changed? Even if they had – was the EBA still the
authority to look to when undertaking that analysis? Did those standards maintain the necessary (here
it comes) “equivalence”?
The simple
fact is that in undertaking their restructures many companies continued to
avail of services offered from their UK entity to the former branches, (or vice
versa) without having fully considered the outsourcing implications. Whereas it may have been possible, under
prior legal structures, to posit that those services were not “outsourced” (due
to the fact that they derived from the same legal entity), that likely will not
be the case any longer. A contract for
outsourced services will certainly be required where a former EU branch is receiving
those services from a now separate UK entity. I would posit that this may even
be the case where an EU parent is receiving a service from a UK branch that is
operating cross-border pursuant to the Temporary Permissions Regime (“TPR”). The TPR is a mechanism by which the UK
regulator becomes comfortable with the continued presence of an EU
registered firm within the UK. It does
not necessarily have any impact on how an EU regulator would view the status of
that (now non-EU based) branch. The safe
route would be to contract those services in a manner that complies with the
EBA Guidelines, because, for now (and here comes that word again) those
standards would still be seen as equivalent in the two jurisdictions. Indeed,
indications are that UK regulators are quite keen to retain the equivalent
standards for at least the mid-term.
This is evidenced
by the fact that UK regulators (e.g. Bank of England, FCA and PRA) are currently
stating that UK based entities should make every effort to adhere to guidelines
like those espoused by the EBA on outsourcing "to the extent that they
remain relevant when the UK leaves the EU”.
Such relevance will be retained for guidance that existed pre-Brexit (in
this case January of 2021), but what if there are amendments or additions to
that guidance post-Brexit? The FCA has noted that in such instances it will
“clarify” whether the rules will continue to apply on an “equivalent” basis. One would expect that there will be a
significant bias in favour of retaining equivalence where possible – and this
is quite possibly going to remain the case in most instances. However, in certain other areas, (cloud
outsourcing comes immediately to mind) the UK may decline to recognise the EU
standard thereby creating an area of divergence. Firms should build the monitoring of such
“equivalence gaps” into their regulatory change management structures.
The
question has arisen as to whether a regulator based, for example, in the EU
would be much interested in what the contract of an entity they regulate says
when that entity is the provider of outsourced services. Although the motivation for review will be
different it is relatively easy to envision why there may be such dual interest.
Consider the case where EU based parent Company “A” derives a significant
portion of its revenue from UK based subsidiary group Company "B". It would not
be unusual for the UK subsidiary "B" to receive outsourced services from Parent "A" or another external provider and certain of those services may be "critical" when it comes to allowing "B" to function. While it may be the UK regulator who examines "B" as the recipient of those services, an EU based regulator would also have a prudential
concern based upon the potential disruption of that channel or service. After all - if "B" gets shut down due to inadequate outsourcing protections - there goes a huge chunk of "A's" revenue. Thus, it would not be surprising, under many
existing group structures, to see both recipient and provider regulators
evidencing an interest in reviewing outsourcing arrangements and retaining
equivalent standards when doing so.
Where else
might the concept of “equivalence” raise its head? One intriguing area concerns the area of
payment services, as such field was re-defined under the Payment Services
Directives. This EU legislation created
a new type of entity (the “Payment Institution”) which was allowed to offer
“payment services”, as defined in those laws.
Fully licensed banks (“Credit Institutions”) are similarly authorised to
offer these services as well as the additional banking services that go along
with that more expansive license.
Here is
where things get interesting from an equivalence standpoint. While a member of the EU, the UK, almost
exclusively, allowed certain banks licensed in non-EU jurisdictions to open “3rd
country branches” in the UK. So, under
this approach, a large U.S. based bank could apply for the right to open a
“branch” in the UK without meeting the prudential requirements associated with
full “credit institution” status. That “3rd
country branch” could operate in the UK but would not be eligible to passport any
of its services to the rest of the EU.
It would probably be more than a mild understatement to say that this
practice was looked on with skepticism from the rest of the EU.
The UK
argued that it was within its rights to do this because they were able to
establish, to their satisfaction, that the home state regulatory regime of the
institutions so authorised were largely (you guessed it) “equivalent” to those
that would apply in the UK. A bank
regulated in the United States was thus able to apply and receive branch status
based upon that concept.
Presumably,
if a U.S. based institution can avail of such 3rd country branch
status, a credit institution regulated in the EU, which has a regime
structurally in line with all the UK could expect (since they belonged to that
same regime until just one month ago), should be able to do the same. This
appears to be the position the PRA is taking in the UK and, particularly for
“wholesale banking”, the “3rd country branch” approach will remain
viable.
But what of
“payment institutions” (and the related class of “e-money institutions”)? Will the UK grant these smaller, less capital
intensive, limited entities the same ability to establish a branch that
currently exists for their larger, more complex cousins? Logic would, seemingly, dictate that this be
the case. What merit is there in requiring
separate legal entities (and attendant board structures, capital outlays, risk
frameworks and duplicative reviews) for a type of business that was created out
of thin air less than two decades ago by an EU based directive?
Logic,
alas, is not always the primary driver of regulatory oversight. As of right now there does not appear to be
significant movement afoot to establish 3rd country branch status
for payment or e-money institutions. As
the temporary permissions regime proceeds towards its conclusion it would seem
likely – under that pervasive desire to achieve “equivalence” when possible –
that such a movement will arise. The
ironic thing is that whereas the non-UK EU members despised the existence of
the “3rd country branch” pre-Brexit – it may become a favoured tool
for maintaining ties between the two jurisdictions in this post-Brexit
environment.
So, in
conclusion, those who work in the field of regulatory change management would
be well served to search out and understand the concepts surrounding
“equivalence” over the next few years as the EU and UK engage in the dance
surrounding their future relationship. As standards evolve and relationships mature the equivalence concept will keep coming up - in areas as diverse a data protection or units of measure. Knowing
when it has been achieved – and when it may no longer be present – will be a
key to many future decisions.
