Senior staff at banks, building societies and regulated investment companies could face fines, disqualifications and potentially, jail time, for failing to perform their duties properly under the Senior Managers and Certification Regime (SM&CR) that will apply from 7 March 2016. A separate Senior Insurance Managers' Regime (SIMR) will come into force on 1 January next year.
Financial regulation expert Michael Ruck of Pinsent Masons, the law firm behind Out-Law.com, said he echoed concerns expressed by US academic Dr Michelle Frasher last month about the discord that can exist between compliance with US and EU anti-money laundering (AML) rules and the EU's data protection regime.
In an article published by American Banker, Dr Michelle said "an experienced AML officer" had admitted at a conference in London earlier this year that they would risk their employer being fined up to 5% of their global turnover, as is proposed under new EU data protection rules being negotiated, by "using data that might violate data privacy and protection rules" to meet their AML responsibilities. He said he would do that so as not to put themselves "in jeopardy", she said. The academic said most other AML officers would also adopt that view.
"This is clearly an issue financial institutions and money laundering reporting and compliance officers are currently considering very carefully," Ruck said. "The potential conflict between the interests of the firm and the individual compliance officer may be inherent in the role, and has been for some time, but will be exacerbated by the senior managers' regime being introduced for banks and insurers in the UK."
"The banking regime reverses the burden of proof onto an individual who has responsibility for an area of the bank in which a breach of the regulatory regime occurs, making individual accountability an extremely hot topic. This may reflect the approach of the AML officer referenced in Dr Michelle Frasher's article," he said.
Ruck said that banks must take steps to "fully understand" how AML and data protection rules apply to them, both in the UK and internationally. They should also "ensure their staff understand the regimes, put in place senior management responsibility for compliance and, in circumstances where the two regimes may appear to be at odds, seek advice on how to address this conflict".
"There is some provision for any such conflict to be resolved in the EU's new Anti-Money Laundering Directive but with the various international regimes and international regulatory bodies often involved, these conflicts will continue to arise," Ruck said.