A handful of new and updated regulations have been introduced in the European Union (EU) in the past few years that are changing the way international companies do business — and the changes are far from over. To protect your business, it is important to understand the nuances of each regulation, what is still uncertain, and the implications of non-compliance.
The GDPR took effect on May 25, 2018. Designed to set a uniform standard for how organizations collect, use and share the personal data of EU citizens, it impacts any company that transacts with an EU citizen — regardless of where the company or citizen is located. The GDPR replaced the Data Protection Directive of 1995 and the national data protection laws of the EU.
There has been a significant amount of coverage around the GDPR due to its hefty potential fines for non-compliance. The maximum penalty of 4% of global annual turnover or €20 million (whichever is higher) for a data breach resulting in the loss of personal data is enough to put some companies out of business completely. So, if you are not already GDPR compliant, or if you are planning to expand your business into the EU, here are the basics:
The revised Payment Service Directive (PSD2) came into force on January 13, 2018. It aims to support an integrated EU payments market, create a level playing field for payment service providers, improve the safety and security of payments, and protect consumers from fraud. PSD2 addresses all players in the space, including banks and payment services providers.
Key components of PSD2 include:
Money laundering is the process by which criminals attempt to make it look like their ill-gotten gains were obtained by legal means. On June 19, 2018, the fifth EU Anti-Money Laundering Directive (AMLD5) was published, amending AMLD4, which went into effect in 2015. EU Member States must transpose the directive into local laws by January 10, 2020. Just a few months later, the EU Directive on combating money laundering by criminal law (known as AMLD6) was introduced. EU Member States have time to transpose it to local legislation by December 3, 2020. The European Parliament and the European Commission created this directive to complement the application of the 4th and the 5th AML Directives.
The goal of AMLD5 is to:
Additionally, AMLD5 requires Member States to create a better environment for information sharing by creating centralized automated mechanisms, such as central registries or central electronic data retrieval systems. This will allow financial intelligence units (FIUs) and competent authorities to identify account holders in a timely manner. FIUs will now be able to acquire any information they need from any obliged entity, even without a previous suspicious transaction report being made.
AMLD6, which lists 22 specific predicate offenses (an offense that is part of a larger criminal offense or scheme) for money laundering that all EU Member States must criminalize and sign into law by December 3, 2020. Regulated entities will have until June 3, 2021 to implement relevant regulations.
AMLD6 will expand the list of money laundering offenses, including “aiding and abetting,” and will crack down harder on offenders. All EU states will be required to set a minimum imprisonment of at least four years for money laundering offenses (up from one year). Any sentence may be supplemented with ‘effective, proportionate and dissuasive sanctions’ which can be combined with fines. This includes the full shut-down of a business. And the penalties are not limited just to businesses. With AMLD6, criminal liability may be extended to individuals who commit offenses for the benefit of their organization.
Due to the continuing evolution of anti-money laundering directives and definitions, it can be challenging for organizations to keep up with the requirements surrounding payments. This is therefore another area that many companies outsource to experts in the field.
Brexit, or the British exit from the European Union, was originally scheduled for March 29, 2019. But that date has been delayed twice as the EU and UK have failed to come to an agreement over the terms of their future relationship. The current date set for Brexit is January 31, 2020.
What does that mean for the application of EU regulations to and for the UK? Depending on the withdrawal agreement at the moment, not much — but nothing is certain at this time. When it comes down to it, it appears that:
Payoneer operates under a robust, risk-based compliance program that addresses and adapts to the evolving regulatory requirements of each country in which we operate.
We are actively monitoring Brexit. If the UK does exit the European Union, we have measures in place to ensure we will seamlessly continue to conduct business in all regions with no impact to our customers.