Consumer Standard Banking: Legal and Regulatory Analysis
Banking laws differ in every country, region, territory, and jurisdiction in the world, though some laws and regulations apply to multiple regions’ banking institutions. Laws and regulations have changed since the 2008 global financial crisis, becoming stricter on banking policies and processes, instituting more data privacy rules and protections, and decreasing opportunities for money launderers and tax evaders.
International Banking Laws & Regulations
- Research shows that the primary way to determine commonalities in banking laws across the globe is to review the laws of each country (or region, like the EU) to understand the similarities. The laws for each region (and often, each country) are detailed and complex (as well as ever-changing in some cases), and there does not appear to be a site that collects them all – or any research conducted into the most common laws. One of the most current / recent collections of these laws is a two-book set from Thomson Reuters titled “International Banking Law & Regulation.”
- Some research has been collected from experts like HSBC, which tracks financial system regulations around the world. They have recent news on four sectors of global financial system regulations: market structure, bank structure, tax transparency, and capital and liquidity.
- For market structure regulations, they note that many regions are establishing “regulation for derivatives to improve transparency and risk.” These include (by region): European economic region: these regulations include the EMIR, AIFMID, UCITS V, MAD, and MiFid; US: Dodd-Frank Act Title VII; Hong Kong: specific trade reporting; as well as similar reforms throughout Latin America and Asia.
- For bank structure regulations, they note that regions are instituting “structural reforms designed to address new regulations to protect customers and taxpayers.” These include (by region): US: Dodd-Frank Act Volcker Rule; UK and EU: general structural reform.
- For tax transparency regulations, they note that the Foreign Account Tax Compliance Act (FATCA) “is the implementation of the G20 commitment by the United States,” and its impact is spread across the world, and that more than 100 countries, territories, and jurisdictions “have also enacted measures to address tax avoidance, known as the Common Reporting Standard for the Automatic Exchange of Financial Information (CRS).”
- For capital and liquidity, most regions are strengthening “bank capital requirements and [increasing] bank liquidity reserves to drive down systemic risk.” The Basel III Accord has been implemented in many countries already, including Hong Kong. In the EU, the Capital Requirements Directive (CRD) IV will implement Basel III requirements.
- According to HSBC, the financial crisis in 2008 caused many governments around the world to “push for financial reforms designed to provide greater transparency of transactions and reduce risk in order to make financial systems more stable and better regulated, and to make global markets safer.” Additionally, new bank structure and capital rules have been implemented with the intention of strengthening “resilience to any future financial crises and to provide greater consumer protection.”
Global Banking – Proactive Regulatory Management
- Research from PWC notes that, due to recent events (both country-specific and global), “governments and regulators are increasing levels of scrutiny and are increasingly penalty-minded.” Regulators want banks “to embrace regulatory intent, and create sound, secure, unbiased businesses, where regulatory compliance and sound conduct is embedded in the processes and values of everyday operations.”
- Regulators and governments want banking regulations streamlined and built into typical banking processes, “not just the responsibility of the compliance group(s).” However, PWC notes the challenges in this as regulatory items are handled differently by different agencies within the same financial institutions, all “leading to inconsistent understanding of regulatory implications, lack of clarity around firm-wide decisionmaking, and inefficiency and duplicative processes around the bank.” To address this, they recommend that global banking institutions have a “strong global regulatory lead and team” that oversees all activity bank-wide, and that this will enhance accountability, clarify consistency in messaging, and proactively address relevant issues.
- According to research by McKinsey, globally, many “legal and compliance departments are automating the extraction of data from documents and using algorithms to triage suspicious patterns for manual review,” and using other innovative technologies to automate related processes.
Countries w/ Highest Banking Secrecy Laws
- Switzerland tops the list of the countries with the highest banking secrecy laws. The country has more than 400 banks, and a long tradition of protecting banking assets for its clientele (stemming back from protecting assets during WWII). As this country is not part of the EU, they are not required to follow EU banking laws.
- The Seychelles comes in second on this list; though there are only 10 different banking institutions, each of them has a variety of branches throughout the area. This country “supports the right to privacy of both domestic and foreign nationals,” and opening an account – either as a citizen or a corporation – is easy and takes very little time. They do not report interest income to national authorities.
- Luxembourg is third on the list for banking secrecy; they have nearly 150 banks throughout the country. Banks in this country respect the privacy of patrons, and have laws stating leaks are punishable with prison terms.
- Other areas on the list that are tops in banking secrecy are the Cayman Islands, Samoa, St. Lucia, the US, Bahrain, Hong Kong, Panama, Singapore, and Belize.
Additional Regulatory Landscape & Recent Changes
- Some regulatory changes (recent and current) from various regions and countries affect banks in other regions. Some of the most notable ones from the European Union, the United States, Canada, the UK, Brazil, Thailand and more have been included (as examples) below.
- The European Commission created the “High-level Expert Group (‘HLEG’) to examine possible reforms to the structure of the EU’s banking sector.” In 2014, their reform proposal was released as draft regulation, and included a suggestion to ban “proprietary trading and the separation of high-risk trading activities from banks’ core services,” among other recommendations.
- The proposed structural regulations were partnered with recommendations “to improve the transparency of shadow banking,” and provided measures aimed at enhancing “regulators’ and investors’ understanding of securities financing transactions (STFs).”
- The PSD2, or Payment Services Directive 2, was expected to go into effect in September 2019, but was extended to December 2020 by the European Banking Authority. This regulation includes criteria that provides for more-secure customer authentication processes, provides for transaction-based risk analysis “to deter fraudulent payments,” adds dynamic linking to authentication, and increases mobile app security.
- Also in the EU, the Anti-Money Laundering Directive 5 (AMLD5) is a primary regulatory item. The fifth version of this regulation was adopted in July 2018 and went into effect in January 2020. This version identifies “virtual cryptocurrency exchanges (VCEPs) and custodian wallet providers (‘CWPs’) as ‘obliged entities’ subject to EU regulations.”
- The Volcker Rule of the Dodd-Frank Act imposes a variety of restrictions on financial institutions, “most notably the prohibition of proprietary trading.” Banks could no longer engage “in short-term proprietary trading of specific financial instruments for their own account,” nor could they own, sponsor, or partner with “hedge funds or private equity funds.” These regulations took effect in 2014 with implementation spanning to 2016.
- Changes are coming in 2020 to the Safeguards and Privacy Rules of the Gramm-Leach-Bliley Act. This act “requires financial institutions (FIs) explain to their customers the organization’s information-sharing policies and practices and to safeguard sensitive data.” These regulations require banks to implement customer data security measures, and to ensure all bank affiliates, partners, and service providers offer the same high-level of customer data protections.
- The CCPA, or California Consumer Privacy Act, goes into effect in July 2020; this regulation was modeled after the EU’s GDPR (General Data Protection Regulation). The regulation applies to for-profit businesses that collect consumer data, and requires them to manage the data in specific ways – and comes with steep penalties for non-compliance.
- An overview of the regulatory and legal landscapes for US banking can be found in this detailed report from Global Legal Insights. An additional overview is provided via the Minneapolis Fed in this detailed report. A full list of every compliance regulation for US banking is offered here by Compliance Cohort.
- In Canada, two major regulations take center stage. FINTRAC (Canada’s Financial Transactions and Reports Analysis Centre) has provided information and regulations for digital onboarding security that includes the support of various digital identification technologies. Additionally, beginning in June 2020, amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) take effect. These directly affect cryptocurrency exchanges, changing their classification to MSBs (money service businesses).
- Structural Reform took place in the UK with the Financial Services Banking Reform Act of 2013, which was aimed at imposing “higher standards of conduct on the UK’s banks.” One of the biggest reforms was the enactment of ring-fencing – separating retail banking from wholesale banking and investment banking divisions.
- Brazil’s General Data Protection Law (LGPD) takes effect in August 2020; this regulation is modeled after the EU’s GDPR and “applies to any individual or legal entity (regardless of where they are located) that offers or supplies goods or services to Brazil, processes data in Brazil, or processes data collected in Brazil or belonging to Brazilian individuals.” It calls for the adoption of “administrative, technical, and security measures” that protect consumer data; the technical standards of the act will be published before they go into effect.
- Thailand’s Personal Data Protection Act BE 2562 goes into effect in May 2020; this regulation was influence by the EU’s GDPR, but has a country-specific conceptual basis. It calls for consumer consents, the solidification of customer data practices into categories (with consent obtained for each category), and affects both Thai users and those who process Thai resident data (including global and regional banks servicing the area).
Multiple: 37 countries & 2 Regional Organizations
- The FATF, or Financial Action Task Force, set standards that provided guidance on digital identities as they relate to financial institutions, governments, and other organizations. The guidance “focuses on end-to-end digital ID systems which encompass the processes of identity proofing, enrollment, and authentication,” and provides a selection of benefits for utilization. Two regional organizations, the EU and the Middle East Gulf Cooperation Council, as well as 37 countries/jurisdictions are expected to adopt the regulatory guidance “to combat fraud, identity theft, money laundering, and terrorist financing.”