Compliance implications of Brexit for businesses

February 5, 2020

More than three years after the initial referendum to decide whether or not the UK should remain part of the European Union (EU), and around one year since the original deadline to leave was set, the UK finally left the EU on 31 January 2020.

Anyone in the UK or Europe expecting significant and immediate change after Brexit however, would have been left most disappointed. There is a transition period until the end of December 2020 when all EU rules still apply in the UK. This means there remains much to discuss, especially in terms of Financial Services (FS) and how issues such as passporting will be addressed in the long-term.

But that means that businesses across the continent will need to be extra vigilant in terms of regulatory compliance and risk management during this period of further uncertainty.Regulation such as GDPR for example, will still 100% apply to UK organisations if they hold data on any EU citizens.

As the UK is finally officially no longer part of the EU, what are the implications for regulatory compliance and business risk management for organisations in the UK and also within the EU?

A period of uncertainty

The only thing that is really clear about the UK leaving the EU, is that for the next 11 months nothing will change. All regulatory compliance requirements will remain the same and many of the same risks will present themselves to organisations, risks that will need to be managed and mitigated via the use of risk management software or a broader IT GRC tool.

But as yet, there is no strong idea of what will happen beyond that time. Will there be much divergence in regulatory compliance between the UK and the EU, is there likely to be much alignment in areas such as data protection and privacy?

This period of uncertainly will ultimately make risk management that little bit more challenging for businesses. GDPR is a powerful example. The UK coming out of the EU does not change those requirements in the slightest, so UK firms could be much more vulnerable to data breaches that lead to GDPR fines than they were previously.

Given the size and volume of such fines already, this prospect only increases the need for effective risk mapping. This allows organisations to understand what threats they are facing, what impact they might have and in learning this, to be able to plan and resource effectively to deal with them.

Embracing the uncertainty with business risk management

The UK’s newly elected government has styled itself as a ‘rule maker, not rule taker’ and it will be interesting to see how this impacts on regulatory compliance and business risk management. In some areas the UK could impose higher regulatory standards than the EU– what would the effect of this be?

It all means that organisations must be agile, responsive and ready to deal with whatever is in front of them. A significant part of being ready in this way, comes in the use of GRC software and risk management solutions.

Doing so will allow organisations to adapt their compliance or GRC departments and programmes gradually, in line with what the requirements actually are. Compliance officers will need to be extra-vigilant as to what expectations are in the UK and how they differ from the EU, and what their organisation must do to remain compliant.

The right GRC software can help navigate Brexit turbulence

This is why Oxial’s proposition of cutting-edge innovation in the shape of our sGRC solution – one of the market’s most effective and cost-effective IT GRC tools – combined with the expertise of our consulting partners, which include EY, BDO and Grant Thornton, is such a compelling prospect for any organisation that is committed to business risk management.

We place great value and importance in our business partners, who number some of the most knowledgeable and informed experts in the compliance sector. They have a deep understanding of all regulatory compliance requirements and will have their fingers on the pulse on what is required as the UK transitions over 2020 into non-membership of the EU. This expertise is passed onto to all our customers, to help ensure that nothing slips through the net and that they won’t be exposing themselves to significant risk.

If you are a UK organisation that is facing uncertainty over compliance requirements in the EU, or an EU company that is unsure about how to approach compliance in the UK post-Brexit, then Oxial can help with the whole process. Get in touch with us here to learn more.