With just over three months until the UK exits the EU, the government has made preparing for a no-deal an operational priority and has issued advice to businesses urging them to be prepared. The following article is an extract from Airmic’s briefing paper on this development. How is the UK government preparing for a no-deal? The government has committed to prioritising stability for citizens, consumers and businesses, to ensure the smooth operation of business, infrastructure and public services and to minimise any disruption to the economy in the event of a no-deal.
The government has published technical notices on where it would act unilaterally to provide continuity for a temporary period to protect and minimise disruption, irrespective of whether the EU reciprocates. The extent of such continuity will vary by area, but according to the government, “such changes will be applied where and when it is best for the UK”.
How is the EU preparing for a “no-deal”?
The European Commission implemented a Contingency Action Plan on 19 December 2018 for a number of specific sectors in the event of a no-deal Brexit, including 14 measures in areas where a no-deal scenario would create major disruption for citizens and businesses of the EU27, including financial services, air transport, customs and climate policy. The Commission has stated that these measures are not designed to mitigate the overall impact of a no-deal scenario, but to protect the vital interests of the EU “where preparedness measures on their own are not sufficient”.
The role of the risk and insurance professional
These developments present a further opportunity for risk management and insurance professionals to raise their profile with their executive committee and board. There should be clear consideration of the risks in each organisation and against each category of risk in the organisation. Our research indicates that the supply chain remains top of mind in most organisations and sophisticated plans are in place. However, risk professionals must ask themselves the following:
- Is sufficient attention being paid to no-deal scenarios? Have contingency plans been fully rehearsed and are they ready to go?
- Are you aware of the 2019 business objectives and budget for your organisation and have you adjusted plans for risk management and insurance to take account of these?
- Are you maintaining a system for tracking Brexit-related developments and associated Government, regulatory, legal and other guidance at UK, EU and industry sector levels?
- Is there clear and on-going consideration of Brexit-related risks and metrics in your organisation at executive committee and board level, and are you at the centre of this process?
Depending on the nature of the organisation, the following are examples of areas to be considered:
Market Risk: Risk professionals should be asking what exposure their business has from a market / investments perspective and what stress testing has been done. For example, what would be the impact of adverse credit spreads and real estate equity shocks and interest rate changes? The same questions apply for foreign exchange risk. For example, what capital is held in British pound versus other currencies, and how could this impact the organisation in the case of a potential sterling devaluation.
Operational Risk: For financial institutions, the temporary permissions regime reduces much of the operational risk. This will allow EU firms and funds passporting into the UK to continue providing services in the UK for a temporary period after exit. There remains, however, a risk that the political situation significantly deteriorates and it is withdrawn, although this is currently unlikely.
Data protection: At the point of Brexit, the UK will become a “third country” from a General Data Protection Regulation (“GDPR”) perspective and data transfer restrictions will apply. Although the GDPR will be written into UK law by the EU Withdrawal Act, the European Commission has not indicated a timetable for making an adequacy determination in respect of the UK and may not be in place by March 2019.
The UK Government has stated it will continue to allow the free flow of personal data to the EU (to be kept under review). Transfer of personal data from the EU to the UK will need to be made on alternative legal grounds, the most practical of which is the EU Standard Contractual Clauses. Transfers of personal data from the UK outside of the EU would be subject to the UK Data Protection Act 2018, which permits transfers outside of the EU on the same legal grounds as the GDPR, including the EU Standard Contractual Clauses.