by Simon Lelieveldt
We live in challenging times. A range of natural, macro-economic, technical and geopolitical factors influence the world we are living in. These developments shaped prior laws and the behaviour of regulators, supervisors and private companies and will continue to do so. Somewhere along the line, we can see a board member with the task to ensure adherence to law. He or she is responsible for compliance and has a range of compliance managers, advisors, business lines and experts available to help out.
Over time compliance professionals (myself included) have developed an approach to their profession that makes their work doable. But what do we do when fundamental assumptions that we apply to our work no longer appear to be valid? What should we do when we can observe that there are big flaws in the law-making process which render the law ineffective or unconstitutional? What do we do when we see that law makers do not solve inherent conflicts of law? What do we do when we can view supervisors overstepping their institutional mandate?
The constitutionality of law, regulators, government and supervisors can no longer be assumed to be the basis for the compliance function
Over the past years I’ve taken a step back to reflect on the dilemmas and challenges of (financial/AML) compliance in today’s world. I looked back at my career in which I helped shape the world of payments/fintech from a range of perspectives: as a banker, supervisor and policymaker helping out the move to E-money directive, SEPA and PSD. I worked as the head of banking supervision/financial markets at the bankers’ association and acted in a range of roles for private/public customers.
As for the dynamics of regulation, Rationality and Irrationality were the keywords in my 2014 lecture on the development of regulation in EU Payments.
My takeaway was that one can better comprehend the outcome of EU legislation in payments by looking at the power dynamics than trying to make sense of the inherent logic of regulation. Take for example Regulation 2560/2001 which was the first big power play by the European Commission. In essence the Commission wrote a price regulation as it sought to shape the market to its liking. Or from a later date, the regulations that implemented the FATF Special Recommendation VII.
From a constitutional perspective, those regulations go well beyond what is appropriate under the constitutional frameworks of Europe. But in practice, the media/regulatory and political power dynamics have as a result that constitutional norms and human rights are not respected (fully) during the legislative process (or financial supervision afterwards). Still, this was seemed for a long time to be more the exception than the norm.
After 2014: political motivators become the main driver for every actor in the game
In the last ten years I witnessed a more fundamental change. Very gradually, at least in the Netherlands, we can see that political motives shape the actions of politicians (logical) but remain unchecked by Ministries (of Finance) and observations by constitutional law makers (Council of State) are neglected. Tjeenk Willink, former President of the Council of State, wrote a couple of books on this noting his concern for the validity and legitimacy of rules, now that a constitutional check seems to fade into the background.
Also the main idea that a government itself would stick to the law/rules has most certainly been invalidated here in the Netherlands (with the biggest GDPR fines being handed out to the Dutch Ministry of Finance/taxation department that was discriminating against its own citizens and using a range of illegal databases to keep on doing so).
It is in this perspective that we must also acknowledge that in financial supervision, under the ‘inspiring ideas’ of Malcolm Sparrow it has become the norm not to care about legality of action, but effectiveness. The financial supervisor thus starts to act as lawmaker itself and operates beyond boundaries, even ignoring relevant other bodies of law such as the GDPR (see example here).
The consequence is that as compliance professionals we lose our anchor. We need to start working from different assumptions. We can no longer assume that laws are properly balanced, fundamental rights are respected and nor can we assume that supervisors will stick to institutional boundaries. We need a new anchor. But which?
Human Rights form a good anchor as they seek balance
In my view, compliance professionals need to expand their view and reconsider their footing. In general, they can assume that laws/supervisors work fine, but we must acknowledge that there is a realistic probability that in specific instances the laws do not work fine and that regulators and supervisors overstep their boundaries. We have a duty to investigate and double-check whether perhaps in this case the law and supervisor may infringe on the fundamental rights of companies (freedom of business) and individuals (innocence presumption, right to ownership, right to privacy etc).
The declaration of Human Rights and subsequent normative frameworks can be quite helpful in that respect. Most important is the understanding that human rights are not absolute rights in themselves, but are rights that require finding the right balance. There are many legal and procedural safeguards to ensure that this balance is struck beforehand.
Unfortunately however, these ex-ante safeguards (like the Dutch Integraal AfwegingsKader Regelgeving which contains checklists on infringements of Human Rights to be considered when making laws) are in practice often ignored by regulators and politicians alike. Therefore, it takes law suits to address the shortcomings and respect the balance between human rights at hand.
Human rights anchor in practice: excessive AML-rules versus privacy infringements and freedom of enterprise
Let’s have a look at how these human rights as an anchor would work in practice.
Right now, the Netherlands has overly excessive regulation in place with respect to reporting unusual transactions rather than suspicious transactions. Also, private and public actors cooperate in transaction monitoring on this matter, despite clear viewpoints of the European Data Protection Board that this is too disproportional. As a result, many customers are faced with undue and overly privacy infringing questions, threatened that their accounts are taken away and in general bullied a bit too much.
The cause of this bullying lies in an imbalance between AML rules versus privacy fundamental rights. And although the power imbalance in Europe is clear, it is also clear from higher UN Resolutions that we should not mass monitor our customers/citizens and no legislation should prescribe this. So, there is a serious conflict of law here, which goes unresolved.
But why is it unresolved? Because very few companies dare to challenge this.
Still, when looking at the House of law it is clear that UN resolutions and frameworks exist that do stress the need to find a proper balance and that can form the legal basis to reconsider what is being done in the Netherlands (or Europa).
The Bitonic case demonstrates how a human rights anchor can be successfully applied as part of the compliance work!
From 2019 to mid 2022 I acted as the responsible compliance advisor that helped the crypto-company win a law suit against its AML-KYC supervisor. The supervisor, De Nederlandsche Bank, had asked too much, had no legal basis for it and this was technically clear from the outset. The fact that there was no legal basis in Sanctions law for the alleged requirement in combination with the all-in intrusive nature of the requirement, meant that a speedy trial before the administrative judge was possible.
The judge then sent the supervisor back to do its homework after which the supervisor itself had to conclude that it had indeed illegally required the disputed requirement during the registration process. It revoked the requirement fully. And then, two years later, as part of a prolonged debate on the cost of supervision, the same Rotterdam court annulled the parts of the Dutch AML-law that were in violation of the EU rules in this respect (those parts were put in there – in spite of a negative judgment by the Council of State – on request of the supervisor). See for more info by viewing the the blog here.
The example demonstrates how, by using a human rights perspective, unbalanced and unlawful regulations and an overstepping supervisor can be pushed back. However, this approach not only requires compliance officers to step away from their assumptions on the legality of laws and behaviour of supervisors. It also requires a broader perspective and skill set for the compliance advisor.
Human Rights and administrative procedure as part of the compliance skills
Of course, readers may say: well, this is all a very much Dutch tainted story about the future of compliance. But is it really?
The rule of law and the lawfulness of regimes and governments is currently pretty much under attack worldwide and cannot be taken for granted. Political winds can blow any direction and when government institutions bend their behaviour to those winds, it takes a serious spinal cord to stand upright and resist the legal changes and supervisory behaviour which is contrary to the spirit of International Bill of Human Rights.
The reality of our future legal environment and technological developments such as AI mean that compliance officers may seek to adapt accordingly. In my view this means that the compliance profession has a next stage of professionalisation ahead. Up next we should thus also expect compliance advisors to:
- be able to combine human rights perspectives, privacy perspectives and anti-money laundering perspectives in a more holistic view of what it means to act as a responsible compliance professional
- be very involved in the European and local law-making process and be able to judge the dynamics and legitimacy of it and the possible flaws in the process
- be able/willing to do freedom of information requests to get the real data on the motives and drivers of government actors involved out in the open (for use in the public domain and in court cases)
- be able/willing to use enforcement requests to ensure proper attention of supervisory authorities to topics/illegal behaviour in the market that requires more attention than is given by the supervisor itself
Are you going with me?
Yes. This is an invitation to further shape our future compliance work by using the human rights anchor as well.
And it is also a reference to the track with the same title: a composition of two musical geniuses: Pat Metheny and Lyle Mays.
As much as we use and need words to guard balanced law making, we may want to hear music to understand what it’s really all about.
The author, Simon Lelieveldt, is a Regulatory Consultant for Payments and Fintech.
