27 July 2016

Post-Brexit, what happens to EU-derived legislation relating to fraud and white collar crime will largely depend upon what sort of relationship with the EU the UK negotiates. This, of course, will be the subject of up to two years' negotiation. If, for example, the UK adopts the "Norwegian model", and becomes a member of the EEA, it will almost certainly need to adopt laws equivalent to EU legislation.

Money laundering

The Fourth Anti-Money Laundering Directive is due to be implemented before June 2017. There is, therefore, a slim possibility that the UK will have left the EU before the implementation deadline. This would theoretically obviate the need for the UK to implement the Directive.

However, it is more likely that the UK will still be a member of the EU in June 2017 and that the UK will be required to implement the Directive in its entirety.

Following Brexit, the UK could of course vary the way in which it has implemented the Directive. However, our view is that there is no obvious reason why the UK would seek to impose AML controls that were any less restrictive than those in the EU.

The UK's membership of the Financial Action Task Force (FATF) is also, in our view, unlikely to change.

Bribery and corruption

The Bribery Act 2010 is not derived from EU law: it is a solely UK piece of legislation. Moreover, it constitutes probably the most stringent anti-corruption regime not just in the EU, but in the world.

Our view is that nothing in Brexit is likely to cause the UK to seek to dilute the Act in any way. On the contrary, the UK Government is actively examining the possibility of broadening the "corporate offence" contained in the Act beyond the prevention of bribery to the prevention of all forms of economic crime.


The main legislation governing cybersecurity currently is the Data Protection Act 1998. This is due to be replaced by the EU's General Data Protection Regulation (GDPR). The GDPR is due to come into force on 25 May 2018. As this is an EU Regulation it will be directly applicable: it will not need to be implemented separately in each member state. So, if the UK is still a member of the EU by May 2018, it will be bound by the GDPR. But, it is perfectly possible that the UK will have exited the EU by May 2018, in which case the GDPR will not be binding.

However, we fully expect the UK to substantially implement the GDPR in its own laws. In particular, this is so that it is able to adopt "safe harbour" status for the purposes of the GDPR. Moreover, any UK business trading with the EU and handling EU residents' personal data will need to comply with the GDPR.

Europol, Eurojust and the European Arrest Warrant

Currently the UK, as part of the EU, participates in EU agencies such as Europol (the EU police intelligence agency), Eurojust (which co-ordinates prosecution in cross-border cases) and benefits from systems such as the European Arrest Warrants.

Following Brexit, the UK would still theoretically be able to participate in EU agencies such as Europol and Eurojust. However, it will likely have a more limited involvement in the decisions regarding the budgeting, strategy and operation of these agencies.

Moreover, if the UK leaves the EU it will no longer be a part of the European Arrest Warrant system (EAW). If the UK wanted to keep something close to this system in place it would need to negotiate an extradition agreement with the whole EU, like the agreements in place between the EU and Norway, and the EU and Iceland. Alternatively the UK could utilise the Council of Europe Convention on Extradition. If neither of these options is suitable, it will need to seek bilateral agreements with individual countries, similar to those in operation with the USA.

Certainly the UK's Serious Fraud Office and the National Crime Agency have stated their commitment to working closely with the enforcement agencies of the EU member states, as well as those of the many other jurisdictions with whom they deal. Our view is that it is difficult to see why the UK and EU criminal enforcement agencies would co-operate any less in a post-Brexit world than they do now.


Following Brexit, the UK will no longer be able to participate in the EU sanctions regime. It may be that the UK will issue its own sanctions which reflect those issued by the EU. The UK's membership of the UN, and its role in UN sanctions, will remain unchanged.

The UK's Policing and Crime Bill, expected to come into force in the next year or so, deals with the enforcement of sanctions. These will require significant review and amendment so that they are able to operate without being dependent upon the EU sanctions regime.

Other issues

Two other, non-legislative, issues may arise from Brexit.

First, historically, the incidence of business crime has typically been inversely proportionate to economic performance. In the event that the UK suffers economic downturn as a result of Brexit, the pressures experienced by UK business may spell an uptick in business criminal activity.

Second, one of the opportunities presented by Brexit is the ability to engage in greater trade with non-EU countries, in particular the commonwealth countries. However, with these opportunities come risks, namely trading in developing world jurisdictions which pose elevated corruption risks.

The future

Our overall view is that, while the final terms of Brexit are of course yet to be decided, it should be borne in mind that the UK has led the way, and set itself as the gold standard, in so many areas of business crime, for example bribery. It would not be in the UK's interests to allow this standard setting to slip.

Key contact

Cheryl Parkhouse

Cheryl Parkhouse Senior Associate

  • Nuclear 
  • Projects
  • Public Sector

Subscribe to news and insight

Burges Salmon careers

We work hard to make sure Burges Salmon is a great place to work.
Find out more