Skip to content

Looking ahead to 2018 – a view from the UK


Following the European Council’s confirmation on 15 December 2017 that sufficient progress had been made to move to the second phase of Brexit negotiations, 2018 will be defined by politics as both sides set out their positions on the post-Brexit relationship and on the form (and duration) of any transitional period. Just before Christmas 2017, HM Treasury and the UK authorities published a series of statements on the proposed post-Brexit framework for financial services authorisation and supervision. We expect to see a continuing flurry of publications along these lines over the next few months. We are also likely to see the publication of significant amounts of draft legislation to supplement/sit alongside the European Union (Withdrawal) Bill (which itself is making its way through the Parliamentary process).

We continue to see questions being raised about whether it is appropriate to include English governing law and jurisdiction clauses in international deals. Our views remain unchanged – in the vast majority of cases there is no need to alter your approach, even in a hard Brexit scenario.

Data protection

The General Data Protection Regulation (EU 2016/679) will come into force, across Europe on 25 May 2018. Dispute lawyers are most likely to come up against data protection issues in the context of disclosure. This could be to regulators/enforcement agencies or in disputes before courts/tribunals. The requests, demands or court orders for documents/information by overseas authorities or courts on the one hand, have to be weighed against competing data protection requirements on the other. The highly publicised increase in potential fines under the GDPR is likely to have an impact on this balancing exercise.

A reminder of how widely “personal data” is construed and therefore the remit of the GDPR can be found in the December 2017 decision in Nowak v Data Protection Commissioner C‑434/16. The CJEU held that “the written answers submitted by a candidate at a professional examination and any comments made by an examiner with respect to those answers constitute personal data”. Both tell the reader something about the person’s intellect, thought processes, handwriting, suitability to carry out the examined-for profession, and the exam has an effect on the person’s rights and interests.

In the UK, the Morrisons case [2017] EWHC 3113, shows that it is not just regulatory enforcement by a regulatory authority that corporates need to think about but also potential civil group litigation. Here, a rogue employee with IT access deliberately committed a serious data breach for which he was criminally liable. Despite being found not to be primarily liable for any breach under the Data Protection Act 1998 which caused the disclosure, Morrisons was found to be vicariously liable for the employee’s rogue conduct.


Lawyers' privilege was one of the most contentious topics of 2017 and one that is likely to continue to be an area of focus in 2018, not least because the English High Court’s ruling in SFO v ENRC [2017] EWHC 1017 is due to be heard on appeal in July.

Regulatory enforcement

In terms of predictions for FCA enforcement in 2018, many enforcement trends from 2017 will continue into 2018. For example, we expect the FCA to continue to dedicate a significant amount of time and resource to investigating individuals, and as outlined in the FCA’s 2017/18 Business Plan, financial crime will remain one of its top priorities. New legislation in 2018 will, of course, bring new enforcement risks.

Financial crime

The UK Law Commission will be working in 2018 on AML reforms including consideration of the consent regime and the disclosure offences in the Proceeds of Crime Act 2002.  The Wolfsberg Group has announced this month a stand­alone replacement for its existing AML due diligence questionnaire and supporting documents.

The speech on 6 December 2017 by Rob Gruppetta, Head of the FCA’s financial crime department, on using artificial intelligence to keep criminal funds out of the financial system, is just the beginning, we think, of many developments to come in AI in the financial crime space (see our article under “United Kingdom” on the use of AI in AML compliance).

Negative interest rate litigation

With negative interest rates materialising in a number of jurisdictions, such as in the Eurozone and Japan, litigation is starting to surface for non‑payment by depositors.

Further information

This case summary is part of the Allen & Overy Legal & Regulatory Risk Note, a quarterly publication.  For more information please contact Karen Birch –, or tel +44 20 3088 3710.

Legal and Regulatory Risk Note
United Kingdom