Reverse Solicitation

My piece for Ogier Leman on 'reverse solicitation' is here.

Any business dealing with residents of another country faces the potential risk that the authorities in the other country might decide that it is somehow actively operating in that other country, rather than only dealing with foreign customers in or from its home territory after being approached by them ('reverse solicitation'). This could mean action being taken by a foreign consumer, ombudsman or regulator, including action in the civil or criminal courts of another country. A recent Irish case has added some colour to the factors that the European Court of Justice ('CJEU' or 'ECJ') has previously said may show that a business is actively doing business in another country; and I've added a list gleaned from guidance applicable to financial services in particular. This post is for information purposes only. If you need advice, please get in touch.

The ECJ has held that a firm based in one EU Member State won't be doing business in another Member State just because its website is accessible in the other country. Nor will it be enough for the firm's website to display its own email/ geographical address, or phone number (without an international dialing code), because that information is needed by consumers in the firm's own home country. 

Instead, a firm must have somehow 'manifested' or demonstrated its intention to establish a commercial relationship (contract) with consumers in the other country. There must be clear expression of the intention to solicit custom from those foreign consumers. 

The sort of objective factors that the ECJ held to be relevant to that question include: the international nature of the business activity (e.g. tourism); telephone numbers with the relevant country code; a web address with the other country's top-level domain name (e.g. “.de” or ".fr"); itineraries to get to the foreign place where the relevant service is provided; mentions/testimonials of clients based in other countries; and using a foreign language and/or currency not also commonly used in the firm's home country.

The Irish courts have also pointed to these factors in various cases with unsurprising results. But a recent Irish case adds a bit more colour... 

A UK-based firm organised group cycling tours in foreign countries, but not the travel to those countries. So the consumers were never going to be using the firm's service in the UK. Customers had to make their own way to where the tours operated locally. The firm stipulated that it was only responsible for the tour from the appointed start time at the meeting point, but it did also arrange the transport of customers from the foreign/local airport to the meeting point. 

While there was evidence that the booking process did not target a customer's specific country of residence (e.g. Ireland), the firm was aware of the country they had come from and this did not have to be from the UK. The website/email addresses ended in ".co.uk" but the contact phone number carried the international "+44" country code. Customer testimonials also stated the customer's nationality, including one from Ireland. Prices were stated in currencies other than GBP, including the Euro, and there was a currency conversion feature on the website, to enable customers to figure out how much they would have to pay in their own currency when paying the price in GBP. Prior to booking, a customer also had to create an online account, giving details of their city, country of residence and post code (not just provide those details in the form to verify the payment card details being used, for example, which may only go to the card acquirer rather than the merchant). 

So, the Irish court held that, before the conclusion of any contract with the consumer, it was apparent from the firm's website and overall activity that the defendant intended to do business with - and enter into contracts with - consumers in Ireland (among other places).

These are not the only factors to consider, of course. For example, the EU's financial services 'passporting' requirements and Brexit have provided opportunities for UK and EU authorities to consider what factors - alone or together in a specific context - could mean that an EU financial services provider may be wrongfully targeting the UK market or vice versa:

• firms must have a 'head office' and hold board meetings in their country/territory of residence/authorisation, so any of those features that are instead based in the other jurisdiction would be problematic from that standpoint alone (i.e. those who decide the firm’s direction, make material management decisions on a day-to-day basis; the finance, settlement and compliance functions - ‘central administrative functions’ - and their systems and records),
• the website should be hosted on local servers in the 'home' territory (and certainly not in any other country where foreign customers are resident);
• no marketing, advertising or services should be directed specifically at other countries/territories or their residents;
• there should not be a foreign language version of the website or customer communications or support specifically for the relevant foreign customers;
• management and staff should not visit any foreign customers or service providers for operational or marketing purposes or to resolve disputes;
• foreign customers should only be able to approach the firm's website or staff in its 'home' territory;
• the firm should not set cookies on the devices of of foreign customers or otherwise monitor their behaviour outside the firm's home territory;
• the firm should not provide services beyond the scope requested by the foreign customer approaching the firm and they should have to request the service each time they wish to use it;
• the firms should keep records (not just a tickbox or contractual provision) showing that it was approached by the customers, not the other way around; 
• the firm should have no agents, intermediaries or outsourced/delegated services outside its home territory or be a member of a foreign payment system, trading exchange/venue or trade body - or vice versa - but could use services in other countries (e.g. hold foreign bank accounts or rely on advice from foreign professional firms);
• being part of a wider corporate group based outside the territory or being funded from outside the territory may also be problematic; 
• customer contracts must not be subject to any law of a country other than the firm's home state or specifically refer disputes to any other jurisdiction;
• a firm should not deposit its clients' money/assets in any institution outside its home territory, or safeguard customer funds outside its home territory (other than as incidental to dealing appropriately with foreign customers in or from the home home territory, supported by correspondent services outside the country where necessary for that purpose).

This post is for information purposes only. If you need advice, please get in touch.

Equivalence Is No Solution For Most UK Financial Services Accessing The EEA

At the end of 2020, any UK financial firms operating in the EEA under a 'passport' will lose that right. They must either get a new subsidiary authorised in an EU/EEA country and passport from there, or get the subsidiary registered as an agent etc of a local firm with the right passports. Meanwhile, there are calls for the UK government to ask the EU to declare that UK financial regulation is "equivalent" to standards under EU law, so UK firms can continue to access the single market under UK rules. Here's why nobody should wait for that.

The UK has no 'right' to equivalence, even if it can demonstrate a basis for it.

Equivalence is at the discretion of the European Commission, so political considerations can affect the outcome and timing.

Equivalence can be withdraw at any time without any right of appeal (ask the Swiss).

Only two areas of EU financial regulation allow for equivalence - MiFID (2,250 firms as at August 2016) and AIFMD (212 firms).  In particular, an equivalence finding is not available for deposit-taking (102 banks), insurance (220 firms), insurance distribution (2,758 firms), e-money issuers (66) or other payment services providers (284).

While there have been calls within the EU for a broader framework, the European Commission has considered it and explained that this would be "extremely difficult".

Relying on equivalence would also require the UK to align with EU regulation in the relevant area, with no say in shaping the rules. The UK government is sending mixed messages on this point, having repeatedly said that it is against alignment while repeatedly claiming that it wants future trade arrangements (e.g. a 'Canada deal') that would require it. Johnson is probably hoping that his voters won't understand the magic trick, but everybody else does. Either way, the government is along way from being able to help the Commission work through an "extremely difficult" equivalence process.

You're on your own. The only viable option is to set up a subsidiary in the EU27 and passport from there. 

 

Let me know if I can help, either in the UK or in Ireland/EEA - particularly on e-money and payment services.

Any Form Of Brexit Means #NoDeal For Export Of British Services

An excellent event at the Institute of Directors today on the impact of Brexit on Britain's trade in services - congratulations to all the speakers. This is vital to understand and address in some detail, because services amount to 80% of the UK economy, 80% of UK jobs, a third of UK exports of which 40% go to other EU countries based on the principle of free movement of services. Yet most services are not covered by free trade deals with third countries. So even if Britain were to leave the EU and eventually negotiate trade deals, that wouldn't help UK exporters of services. There will always be "No Deal" for most services, so the UK's "No Deal" warnings are permanent for services. This is why Liz Truss is suddenly making "liberalising trade in digital and services" one of three priorities at the WTO. She's too late, and it will never happen for the reasons given below, so it's time to get cracking on mitigation...

While the problem for services post-Brexit isn't news to me, I'm still absolutely stunned to see so little information about it in the media. Partly it's the age-old assumption that 'business' means 'big business' while nearly all UK businesses are small - 99% of UK businesses (5.7m) employ fewer than 250 people. Only 8,000 UK businesses employ more than 250 people.  

5.4m UK businesses are 'micro-enterprises' who are either sole traders or employ up to 9 people.

'Businesses' are people - many of them sole traders selling their time and expertise across the EU. Eve online, business is personal.

I've posted on the impact of Brexit on services many times, here and on Pragmatist and for several law firms. I've tended to focus on the Brexit impact on financial services because that's my main area of expertise - and they are the largest of the UK's services exports, relying on valuable EU passporting rights which they will lose. As a result, 7000 jobs have moved so far, with more to follow if Brexit proceeds, and the costs of splitting capital/liquidity to support separate EU subsidiaries will cost customers €60bn a year by 2030.

But I've also mentioned the need for a new basis for transferring personal data from the EU27 to the UK, and I've even shared my own personal Brexit-proofing journey in adding Irish qualifications and consulting to an Irish law firm, for the same reason that it makes sense to switch EU contracts from English law to Irish law.

So I was thrilled to learn of today's event and I was not disappointed. I'm sharing my notes (anonymised) and I understand the video will be available via the IoD site. Worth watching! 

What laws govern the export of services?

Every country regulates what services can be offered to its residents to some degree. Regulations get tougher the more money residents might lose, or the greater the gap in knowledge between the service provider and the customer - that's why financial services are so heavily regulated.

Permitting foreign service providers to sell their goods or services in your country is a matter of trust and control, or political will and legislation ("trust is good but control is better").

Trade law on goods developed first, and rules on services followed - in particular:

1. EU membership entitles firms to free movement of services based on mutual recognition of professional/trade qualifications and legislation that ensures individual member states don't drop their standards or supervision. That freedom falls away on Brexit day (subject to any agreed transition).
2. Some services remain unregulated today (e.g. management consultants) and some are given mutual recognition status only at trade body level rather than by governments (e.g. architects). That shouldn't change on Brexit.
3. Some regulation is based on outcomes, rather than dictating how qualifications are actually obtained or what subjects have to be studied to gain 'equivalence' or 'mutual recognition' (e.g. lawyers). This could diverge on Brexit, and 'equivalence' findings and mutual recognition will not automatically apply, can take a long time to be granted and are subject to withdrawal on little notice without appeal.
4. Financial services passporting represents the most advanced form of free movement in services, since authorisation in one EU member state allows certain services to be provided in all member states. That will not be possible after Brexit (subject to any transition).
5. In stark contrast to financial services passporting, the 'equivalence' regime that is available to third countries (and post-Brexit UK) is only available for certain types of financial infrastructure (e.g. exchanges) and some investment services, and can be withdrawn without appeal on 30 days notice (e.g. Swiss stock exchange) - so equivalence is not reliable.
6. Other services that can be supplied to EU countries after Brexit will be based on a patchwork of national access rights, which vary in terms of scope and conditions.
7. Outside the scope of EU trade rules (and where only minimum standards are set), the member states (like any other country in the world) can set tougher standards where they see greater potential adverse impact. The UK will be treated like any other non-EU country for that purpose. The UK government has tried to helpfully list where different EU countries have different rules for different services (will that stay up to date?). 
8. There is a WTO rule (article 7 of GATS) aimed at preventing one member country from discriminating against another member ('most favoured nations' or 'MFN').  Free trade agreements also contain MFN clauses that require one party to offer the other any similar benefit that has been offered to another country. The EU seems to ignore the WTO requirement (which the Swiss have complained about to no effect so far), but does allow MFN clauses in its free trade deals with very limited scope (won't cover mutual recognition or equivalence decisions, for example, just legislation and 'national treatment'). Critically, the EU insists on its own regulatory autonomy. Only the  European Commission (and ultimately the European Court of Justice) can decide whether a service etc meets EU rules. 

Immigration and visa restrictions go hand-in-hand with constraints on services, since people often have to be physically present to provide services.  So free movement of labour is also critical to the free movement of services. That freedom entitles Brits to live, work and retire freely in 30 countries, but is lost on Brexit. Related entitlements to healthcare and so on will also fall away...

What are the practical impacts of Brexit?

Well, if you're among the 5.4m 'micro-enterprises' and export goods or services to the EU, the VAT rules will be a big problem. You currently benefit from hard-fought exceptions under the VAT Mini One Stop Shop (MOSS), but those will disappear on Brexit day (what if part way through contracts?). The HMRC warning states:

Businesses that want to continue to use the MOSS system will need to register for the VAT MOSS non-Union scheme in an EU member state. This can only be done after the date the UK leaves the EU. The non-Union MOSS scheme requires businesses to register by the 10th day of the month following a sale. Alternatively, a business can register in each EU member state where sales are made.

EU consumers are already ceasing to buy from UK suppliers, and EU suppliers are geo-blocking UK customers and suppliers from applying to their sites. So forget bidding for service contracts from the UK, and many EU business people have stopped traveling to do business in the UK.

Work permits will be needed after Brexit, but can’t be applied for before then. These may be needed for speaking at conferences (unless asked a question first), giving training sessions, working on projects and so on.

Booze cruise etc to the EU for cheaper, duty free consumer goods may impact small retailers and their service providers.

If you're a director of a company, you have a duty to promote the success of the company, as well as a duty to exercise reasonable care, skill and diligence. You need to be able to demonstrate that in the context of Brexit - which is a known unknown. That would likely include: board discussions, a sub-committee, minutes, briefing papers, presentations, risk registers, scenario planning, supply chain analysis to identify suppliers at risk who may need to be replaced/helped (using the wrong type of pallet, say, or their trucks may be allowed into the UK by UK authorities, but will struggle to back into EU); and resolutions taking action to address threats and opportunities.

What can you do if your services are impacted? It depends on threats and opportunities identified, but some examples:

• Set up a new subsidiary in an EU27 member state;
• Rewrite contracts with new governing law and other pertinent changes;
• Establish a new basis for transferring personal data from EU customers/suppliers to the UK;
• Consider the tax impact of moving business activity to an EU27 country (or, for instance, whether withholding tax exemptions still work for entities owned by UK companies)

Time to get cracking!

Will Your UK-issued Card Still Work In The EEA After Brexit?

Some confusion arising around this question today. The answer is that it should not be an issue, based on how card acquiring really works.

The EU has been clear since 2016 that, regardless of which type of Brexit occurs, UK-based financial institutions will no longer benefit from the ability to 'passport' their services into the rest of the European Economic Area (Norway, Liechtenstein and Iceland also participate in the financial services passporting arrangements). This position was emphasised in the relevant EU 'preparedness notice' in February 2018.

In the payments space about 350 UK firms rely on outbound passports around the rest of the EEA, while 142 EEA-based firms passport into the UK, as the FCA explained to Parliamentary select committee in August 2016.

More recently, the UK has said it will give the EEA-based firms a three year transition period to figure out how to continue serving the UK market.

So, in the payments space, the 350 UK-based banks, e-money institutions and payment institutions who currently rely on passports have been setting up additional new entities based in one of the remaining EU27 countries, from which they will service their customers who are resident in the EEA (as have I, on a professional basis, as UK professional qualifications will also cease to be recognised for providing services in the EEA). 

So, when Brexit occurs, the current residents of other EEA countries will be offered payment cards and accounts from an EEA-based entity, rather than a UK one.

That is not to say that a UK resident travelling in the EEA will not be able to make a payment using their payment cards issued to them in the UK under the typical international card schemes (which actually don't base their definition of Europe according to EEA and non-EEA distinctions, anyway). 

So, EEA-based merchants/retailers will still be able to take payment via their EEA-based payment provider (known as a 'card acquirer' or 'merchant acquirer'); and the UK customer will pay their UK card issuer as usual. The card scheme operator will still net-off amounts owed between EEA and non-EEA based issuers and acquirers and they will settle the difference with the schemes. It's just that the UK issuer in this example will then be among the non-EEA group.

UK To Give EEA Firms 3 Years Temporary Permission Post-Brexit

The UK proposes to grant temporary permissions to EEA firms currently operating in the UK under EU financial services 'passports' to continue their UK activities, for three years after Brexit day. 

HM Treasury states that the regime will ensure that: 

• EEA firms can continue to carry out business as before, writing new contracts and servicing existing contracts entered into before exit day for the temporary period after exit day;
• EEA firms have appropriate time to prepare for and submit applications for UK authorisation and complete any necessary restructuring; and
• The PRA and the FCA can manage the expected applications for UK authorisation from EEA firms in a smooth and orderly manner.

The draft regulations are here and the explanatory information is here.

The FCA has published its own webpage on how it will implement the temporary permission regime (TPR).

Firms wishing to use the TPR must notify the FCA online between early January 2019 and at a date (not yet specified) prior to exit day. Such firms will be allocated a period within which they must submit their application for UK authorisation. The FCA expects the window to be October to December 2019 and the last to be January to March 2021. The FCA intends to consult in autumn 2018 on the rules that will apply to firms and funds in the TPR and a policy statement and final rules early in 2019.

Central Points of Contact: Erosion of Home State Control Under PSD2 Passports?

One of the great benefits of the old Payment Services Directive (PSD) was that a firm only had to deal with the regulator in its home member state. If the regulator in another member state wanted to complain about a service supplied to its citizens under a 'passport', then that host state regulator had to call the home state regulator.  This was particularly important given that different EEA member states have different interpretations of some aspects of the PSD.

But the new PSD2 allows each host state to require a firm operating locally through branches or agents to appoint a local "central point of contact" if they meet one or more criteria specified by the European Banking Authority: 

• if the firm has 10 or more agents located in the host state, which the firm relies on for passporting under the 'right of establishment' (not on a 'cross-border service' basis);

• if the total [value/number] of payment transactions carried out by the firm in the host state in the last financial year through local agents (including cross-border service agents, so long as there are at least 2 agents operating under the right of establishment), exceeds [EUR 3 million/100,000], including transactions initiated under its payment initiation service.

Firms which trigger any one of the criteria in a host member state must notify the local regulator within 30 days (otherwise, the local regulator wouldn't necessarily know). The EBA will hold a central register of firms with local 'central points of contact'.

Each central point of contact must be able to facilitate certain reporting obligations, as well as communications with, and visits by, host state authorities.  

This is intended to improve co-ordination among regulators, though it seems a lot of trouble to go to in when they can already pick up the phone. 

More concerning, however, is that it also paves the way for host states to enforce their own different interpretations of PSD2...