Financial services law
EY helping the legal function shape their future. The pursuit of digital transformation and innovative business models challenge the heavily regulated financial services industry. Our clients rely on our ability to align with their changing demands. EY Law teams combine know-how of various practice areas and industry sectors. We ensure the right blend of key elements for a successful business transformation – people, process and technology. Strong compliance not only protects businesses from regulatory risk, but also positions them to take advantage of emerging opportunities.
How EY can help
EY Law teams provide expert advice to domestic and international banks, payment institutions, securities firms, financial market infrastructures, insurers, asset managers, pension institutions as well as companies active in the blockchain/distributed-ledger-technology, FinTech, RegTech and LegalTech space. The EY Law teams help these financial institutions with a broad range of transactions, product development, legal, regulatory, compliance and structural issues as well as with the use of technology and legal managed services to provide cost-efficient and scalable assistance with high-volume, cross-border, routine or event-driven legal projects.
EY Law teams also advise regulatory authorities, supranational bodies, governments and government agencies. In addition, the EY Law teams work actively with market organizations to develop guidance, policies and leading practices and documentation.
EY Law teams advise on all legal and regulatory, risk management, enforcement and compliance issues across multiple jurisdictions.
EY Law teams advise in the financial services sector on:
In July 2020, the EU Court of Justice issued a landmark ruling for data protection - Schrems II. The Schrems II ruling mandates that all organizations ensure that personal data transferred to a country outside the European Economic Area should get a level of protection essentially equivalent to the protections afforded to it under the EU General Data Protection Regulation (GDPR).
Schrems II adds a new layer of requirement around third-country data transfers. It requires organizations to:
- Map all their data transfers and identify a suitable GDPR transfer mechanism
- Assess third-country law and practice, i.e., on data protection and surveillance
- Identify and adopt supplementary measures if an essentially equivalent level of protection is not safeguarded
- Re-evaluate and monitor developments in third countries
Compliance challenges faced by organizations
Schrems II requires businesses to rethink how they are currently handling personal data transfers, which involves a number of challenges:
- They often rely on large volumes of international data transfers, without having clear overview of the initial and potential onward transfers.
- They must assess multiple third-country laws and periodically monitor these assessments.
- They must identify appropriate supplementary measures, which requires translating third-country law risks into specific technical, organizational and contractual measures.
There are several potential consequences for non-compliance
- Sanctions, e.g., administrative sanctions up to 4% of the total worldwide annual turnover of the preceding financial year or €20M
- Reputational damage
- Order to suspend transfer and processing activity while many business-critical processes are dependent on transfers
EY Schrems II service
EY teams have developed a broad solution that encompasses our global footprint, legal knowledge, and dedicated technology and consulting tools. The solution allows clients to:
- Discover, map and prioritize data transfers in their organization
- Assess the laws and practices of third countries, as EY Law teams have developed a repository of ready-to-use third-country law assessments that cover surveillance and data protection laws and practices in those countries
- Identify supplementary measures where required, with the help of EY law teams and EY cybersecurity professionals
- Support contract scanning for identification of transfer mechanism and technical and organizational measures, with EY AI-enabled Luminance tool
- Perform continuous client monitoring
Supervisory law for financial services in the banking and capital markets, wealth and asset management, and insurance sectors is very complex and constantly changing. This makes it more important to have a trusted legal business advisor at your side who is knowledgeable in the regulatory requirements, has extensive experience with the supervisory authorities and is well-acquainted with the market practice of leading financial institutions.
EY Law teams monitor developments in financial market laws and regulations, and analyze their impact on your business. The focus of our advice in supervisory law is providing assistance on the following:
- Assessment of business models (including need for a license/authorization)
- Set-up of financial institutions, branches and representative offices
- Restructuring of financial institutions (including reorganization and liquidation)
- Sale and acquisition of financial institutions, (sub-) divisions or portfolios
- Implementation of new regulatory requirements (including their monitoring), outsourcing, money laundering prevention and the implementation of data privacy regulations, data ethics, preparation of organizational handbooks and internal guidelines
- Enhancement of the equity capital structure of financial institutions
- Preparation of policies, contracts and customer documentation in line with the market practice of leading financial institutions
- Corporate governance (including key functions)
- Assessment of the supervisory requirements in different jurisdictions (regulatory mapping)
- Assistance and coordination of supervisory assessments
EY Law teams are trusted legal business advisors to financial institutions globally. Our banking and capital markets law experts bring significant experience and understanding of the client's objectives to develop key strategies at each phase of a project, including:
- Corporate governance
- Due diligence
- Regulatory disclosure and reporting requirements
- Risk management (including third-party risk management)
- Outsourcing (including cloud)
- Regulatory capital
- Preparation of contracts and customer documentation
The focus of our advice in Insurance supervisory law is providing assistance on:
- Implementation of new regulatory requirements, outsourcing (including cloud), third party (risk) management, money laundering prevention and the implementation of new data privacy regulations, preparation of organizational handbooks and internal guidelines
- Set-up and licensing of insurance companies, branches and representative offices
- Restructuring of insurance undertakings
- Sale and acquisition of insurance companies, (sub-) business areas or portfolios within the scope of a portfolio transfer
- Restructuring and liquidation of insurance companies
- Enhancement of the equity capital structure of insurance companies
- Preparation of contracts and customer documentation
- Insurance contract law
- Insurance mediation law
- Insurance distribution law
The wealth and asset management sector is characterized by increasing competition, stricter supervisory control and growing regulation. This makes the structuring and distribution of investment funds progressively more complex. We provide comprehensive advice in the following areas:
- Set-up of investment and investment stock corporations
- Legal and tax planning of investment funds
- Sales notifications and notification procedures for investment funds
- Structuring of asset management
- Execution of fund restructuring and fund mergers
- Preparation of contract documentation
- Fund-related capital market, supervisory, distribution and competition law
- Regulatory advice for capital management business companies (risk management, reporting, outsourcing)
The high potential for misuse of sensitive personal information has triggered regulatory and legislative measures globally which have an impact on all business and industry sectors. Data privacy regulation is a crucial step to strengthening individuals' fundamental rights in the virtual age and facilitating business by clarifying rules for companies and public bodies in the digital single market.
Our EY data privacy experts can help you detect and prevent data breaches resulting from internal user activity. We advise both on proactive measures to address data security and on reactive measures to data security breaches. Our services also include assessing and reviewing contracts regarding data security arrangements, conducting data privacy impact assessments and advising on profiling and data analytics.
Financial institutions have a lot of personal data that can be used to sell new products and deliver or improve services. Our EY data privacy experts advise financial institutions not only on what is allowed, but also on the concept of “data ethics” We assist with translating data ethics into policies and how to make data ethics part of a product approval and review process.
We are also able to deliver services as a data privacy officer. This involves handling data breaches, communication with the supervisory authorities, monitoring compliance with data privacy legislation, etc.
Increasing regulatory requirements driven by new "scandals" and stakeholder demands to protect and enhance business reputation are forcing companies to rethink their compliance systems and strategies. Compliance with legal provisions, regulatory standards and other essential ethical standards and requirements set by the company itself is recognized as an important component of proper and comprehensive corporate governance. Alongside risk management, the internal control system and internal audit, are central management responsibilities.
EY Law teams advise clients on
- Developing, documenting and implementing compliance procedures and policies
- Designing the compliance function of the future
- Monitoring and implementing new regulatory requirements
- Outsourcing or co-sourcing of functions
- Anti-money laundering (AML) topics:
Our AML and investigations services help deliver meaningful, data-driven insights and skilled resources to identify suspicious financial activity more quickly and accurately, reduce the quantity of false positives, and improve the efficiency of your AML policies and processes.
- Remuneration policies
We are well prepared for a new virtual economy. Our strategy, risk, technology, legal and regulatory proficiency across financial services helps us identify the critical business challenges facing blockchain/distributed-ledger-technology (DLT)-enabled platforms and how to address them. From design to delivery, our EY Law teams work hand-in-hand with clients to guide them on where, when and how to develop an effective strategy for their business
Financial market laws and regulations are not always applicable to all crypto-/digital-assets and blockchain/DLT-enabled platforms. Depending on the way businesses are designed, they may not be subject to regulatory requirements in all cases.
Our EY Law teams can support you in the following areas:
- Assessment of business models (including need for a license/authorization)
- Crowdfunding, token generating events (TGE), security token offerings (STO), decentral finance (DeFi)
- Tokenization of assets, stable coins (including token analysis under securities laws), digital assets
- Entering markets of other jurisdictions (cross-border financial services)
- Licensing/authorization support (e.g. as bank, FinTech, securities dealer, financial market infrastructure, insurance company). See supervisory law for details
- AML topics related to crypto-/digital-assets (EY Blockchain Analyzer)
- Contact and coordination with regulators, authorities and self-regulatory organizations
- Advising on and reviewing smart contracts
EY Law teams have the right experience and know-how to help companies of all sizes and levels of maturity to rethink how to keep pace effectively in the fast changing FinTech, RegTech and LegalTech market. Our professionals work with all sizes of business looking to incorporate disruptive technologies into their operations from start-ups to major financial institutions. The disruptive technologies and business models that are the centerpiece of the FinTech, RegTech and LegalTech revolution often raise a range of novel legal and regulatory issues. At all stages of their growth, FinTechs, RegTechs and LegalTechs require expert legal and regulatory advice. EY Law teams work as part of a multi-disciplinary team across the globe to help these innovative companies navigate and overcome pressing legal, regulatory, commercial, technical, and financial challenges in an industry where change and innovation are key to success.
The key focus of our services in the area of FinTech, RegTech and LegalTech is on:
- Validation of new business models based on existing licensing/authorization requirements
- Set-up and licensing/authorization of financial institutions
- Advice on strategic co-operation between FinTechs, RegTechs and LegalTechs and financial institutions
- Advice on legal and regulatory questions
EY corporate and commercial law experts advise clients on public and private M&A, disposals, demergers, joint ventures, restructurings, corporate governance and regulatory compliance, with a focus on complex cross-border transactions.
To learn more about Commercial and Corporate Law services, click here
EY legal operations and legal managed services allocate the right people, powered by technology, to the right tasks with the aim of cost efficiency and effectiveness.
Constant regulatory changes are forcing financial institutions to focus on compliance issues rather than exploring new business and growth opportunities. This trend is driving a search for innovative ways of sourcing legal services efficiently and cost effectively.
We have developed legal operations and legal managed services to take some of that pressure away, allowing you to focus on driving your business forward.
We provide financial institutions with state-of-the-art technology, experienced legal business advisors and the flexibility and scalability they need to address business challenges.
We can support you by delivering value cost-effectively through a flexible, tailored approach based on industrialized processes and digitized services.
By teaming your existing systems with our cutting-edge technology, knowledge and experience, EY legal operations and legal managed services offer a new way of efficiently handling many high volume and repetitive business processes, at a lower cost, while sophisticated management information tools mean you can stay ahead of the curve on the applicable laws, regulations, and supervisory expectations.
Our services include:
Legal Managed Services
EY legal managed services (LMS) is an umbrella offering that provides technology-enabled support, including automation for high-volume repetitive or event-driven legal work (where permitted by law). LMS offerings are delivered in close collaboration with professionals from across the various service lines and practices. Core LMS offerings (where permitted by law) are described below.
Entity compliance and governance
We assist multinational companies in meeting their legal entity obligations efficiently and cost-effectively on a global scale. Service is facilitated by professionals in more than 140 countries. Sample services include:
- Corporate secretarial health check and advisory projects
- Perform health checks and transformation reviews
- Assess program design, governance model evolution and risk-based categorization of subsidiaries
- Conduct governance analytics, diagnostics and benchmarking• Routine compliance activities
- Coordinate entity changes
- Assist with documentation of incorporations and dissolutions
- Administer and update corporate information database
- Annual compliance activities
- Facilitate annual statutory filing requirements to maintain an entity’s legal good standing
- Update legal entity data and organization charting
Contract lifecycle management
We leverage technology and refined processes to help organizations turn contracting and obligation management into a business differentiator, including reducing the time to contract.
Sample services include:
- Contract strategy, creation and execution
- Design of terms, conditions, policies and playbooks
- Development of template standards and clause libraries
- Standardization of contract processing and risk review
- Contract storage and retrieval
- Physical and virtual storage
- Data abstraction
- Obligation and risk monitoring and management
- Performance to service levels and milestones
- Compliance with key terms
- Deviation analysis and ongoing risk identification, notification and alert
Research and regulatory mapping
Keeping on top of constant legal and regulatory changes and scrutiny is challenging even for the most diligent organization. We help organizations identify and meet their legal and regulatory obligations and manage business, operational and reputational risks associated with non-compliance.
Sample services include:
- Regulatory research and change management
- Identifying rapidly changing regulations and obligations and mapping these to business functions
- Assistance in identifying gaps in internal policies and help in establishing a compliance infrastructure to manage risks
- Insights on laws and regulations affecting businesses in jurisdictions around the world in which they operate so they can make informed business decisions
Document review and functional analysis
We help clients reduce the unnecessary burden of voluminous document review and gain greater control over costs and insights into key data impacting their business. After review, the EY teams provide consistency, helping to see that key information is surfaced so it can be leveraged going forward. We can also help to identify key learnings from matters and to implement business changes to mitigate future risk.
Sample services include:
- Substantive analysis of electronically stored data and repositories
- Review of data extracted
- Data redaction
- Foreign language capabilities
- Deviation analysis and risk review
Financial institutions face legal and reputational risks associated with the provision of cross-border financial services. Banks, investment firms and other financial institutions providing services and products from their home jurisdiction to other countries need a robust cross-border framework that defines market-specific requirements for products and services in each jurisdiction.
Establishing and maintaining an up-to-date cross-border framework poses particular challenges for financial institutions with a significant cross-border business. On a day-to-day basis, financial institutions must be able to provide clear, traceable and accurate guidance on whether, for instance, a relationship manager is allowed to offer a particular product to an existing client in a specific market. Financial institutions often rely on these country market manuals in a PDF or Word format, which do not always provide a quick and to-the-point answer.
EY’s services to manage complexity in cross-border banking is Cross-Border Online (XBO). XBO is a single integrated web-based tool that can be accessed globally and supports all stages of cross-border content generation. The tool provides an external interface through which end users can log in and access the content
- Overseeing regulatory developments is complex in a globalized, digitalized environment
- Managing relevant changes is crucial to prioritize and implement appropriate actions
- Identifying resources to secure license to operate
- Tracking changes from various regulators commits expensive resources to low profile routine tasks
A central application to:
- Deal with new publications or changes from standard setters, supervisory authorities and courts
- Assess the impact on your institution and to ensure regulatory compliance
- Reduce costs and workload
- Improve the quality of your compliance function
Just as the financial industry is converging, so too is the corporate function, and what was once seen as support inside a company has become foundational to growth and market share. The legal function is suddenly in the spotlight — and has an opportunity to accelerate legal transformation. The legal department, a very technical function of the company, with broad responsibility for managing risk and advising the company strategically on achieving its revenue growth goals, is changing.
We help the legal department on their transformation journey through the strategic deployment of people, process and technology.
We serve high-profile, national and multinational financial institutions across many parts of the globe. We bring leading class ideas from across the market to bear, and can provide insight and experience on how to implement the modernization of your legal department supported in all phases by the requisite change management.
EY teams serve as business advisors to clients in transforming their legal processes from analysis and design phase to full implementation support. As a professional services organization, we bring the power of deep technical competence to the table, with a long history of being recognized in the market as a transformation leader. We have paired deep legal domain knowledge from across 80 countries with the broad platform of transformation services we offer, particularly in the digital space, giving new meaning to legal function value for a GCO’s internal clients and peers in corporate function leaders.
EY Law’s Legal Function Consulting services include:
- Operating strategy and organization design — assist in identifying function performance improvement opportunities and developing responsive organization operating models and metrics.
- Process and controls enhancement — help design effective and controlled processes with enabling technologies to increase efficiency and reduce risk.
- Technology — assist in leveraging technologies already in use to gain efficiencies in operating, including processes, workflows, controls and data management (e.g., case, document, matter/eBilling and records management). We also consult with the client on adopting different technologies, while using a platform to operationalize the initiation of legal function digitization. We also help clients identify and leverage RPA, AI, self-service workflows, and more to drive efficiencies and overall cost reduction across the legal function.
- Business enablement — assist the legal department in introducing processes and technologies to enable automation of legal approval within any function’s end-to-end business processes, whether that be in contract lifecycle management, regulatory change management, or entity compliance and governance. Along the way, we also help to enhance the legal department’s use of data to guide the business and measure progress around transformation initiatives.
EY Law teams can advise you comprehensively on national and international financings:
- Credit law advice and support (in particular negotiation drafting and structuring of financing agreements and collateral documentation)
- Drafting and negotiation of loan, collateral and other financing agreements.
In addition, we can advise you on M&A transactions:
- Structuring of the transaction
- Due diligence
- Drafting and negotiation of the sale & purchase agreements
- Transaction management
- Post-merger integration services
Integrity is a cornerstone of a company’s mission, and the legal department plays a crucial role. Organizational failures continue to illustrate that legal departments are on the front lines of balancing a company’s business objectives and risks, as well as protecting its reputation and assets. These responsibilities can bring a seemingly never-ending stream of fraud allegations, whistleblowers, regulatory inquiries and disputes. Legal departments turn to EY professionals for timely, flexible and practical services that address these broad responsibilities. The credentials and experience include the following:
Investigations and compliance
We assist clients in all types of investigative and compliance matters, including:
- Financial statement
- Bribery and corruption
- Fraud and defalcation
- Money laundering
- Asset tracing/recovery
- Risk assessment
- Program design
- Third parties
- Outsourcing/co-sourcing of investigation/compliance
Claims and disputes
This area presents a wide range of challenges and risks to every part of the business. Our experience in this area includes:
- Forensic accounting
- Litigation support, arbitrations and expert witness
- Insurance claims
- Government contracts and US federal claims
Discovery and managed review services
Effectively managing discovery and review during an investigation, litigation or regulatory matter is often a formidable challenge. We offer a broad complement of services in this area on a managed services basis or for a specific matter or need.
- Electronic discovery
- Data collection, processing and hosting
- Predictive coding and other analytics
- Managed document review — this offering leverages attorney to review large document and data sets to support a variety of litigation, investigation and other complex review-driven needs. Examples include privilege reviews and document and data productions.
- Discovery consulting services —this area includes several offerings focused on law department operations, document intelligence, litigation preparedness and records and information management.
Privacy and cyber response
We assist legal departments in navigating the risks and challenges presented by privacy and cyber issues in the following areas:
- Cyber response planning
- Investigation and incident response
- Digital forensics
- Regulatory response and litigation support
- Data privacy compliance
- Recovery and remediation
- Information governance and data classification
We help legal departments protect an organization by making intelligent and risk-appropriate decisions about third parties, including:
- Investigative and transactional due diligence services
- Identifying and reviewing information and distilling this into actionable intelligence
- Managed services that outsource and standardize processes to assess employees, vendors and business partners
Forensic data analytics
The EY virtual analytics platform provides customized analytics that allow to address a wide range of issues.A sample of these include:
- Legal and compliance response
- Data integrity
- Risk and compliance monitoring
- Innovation and custom development
Germany Ansgar Becker firstname.lastname@example.org Switzerland Philippe Zimmermann email@example.com Darko Stefanoski firstname.lastname@example.org Christian Rothlin email@example.com Belgium Filip Bogaert firstname.lastname@example.org Italy Marco Amoruso Marco.Amoruso@it.ey.com Netherlands Saskia Vermeer-de Jong email@example.com Nicolette Opdam firstname.lastname@example.org France Geraldine Roch Geraldine.Roch@ey-avocats.com Spain Enrique Fernandez Albarracin Enrique.FernandezAlbarracin@es.ey.com
Our EMEIA leaders
Our country leaders
Our latest thinking
Like what you’ve seen? Get in touch to learn more.