It’s healthy to sometimes disagree with regulators

Published: 10 Jul 2026
Type: Insight

At some point, almost every regulated business will disagree with its regulator.

Primary Contact

Jarion Richardson

Regulatory, Governance & Compliance Advisory Lead
Bermuda

T +1 441 298 3267
E [email protected]


That is not an indictment of the regulator; it is the natural result of a regulatory system that depends on judgment.

Bermuda’s financial services framework is not built entirely on rigid prescription. Significant parts of it are proportionate, risk-based and dependent on the nature, scale, complexity and risk profile of the business.

The Bermuda Monetary Authority, as regulator, describes its supervisory process as risk-based, with risk identification, assessment, prioritisation and regulatory response forming core components of supervision.

Its AML/ATF (anti-money laundering/anti-terrorist financing) Guidance Notes require regulated financial institutions to assess their risks, take account of Bermuda’s most recent national risk assessments, and apply compliance resources proportionately to the risks identified.

That is where disagreement begins.

A regulated entity may conclude that a control is adequate because it understands its customer base, transaction flows, systems, staff, outsourcing arrangements and residual risks.

A regulator may look at the same facts and conclude that the control is insufficient, poorly evidenced or inadequately governed.

The disagreement may relate to implementation of a requirement, the severity of a finding, or whether remediation should be immediate, staged, independently validated, board-approved or externally reported.

It becomes more difficult where the source material is not perfectly aligned. Regulations, codes, guidance notes, sectoral guidance, national risk assessments and supervisory expectations all develop over time.

Some guidance predates later risk assessments. Some obligations are expressed as principles, while other expectations emerge through supervisory practice.

In AML, for example, one may ask how much weight should be given to an older risk indicator if the more recent national risk assessment does not identify that risk with the same prominence.

These are not academic questions. They arise during on-site examinations, remediation programmes, shareholder controller filings, mergers and acquisitions, exits from the Bermuda market and new product launches. They arise because businesses change, acquire, divest, outsource, automate, consolidate and discover that what looked clear on paper is less clear in practice.

Litigation may be necessary in some cases, but it is blunt, expensive, slow and often destructive to the working relationship. In regulatory conflict resolution, the choice is not binary: either all-out litigation or unquestioning compliance.

A mature relationship allows deeper engagement, reflection and principled resolution. That is the nature of non-litigation regulatory conflict resolution.

The first step is honesty. A company should not agree with a regulatory finding simply to make the matter go away. That may feel convenient, but it is unfair to the company, unfair to the board and unfair to the regulator. If the finding is wrong, overstated or missing important context, the regulator needs to know that. A risk-based framework depends on feedback from the institution closest to the risk.

The second step is clarity. Clarity requires writing. Meetings are useful for tone, explanation and clarification, but they are rarely enough for nuanced disputes. The company should create a record: what the regulator appears to be saying, what the company accepts, what it does not accept, the legal or regulatory basis for its position, the risk facts relied upon, the evidence available and the proposed way forward.

The third step is precision. Do not merely say, “we disagree”. Identify the exact point of disagreement. Is it factual, legal, proportional, operational, evidential or procedural? Different problems require different answers.

The fourth step is to offer a solution. Regulators exist, among other things, to protect the public interest, maintain confidence and ensure compliance. If a company disagrees, it should still propose a route that achieves the regulatory outcome. That may mean enhanced reporting, board attestation, independent testing, revised policies, additional monitoring, staged remediation or a formal commitment letter.

The fifth step is to preserve the legal record. Bermuda’s enforcement materials recognise written representations as part of the Warning Notice and Decision Notice process, giving licensees and individuals a reasonable opportunity to make representations before final enforcement decisions in relevant cases.

That formal process should not be treated as the first time a company explains itself. By then, the record should already show that the company engaged seriously, respectfully and thoroughly.

Ultimately, disagreement with a regulator is not a breakdown in the relationship. Avoiding disagreement at all costs is the real danger.

A healthy regulatory relationship is not one where the company says “yes” to everything. It is one where both sides can test assumptions, correct misunderstandings, identify better controls and still act professionally.

In a proportionate, risk-based system, conflict is inevitable. Fortunately, well-managed conflicts result in clearer, stronger and more sophisticated regulation and supervision.

First Published in The Royal Gazette, Legally Speaking column, July 2026

Share
More publications
Appleby-Website-Privacy-and-Data-Protection
8 Jul 2026

Bermuda Privacy Commissioner Signals Shift to Stronger PIPA Enforcement

The Office of the Privacy Commissioner (PrivCom) has issued its first annual report since Bermuda's Personal Information Protection Act 2016 (PIPA) came fully into force, with the reports content signaling a transition from education and implementation to a stronger focus on enforcement.

Bermuda-1024x576-1
1 Jul 2026

A Forest for the Future

A first since the blight, the airport cedar forest is growing tall and standing strong.

Appleby-Website-Regulatory-Practice
1 Jul 2026

Complied out of business

Firms are complying themselves out of business because compliance no longer matches the evolving sophistication of the Bermuda Monetary Authority (BMA).

Appleby-Website-Insurance-and-Reinsurance
1 Jul 2026

The long game: how Bermuda became the world’s life reinsurance capital

Ask a life insurer in New York, London or Tokyo where the liabilities behind their book ultimately sit and there is an increasingly good chance the answer is a 21-square-mile island in the North Atlantic.

Appleby-Website-Insurance-and-Reinsurance
1 Jul 2026

Record H1’26 Cat Bond Issuance Driven by Rising Sponsor Comfort and Diversified Risk

With H1 2026 officially breaking the record for the most catastrophe bond deals to come to market and settle in the first six months of the year, a key trend driving this momentum is how comfortable sponsors have become with the mechanics of the overall cat bond space. This familiarity has ultimately encouraged a wave of new sponsors to enter the market, according to Brad Adderley, Managing Partner at law firm Appleby.

Appleby-Website-Employment-and-Immigration
12 Jun 2026

The Cost of Getting Employee Departures Wrong: Five Common Pitfalls for Bermuda Employers

Employee departures are an inevitable part of running a business, but the way they are managed can have significant legal, financial and operational consequences. In Bermuda, employers who approach terminations without adequate preparation may expose themselves to unnecessary disputes, regulatory issues, and reputational harm. Whether an employee is being dismissed for performance reasons, made redundant or departing as part of a negotiated exit, by recognizing the following common mistakes and taking a proactive approach, organizations can manage departures more effectively and reduce risk.

Appleby-Website-Privacy-and-Data-Protection
8 Jun 2026

It’s time to bridge Pipa compliance gap

A review of 200 publicly available privacy notices of companies in Bermuda has revealed that just one in nine are fully compliant with the Personal Information Protection Act 2016.

Appleby-Website-Privacy-and-Data-Protection
26 May 2026

Transparency is a legal requirement under Pipa

Major companies across the European Union have faced substantial fines between 2019 and 2024, estimated at a total of €930 million (about $1.08 billion), not only for cyberattacks or data breaches, but also for issues such as noncompliant privacy notices. A common theme in many cases has been a lack of transparency.

Appleby-Website-Insurance-and-Reinsurance
8 May 2026

Outsourcing considerations for Bermuda insurers

As Bermuda insurers engage with third-party service providers to support their business functions, the Bermuda Monetary Authority has clarified its regulatory expectations surrounding outsourcing arrangements and operational resilience.

Economic Substance
27 Apr 2026

Economic substance regime now falls under Cita

Recent amendments to Bermuda’s economic substance regime have transferred regulatory responsibility from the Registrar of Companies to the Corporate Income Tax Agency.