Trouble viewing this email? Read it online
 

cummings-logo-2013 (2).jpg

 

Welcome to Euro Shorts, a short briefing on some of the week’s developments in the financial services industry in Europe.

If you would like to discuss any of the points we raise below, please contact me or one of our other lawyers.  

claire-cummings.jpg

Claire Cummings

020 7585 1406
claire.cummings@cummingslaw.com
www.cummingslaw.com


block-bullet.jpg

ICO expands its GDPR guidance on accountability and governance and security

ICO has updated its guide to the GDPR in relation to accountability and governance and security. It now explains why accountability is important and what organisations need to do to ensure compliance including introducing data protection policies and understanding the "data protection by design and default" approach to designing new products, processes and systems. The guide also outlines the requirements the GDPR imposes in respect of information security and the differences to the requirements under the previous Data Protection Act 1998 regime.  The expanded Guide now covers: (i) why accountability is important and what organisations need to do to ensure compliance including introducing data protection policies and understanding the "data protection by design and default" approach to designing new products, processes and systems; and (ii) what requirements the GDPR imposes in respect of information security and the differences to the requirements under the previous Data Protection Act 1998 regime. The section of the Guide dealing with security also sets out the organisational and technical measures that organisations should adopt.


block-bullet.jpg

ICO expands its guidance on data portability

ICO has updated its guidance on data portability contained in its guide to the General Data Protection Regulation. It now explains what data portability is and when the right will apply, the kind of data that the right to data portability will apply to, and the types of permissible formats for data portability requests and responsibilities of controllers and third parties sending and receiving data.  The expanded section of the Guide now covers: (i) what data portability is and when the right will apply; (ii) the kind of data that the right to data portability will apply to; and (iii) the types of permissible formats for data portability requests and responsibilities of controllers and third parties sending and receiving data.
 


block-bullet.jpg

UK Finance FAQs on GDPR

UK Finance recently published a set of FAQs on the GDPR.  The FAQs consider a range of issues, including: (i) how will the GDPR impact on consumers of financial services and what changes will they notice; (ii) how will firms' obligations change; (iii) will firms always need customer consent to process personal data; (iv) how will the GDPR affect marketing; (v) is there any connection with Open Banking or the revised Directive on payment services in the internal market; and (vi) what impact will Brexit have.  UK Finance is working closely with its members, the government and regulators to ensure that the GDPR is effectively implemented in the UK. In particular, this means ensuring that firms can continue to meet their wide-ranging obligations, including protecting customers, managing risk and preventing crime (such as money-laundering and fraud). Firms must achieve these important objectives while also meeting the GDPR's data protection and privacy standards.
 


block-bullet.jpg

New ESMA one-stop company portal 

ESMA has recently published a new one-stop company portal, which enables investors to establish whether a financial service provider is authorised within the EU.  An accompanying press release explains that the portal provides investors with information on certain types of firm including the following: (i) investment firms authorised under the MiFID II Directive (2014/65/EU), including systematic internalisers; (ii) MiFID trading venues; (iii) MiFID data reporting service providers; (iv) UCITS management companies; and (v) fund managers authorised under the AIFMD, including funds that are managed, or marketed, in the EU.  The portal also refers to sanctions applied by competent authorities in member states under various EU legislation.


block-bullet.jpg

ECB Supervisory Board Chair comments on money laundering risk

The ECB published a letter from Daniele Nouy, ECB Supervisory Board Chair, to Sven Giegold, Member of the European Parliament, on money laundering risks.  Among other things, Ms Nouy commented on the assignment of competences in AML matters and the flow of information between relevant authorities. Ensuring compliance with, and enforcement of, national AML legislation is a national competence. The ECB fully co-operates with national authorities to the extent permitted by law and the ECB relies on them to share information proactively. Closer co-operation among relevant authorities is needed.  MLD5 is a step towards enhancing co-operation however, it may not be sufficient to ensure co-operation is smooth and all-encompassing. Establishing a European AML authority could bring about this degree of improved co-operation. Ms Nouy commented on the integration of money laundering risks in prudential supervision. AML is incorporated to some extent in the ECB's supervisory assessments. The SSM supervisory review and evaluation process methodology includes the components necessary for a comprehensive prudential treatment of AML risk.
 


block-bullet.jpg

ECB framework for testing resilience to cyber attacks

The ECB recently published the European Framework for Threat Intelligence-based Ethical Red Teaming (TIBER-EU), which is the first EU-wide framework for controlled and bespoke tests against cyber-attacks in the financial sector. TIBER-EU is designed to enable EU and national authorities to work with financial infrastructures and institutions to put in place a programme to test and improve their resilience against sophisticated cyber-attacks. A test involves the use of a variety of techniques to simulate an attack on an entity's critical functions and underlying systems (that is, its people, processes and technologies) to help an entity to assess its protection, detection and response capabilities.  Financial infrastructures and institutions are encouraged to work closely with their regulators to establish a framework that will enhance the cyber resilience of their sector. 


block-bullet.jpg

Investment Association and KPMG report on building cyber resilience in asset management sector

The Investment Association (IA) recently published a report, produced jointly with KPMG, on building cyber resilience in asset management.  The report provides an overview of the key cyber security risks facing the asset management sector. Among other things, it also provides guidance on the practical steps firms can take to protect their business from cyber-attacks, and considers the advantages of a more collaborative sector-wide response to tackling cyber threats. In particular, the report calls on boards and senior management at firms to increase collaboration across the sector, and invest in developing a cyber-response framework that allows firms to rapidly detect, respond and recover from potential attacks.  In a related press release, the IA explains that to help firms with cyber resilience it has also launched a Cyber Security Committee. The committee, which met for the first time in April 2018, will work with firms, regulators and public authorities to ensure the sector is leading edge, and to develop industry guidance on cyber security.  In the press release, the IA also advises that the City of London Police are launching "Cyber Griffin". This is a new initiative designed to make the Square Mile more secure from cyber-attacks. Specially-trained officers will lead a series of community-focused exercises that will include threat briefings, intelligence sharing and incident response training.

 
 

block-divider.jpg

We have taken great care to ensure the accuracy of this version of Euro Shorts. However, Euro Shorts is written in general terms and you are strongly recommended to seek specific advice before taking any action based on the information it contains. No responsibility can be taken for any loss arising from, action taken or refrained from on the basis of this publication. If you would like to be removed from the mailing list of this publication please click unsubscribe below. Nothing within this communication may be copied, re-printed or similar without prior written consent from Cummings.

Authorised and regulated by the Solicitors Regulation Authority. Please contact us if you would like to arrange a meeting. This message (including any attachments) from the law firm of Cummings is confidential and may contain information which is proprietary, privileged or otherwise legally protected against unauthorised use or disclosure. If you are not the intended recipient, please do not read, copy, distribute, disclose or otherwise use or place any reliance on any information in this message or any attachments; and please alert the sender by return e-mail, delete this message and any attachments from your system and destroy any hard copies. Neither Cummings nor the sender accepts liability for any corruption, interception or unauthorized amendment of messages or attachments transmitted by e-mail. It is your responsibility to scan this message and any attachments for computer viruses in accordance with good working practice. The firm is not authorised by the Financial Conduct Authority, but is authorised and regulated by the Solicitors Regulation Authority (for the code of conduct please see www.sra.org.uk/rules) and undertakes certain activities in relation to investments which are limited in scope and incidental to its legal services or which may reasonably be regarded as a necessary part of its legal services.

Cummings

Tel: + 44 20 7585 1406
Mob: + 44 7734 057 327

Cummings Law
42 Brook Street
London Greater London W1K 5DB
United Kingdom

www.cummingslaw.com

14 12 2018

 
 

Subscribe a friend | Unsubscribe

email sent by multimail

REPORT ABUSE