Subcontractors, security, and audit and termination rights will require special consideration under forthcoming EBA outsourcing guidelines.
Recent growth in divestiture and carve-out deals in the M&A landscape, including...more
10/29/2019
/ Acquisitions ,
Banking Sector ,
Carve Out Provisions ,
Contract Terms ,
Divestiture ,
European Banking Authority (EBA) ,
Exit Strategies ,
Financial Institutions ,
Mergers ,
Outsourcing ,
Regulatory Standards ,
Subcontractors ,
Third-Party Service Provider ,
Transitional Arrangements
The FSB is reviewing cloud provider concentration risk in the latest example of regulator concern over reliance on leading cloud providers by financial services institutions.
The Financial Stability Board (FSB), an...more
How can private equity firms identify and mitigate inherited liability risk from vulnerable portfolio companies?
Ongoing big ticket regulatory fines coupled with high profile corporate veil cases indicate that private...more
9/30/2019
/ Acquisitions ,
British Airways ,
Data Breach ,
Due Diligence ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Mergers ,
Piercing the Corporate Veil ,
Portfolio Companies ,
Private Equity ,
Private Equity Firms ,
Risk Assessment ,
Risk Mitigation ,
Successor Liability ,
UK
Recent action by the Hamburg authority may present implications for companies regulated by a lead data protection supervisory authority in Europe.
A German supervisory authority has initiated an investigation into Google’s...more
UK confirms reciprocal requirements for digital services providers to appoint UK representatives for NIS purposes, following Brexit.
Following a consultation process, the UK government has now confirmed that it will put...more
Das ICO kündigt an, Bußgelder gegen British Airways und Marriott zu verhängen. Was ist passiert, wie geht es weiter?
Am 8. Juli 2019 kündigte das Information Commissioner’s Office (ICO) an, gegen British Airways wegen...more
The guidance clarifies the interplay between the PECR and GDPR and provides practical steps to achieving cookie compliance.
The UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO),...more
The ICO issued notices of intent to fine British Airways and Marriott. What happened?
On 8 July 2019, the UK Information Commissioner’s Office (ICO) announced a notice of intent to fine British Airways £183.39 million (about...more
7/12/2019
/ British Airways ,
Corporate Fines ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Popular ,
UK
Broadly written rules would allow the Russian government greater central control over content and data flows, and greater access to users’ information.
On May 1, 2019, the Russian President signed draft law No. 608767-7,...more
Online services have until 31 May to respond to 16 draft standards of age-appropriate design.
The ICO is required by s123 of the Data Protection Act 2018 to prepare a code of practice which contains guidance on standards...more
Companies should identify data flows, implement a data transfer solution, and update internal documents and privacy notices.
Since our blog on “What a “No Deal” Brexit Means for UK Data Privacy”, the European Data...more
3/20/2019
/ Article 50 Treaty of the EU ,
CNIL ,
Data Privacy ,
Data Protection ,
DIFC ,
EU ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Ireland ,
Member State ,
No-Deal Brexit ,
UK ,
UK Brexit ,
Withdrawal Agreement
The guidelines create new obligations for financial, payment, and electronic money institutions that will impact cloud outsourcing and deployment of FinTech.
On 25 February 2019, the European Banking Authority (EBA)...more
3/19/2019
/ Cloud Service Providers (CSPs) ,
Cloud Storage ,
Commission Delegated Regulation ,
EU Directive ,
European Banking Authority (EBA) ,
Financial Institutions ,
FinTech ,
Information Reports ,
MiFID II ,
Outsourcing ,
Payment Systems ,
UK
The DIFC guidelines provide practical guidance for DIFC-registered entities engaging in electronic direct marketing, including useful “dos” and “don’ts”.
What Do DIFC-Registered Entities Need to Know?
In January 2019,...more
2/4/2019
/ DIFC ,
Direct Marketing ,
Dubai ,
Electronic Communications ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
UK ,
UK Data Protection Act ,
United Arab Emirates (UAE)
The European Commission adopted its adequacy decision for Japan on 23 January 2019, opening the doors for personal data to flow freely between the two major global economies.
The Adequacy Decision -
Following two years...more
The Guidance provides helpful clarifications for service providers and their customers on both sides of the Atlantic.
Long-awaited guidance on the territorial scope of the General Data Protection Regulation (GDPR) has been...more
Technology outsourcing by financial institutions (FIs) has increased in recent years as FIs look to the latest innovations to improve their day-to-day business processes and to reduce costs. FIs outsource key functions to a...more
The EBA’s draft guidelines on outsourcing will impact cloud outsourcing and institutions’ deployment of FinTech.
On 4 September 2018, a wide audience of interested individuals gathered at Canary Wharf for a public hearing...more
9/14/2018
/ Capital Requirements Regulation (CRR) ,
Cloud Computing ,
Consultation ,
CRD IV Directive ,
EU ,
European Banking Authority (EBA) ,
FinTech ,
MiFID II ,
Outsourcing ,
Popular ,
PSD2 ,
UK ,
UK Brexit
FCA Chair hints that new regulation addressing data ethics in the FinTech space may be on the horizon.
Will societies of the future be ruled by algocracy, in which algorithms decide how humans are governed? ...more
The UK agency’s principles-based guidance on cybersecurity for OES adds important detail to NIS Directive obligations.
The National Cyber Security Centre (NCSC) has published introductory guidance for operators of...more
Proposed changes provide indication of the yet-to-be-published contents of the NIS Directive’s implementing regulation.
The UK government moved closer to implementing the Security of Network and Information Systems...more
The FCA has published a Feedback Statement on Distributed Ledger Technology, setting out its views and proposed next steps.
Key Points:
..Respondents to the FCA’s initial Discussion Paper were supportive of the FCA...more
Regulatory sandboxes are becoming a global trend, providing plenty of opportunities for innovative businesses.
Pioneered in the UK as part of the Financial Conduct Authority’s (FCA) “Project Innovate”, a regulatory sandbox...more
The Bank of England (BoE) announced on 19 July 2017 that it is extending direct access to its real-time gross settlement (RTGS) service to non-bank payment service providers (i.e., e-money institutions and payment service...more
Cloud services come with the promise of many benefits for the financial services sector. Cloud computing offers large-scale and cost-effective solutions for data storage and efficient processing and is also the underlying...more
The Financial Conduct Authority (FCA) has provided an update on its regulatory sandbox initiative. The sandbox is part of Project Innovate, and allows businesses (whether already authorised or not) to test new offerings in...more