Category

Enforcement

15 June 2017

CFTC Approves Amendments to Recordkeeping Rules

On May 23, 2017, the Commodity Futures Trading Commission (CFTC) unanimously approved proposed amendments to the recordkeeping obligations set forth in CFTC Regulation 1.31 (Recordkeeping Rule) which is applicable to all CFTC registered entities and other persons required to maintain records under the Commodity Exchange Act (CEA). The final amendments are intended to modernize the Recordkeeping Rule by making the form and manner in which regulatory records must be kept technology-neutral. The amendments provide recordkeepers with greater flexibility regarding the retention and production of CFTC regulatory records. The CFTC indicated that it does not believe the amendments impose any new recordkeeping requirements on any recordkeeper, and existing recordkeeping methods remain valid for compliance with the amended Recordkeeping Rule should a recordkeeper choose not to take advantage of the less-prescriptive, principles based approach of the amended Recordkeeping Rule. The final amendments also reorganized the Recordkeeping Rule for ease of understanding, including by adopting new definitions. The amendments represent a long-awaited and generally positive modernization of important CFTC rules that have often frustrated market participants. The effective date for the amended Recordkeeping Rule is August 28, 2017. (more…)

SHARE
EmailPrintShare
01 June 2017

English High Court Limits Scope of Privilege for Documents Generated During the Course of Internal Investigations

The English High Court recently handed down a judgment which limits the circumstances in which companies will be able to assert legal professional privilege in documents created as part of an internal investigation into potential criminal activity. The Court ruled that a claim for litigation privilege in the context of a criminal investigation will only be valid where, at the time that the relevant documents were created, the prospective defendant has sufficient knowledge about the matter to believe that there is a realistic prospect that a prosecutor will have enough material to proceed with a prosecution. The belief that a prosecutor will commence an investigation into a company is not sufficient to establish a claim for litigation privilege. The judge’s narrow interpretation of legal advice privilege also means that notes of interviews with employees will generally not attract privilege unless they provide “clues” as to aspects of legal advice given to the company. (more…)

SHARE
EmailPrintShare
30 May 2017

Money Laundering Regulations 2017: Preparing for the UK’s New Customer Due Diligence Regime

The UK is expected to introduce its updated customer due diligence regime with effect from June 26 or shortly thereafter. The changes are wide-ranging and will affect virtually all financial services firms doing business in the UK.

The Government has published a near-final draft of the new legislation. To the extent they’ve not already started, affected firms should be planning for the changes that will be required to their existing policies, procedures and systems.

In this post, we highlight the key issues for financial services firms, and propose a series of action points that they may wish to consider over the next month as they move to implement the new requirements. (more…)

SHARE
EmailPrintShare
30 March 2017

Italian DPA Imposes Largest Ever Fine Imposed by a European Data Protection Authority: UK Payments Company Found to Have Breached Consent and Other Rules

On February 2, the Italian Data Protection Authority, known as the “Garante,” imposed a fine of EUR 5,880,000 on a UK money transfer company that it found to be in violation of Italian data privacy rules. This is the largest ever publicly-known fine imposed by an EU data protection authority, and it approaches the level of fines that are likely to be imposed under the EU’s General Data Protection Regulation (“GDPR”) that will come into force in May 2018. Although the GDPR is not yet in force, the Garante’s enforcement action shows that European data protection authorities are willing to levy the kind of fines allowed by the GDPR.

(more…)

SHARE
EmailPrintShare
17 March 2017

NAIC creates new Innovation and Technology (EX) Task Force

The National Association of Insurance Commissioners (NAIC) has created a new task force to monitor technology, data collection and Cybersecurity developments in the insurance industry.  The Innovation and Technology (EX) Task Force (IT Task Force) was formed on March 9, 2017 and reports directly to the NAIC’s Executive Committee.  The  IT Task Force will appoint and oversee the work of the following NAIC groups:  the Big Data Working Group, the Cybersecurity Working Group and the Speed-to-Market Working Group.  According to the NAIC’s March 9, 2017 press release, the IT Task Force’s purpose is to help insurance regulators stay informed about technology-related developments, products and services in the insurance industry, including start-up companies, and to ensure they meet consumer expectations and ensure consumer protections.  The press release notes that annual investment in insurance technology (InsurTech) has increased to more than $2.5 Billion and continues to grow.

(more…)

SHARE
EmailPrintShare
07 March 2017

ICO Publishes Draft Guidance on Consent Under the GDPR and Submit it to Public Consultation

On 2 March 2017, the UK Information Commissioner’s Office (“ICO”) published detailed draft guidance on consent under the GDPR and has submitted it for public consultation. This is the ICO’s first piece of specific GDPR guidance published further to its overview of the GDPR published last January.

The guidance sets out the ICO’s interpretation of the new requirements to obtain valid consent under the GDPR including its view of the role of consent in the GDPR, the benefits of getting consent right and the penalties for getting it wrong. The guidance also explains: (i) when consent is required or appropriate (or not) and the alternative to consent; (ii) what constitutes valid consent under the GDPR with specific guidance on children’s consent and consent for research purposes; (iii) advice on how to obtain, record and manage consent; and (iv) a consent checklist.

(more…)

SHARE
EmailPrintShare
02 March 2017

The Continuing Impact of the Judgment of the Court of Justice of the European Union Declaring Invalid the European Commission’s Decision on U.S.-EU Safe Harbor

The decision by the Court of Justice of the European Union (the CJEU) on Oct. 6, 2015, invalidating the U.S.-EU Safe Harbor Decision (the Judgment) is a landmark judgment. Case C-362/14 Maximillian Schrems v Data Protection Commissioner [2015] ECLI: EU:C:2015:650. By voiding the legal basis for transatlantic data transfers for the 4,400 companies reliant on U.S.-EU Safe Harbor, the Judgment began what has been a seismic year for data protection and crossborder data transfers in the European Union, whose aftershocks will reverberate throughout 2017 and beyond.

Read More

SHARE
EmailPrintShare
28 February 2017

NYDFS issues final cybersecurity regulations, setting new industry standard for cybersecurity controls

On February 16, 2017, the New York State Department of Financial Services (the “NYDFS”) issued its final regulations setting forth minimum requirements for NYDFS-regulated entities to address cybersecurity risk (“Final Regulations”).  The NYDFS issued the Final Regulations after considering feedback and criticism received during two comment periods  — one following the NYDFS’s initial publication of the proposed regulation (on September 13, 2016) and a second comment period after the NY DFS published a revised version of the regulation (on December 28, 2016.)

The Final Regulations will be effective as of March 1, 2017, with a transitional period of 180 days from that date for Covered Entities to comply with the Final Regulations, except for certain enumerated provisions for which longer compliance periods are specified.  The annual certification of compliance (covering the prior calendar year) will be required beginning on February 15, 2018.

(more…)

SHARE
EmailPrintShare
24 February 2017

New NACD Cyber-Risk Handbook a Reminder of Critical Board Oversight Duties

*This article first appeared in Bloomberg BNA Corporate Law & Accountability Report on February 23, 2017

On Jan. 12, 2017, the National Association of Corporate Directors (NACD) released its new “NACD Director’s Handbook on Cyber-Risk Oversight.” The NACD has suggested that directors can use this Cyber-Risk Oversight Handbook as a resource to “[l]earn foundational principles for board-level cyber-risk oversight” and gain insight into issues including how to:

  • “allocate cyber-risk oversight responsibilities at the board level”;
  • address “legal implications and considerations related to cybersecurity”;
  • “set expectations with management about the organization’s cybersecurity processes”;
  • “improve the dialogue between directors and management on cyber issues”; and,
  • “improve and enhance boardroom practices.”

Read More

SHARE
EmailPrintShare
21 February 2017

Transatlantic Data flow – the new Swiss – U.S. Privacy Shield available April 12, 2017

Following the establishment of the E.U. – U.S. Privacy Shield last summer, Switzerland has now agreed to a similar framework facilitating the transfer of personal data from Swiss companies to companies based in the United States (hereinafter “Swiss – U.S. Privacy Shield” or “Privacy Shield”) that will allow companies to certify adherence to the framework as of 12 April 2017.

(more…)

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator