The Financial Conduct Authority (“FCA”) have stated that compliance with the EU General Data Protection Regulation (“GDPR”) is now a board level responsibility, and that firms must be able to produce evidence to demonstrate the steps that they have taken to comply.

The FCA requirement to treat customers fairly is also central to both data protection law and the current financial services regulatory framework. When the FCA makes rules, it takes into account how such requirements will affect the privacy interests of individuals such as firms’ customers and employees.

The FCA recognises the need for discussions to ensure specific details of the GDPR can be implemented consistently within the wider regulatory landscape.

Accordingly, the FCA and the Information Commissioner’s Office (“ICO”) are working closely together in preparation for the GDPR; one example being a recent jointly hosted GDPR Roundtable with firms and industry bodies to listen to industry concerns.

While the ICO will regulate compliance with the GDPR, this is also something the FCA will consider under its rules. For example, the requirements in the Senior Management Arrangements, Systems and Controls sourcebook lay down obligations for firms to establish, maintain and improve appropriate technology and cyber resilience systems and controls.

The FCA and ICO have stated that they will continue to collaborate in the coming months to address concerns firms raise and support firms’ preparations for the introduction of the GDPR in May 2018.

The post GDPR Compliance is now a board level responsibility first appeared on Complyport - Your Trusted Partner in Governance, Risk, Compliance & Technology .

The Financial Action Task Force (FATF) have issued additional guidance on Private Sector Information Sharing which aims to improve effective information sharing, one of the cornerstones of the FATF Recommendations.

Information sharing is crucial for combatting money laundering, terrorist financing and financing of proliferation, particularly as multinational money laundering schemes don’t respect national boundaries.

It’s important that information concerning financial activity with possible links to crime and terrorism is shared in a timely and effective manner between and with both the public and the private sectors.

Firms should therefore not be unduly prevented from sharing information, but a number of legal constraints and operational challenges may prevent effective exchange of information between different firms belonging to the same group. For example, data protection and privacy laws such as the forthcoming General Data Protection Regulation give individuals the right to privacy and to protect their personal data.

The UK’s Joint Money Laundering Intelligence Taskforce was established in February 2015 and is now a permanent part of the UK’s response to money laundering and terrorist financing, bringing together the government, the British Bankers Association, law enforcement and more than 40 major UK and international banks, providing an environment for the financial sector and government to exchange and analyse intelligence.

FATF is an inter-governmental body established in 1989 with the objectives to set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system.

The post Information Sharing in the Private Sector first appeared on Complyport - Your Trusted Partner in Governance, Risk, Compliance & Technology .