The UK Network and Information Systems (NIS) Regulations 2018 will be strengthened in an effort to protect essential and digital services. On 30th November 2022, the UK government published its response to the public consultation on proposals to improve the UK’s cyber resilience. As the UK is no longer bound by EU legislation, it will not be implementing the NIS 2 Directive, recently adopted by European Parliament and Council. However, the frequency and scale of cyber incidents and consequent increased risk of severe damage has prompted change to UK cyber laws as well. Continue Reading UK expands scope of NIS Regulations
The National Cyber Security Centre (“NCSC“) has published guidance for medium and large organisations on how to assess and improve cyber security in their supply chains. The guidance is a supplement to the NCSC’s supply chain principles. Continue Reading NCSC releases guidance on cyber security in the supply chain
On October 26, 2022, the Securities and Exchange Commission (SEC) issued a new rule proposal that would prohibit registered investment advisers (IAs) from outsourcing certain services without satisfying due diligence, monitoring and reassessment requirements.Continue Reading SEC proposal on outsourcing by investment advisers
The European Commission published a proposal for a Cyber Resilience Act on 15 September 2022 (the ‘Regulation’), which aims to:
- ensure that cyber security is considered during the development of hardware and software products and is continuously improved throughout that product’s life cycle; and
- improve transparency so that users can take cybersecurity into account when selecting and using a product with digital elements.
The UK Financial Services and Markets Bill (“FSMB”) and the accompanying explanatory notes were published on 20 July. The FSMB signals upcoming reforms to the regulatory landscape in the UK financial services sector, including issues and challenges brought about by the adoption of technologies and digital assets.Continue Reading UK Financial Services and Markets Bill – what it means to technology providers and users in the financial services sector
Why regulating CTPs is necessary
Regulating CTPs to the financial sector is by no means a new concept. The EU’s Digital Operational Resilience Act (“DORA”), which looks to regulate critical Information Communication Technologies (“ICT”) service providers to the financial sector, has been provisionally agreed. Continue Reading UK announces plan to regulate critical third parties to the financial sector
The Securities and Exchange Commission (SEC) is proposing new rules to require registered funds (RFs) and investment advisers (RIAs) to implement comprehensive cybersecurity programs. Under the proposed rules, the SEC seeks to accomplish four main objectives, requiring RFs and RIAs to:
- Maintain and implement cybersecurity policies and procedures;
- Adopt new recordkeeping standards;
- Report significant cybersecurity incidents to the commission; and
- Disclose cybersecurity risks and incidents to clients and investors.
In July 2021, the European Commission (the Commission) adopted three proposals for regulations and one proposal for a directive of the European Parliament and of the Council in relation to reforms to the EU’s anti-money laundering (AML) and counter-terrorist financing (CTF) regime. The proposals serve to implement aspects of the Commission’s May 2020 action plan in respect of the same, with a view to addressing weaknesses in these areas. The key reforms include a new EU AML and CTF authority and a new EU single AML and CTF rulebook.
On 22 September 2021, the EU’s independent data protection authority, the European Data Protection Supervisor (EDPS), Wojciech Wiewiórowski, published an opinion on the Commission’s proposals, alongside a press release.
Overall, the EDPS’ opinion of the proposals is positive, welcoming the AML package and its objective to increase the effectiveness of AML and CTF. In particular, Mr Wiewiórowski praised the envisaged increased harmonisation of the AML and CTF framework at EU level, which includes the creation of a European authority.
Continue Reading European Data Protection Supervisor publishes opinion on the European Commission’s AML and CTF legislative proposals package
On 10 September 2021, the Department for Digital, Culture, Media & Sport (DCMS) launched a public consultation on its proposed reforms to the UK’s data protection regime, with a view to assessing the case for legislative change.
The consultation comes as the first step in the government’s plans to deliver on ‘Mission 2’ of its National Data Strategy, published in 2020: to secure a data regime that promotes growth and innovation for UK businesses, while also maintaining public trust.
The UK’s data protection regime has not received a substantive update since 2018 when the European Union’s General Data Protection Regulation (GDPR) took effect, alongside the introduction of the UK’s Data Protection Act 2018. The government’s National Data Strategy has suggested that the UK may start to move away from EU law when it comes to data protection.
According to the Secretary of State, the ultimate aim of the consultation is to ‘create a more pro-growth and pro-innovation data regime, whilst maintaining the UK’s world-leading data protection standards’.
Continue Reading DCMS launches public consultation on reforms to the UK’s data protection regime
City A.M. has interviewed Howard Womersley Smith, an expert Fintech and Data lawyer and partner in Reed Smith’s Technology & Data London team, on London’s current startup FinTech scene.
Sitting down with Womersley Smith, City AM reflected on a range of London Fintechs urging the Financial Conduct Authority (FCA) to break banks’ dominance over the use of consumer data. Womersley Smith sided with Fintechs and has long been saying that the startup scene needs exactly that to properly thrive in 2021. Fintechs have argued that the end of banks dominance would increase competition in the savings, credit, mortgages and pensions markets. However, Womersley Smith believes that we are some way off true portable banking. However, he noted that there is another factor in play, that of trust where banking with a household name provides an element of comfort for consumers which is difficult for challengers to compete with.
Continue Reading City A.M. interviews Howard Womersley Smith on London’s start up Fintech scene