Photo of Howard Womersley Smith

The European Commission published a proposal for a Cyber Resilience Act on 15 September 2022 (the ‘Regulation’), which aims to:

  • ensure that cyber security is considered during the development of hardware and software products and is continuously improved throughout that product’s life cycle; and
  • improve transparency so that users can take cybersecurity into account when selecting and using a product with digital elements.


Continue Reading EU Commission proposes Cyber Resilience Act to bolster the EU’s cyber security rules.

The UK Financial Services and Markets Bill (“FSMB”) and the accompanying explanatory notes were published on 20 July. The FSMB signals upcoming reforms to the regulatory landscape in the UK financial services sector, including issues and challenges brought about by the adoption of technologies and digital assets.

Continue Reading UK Financial Services and Markets Bill – what it means to technology providers and users in the financial services sector

The UK HM Treasury recently published its proposal for regulating critical third parties (“CTP”) to the finance sector, which was followed by the UK financial regulators’ joint Discussion Paper.

Why regulating CTPs is necessary
Regulating CTPs to the financial sector is by no means a new concept. The EU’s Digital Operational Resilience Act (“DORA”), which looks to regulate critical Information Communication Technologies (“ICT”) service providers to the financial sector, has been provisionally agreed.  

Continue Reading UK announces plan to regulate critical third parties to the financial sector

The Securities and Exchange Commission (SEC) is proposing new rules to require registered funds (RFs) and investment advisers (RIAs) to implement comprehensive cybersecurity programs. Under the proposed rules, the SEC seeks to accomplish four main objectives, requiring RFs and RIAs to:

  • Maintain and implement cybersecurity policies and procedures;
  • Adopt new recordkeeping standards;
  • Report significant cybersecurity incidents to the commission; and
  • Disclose cybersecurity risks and incidents to clients and investors.


Continue Reading SEC proposes cybersecurity rules for registered funds and investment advisers

In July 2021, the European Commission (the Commission) adopted three proposals for regulations and one proposal for a directive of the European Parliament and of the Council in relation to reforms to the EU’s anti-money laundering (AML) and counter-terrorist financing (CTF) regime. The proposals serve to implement aspects of the Commission’s May 2020 action plan in respect of the same, with a view to addressing weaknesses in these areas. The key reforms include a new EU AML and CTF authority and a new EU single AML and CTF rulebook.

On 22 September 2021, the EU’s independent data protection authority, the European Data Protection Supervisor (EDPS), Wojciech Wiewiórowski, published an opinion on the Commission’s proposals, alongside a press release.

Overall, the EDPS’ opinion of the proposals is positive, welcoming the AML package and its objective to increase the effectiveness of AML and CTF. In particular, Mr Wiewiórowski praised the envisaged increased harmonisation of the AML and CTF framework at EU level, which includes the creation of a European authority.
Continue Reading European Data Protection Supervisor publishes opinion on the European Commission’s AML and CTF legislative proposals package

On 10 September 2021, the Department for Digital, Culture, Media & Sport (DCMS) launched a public consultation on its proposed reforms to the UK’s data protection regime, with a view to assessing the case for legislative change.

The consultation comes as the first step in the government’s plans to deliver on ‘Mission 2’ of its National Data Strategy, published in 2020: to secure a data regime that promotes growth and innovation for UK businesses, while also maintaining public trust.

The UK’s data protection regime has not received a substantive update since 2018 when the European Union’s General Data Protection Regulation (GDPR) took effect, alongside the introduction of the UK’s Data Protection Act 2018. The government’s National Data Strategy has suggested that the UK may start to move away from EU law when it comes to data protection.

According to the Secretary of State, the ultimate aim of the consultation is to ‘create a more pro-growth and pro-innovation data regime, whilst maintaining the UK’s world-leading data protection standards’.
Continue Reading DCMS launches public consultation on reforms to the UK’s data protection regime

City A.M. has interviewed Howard Womersley Smith, an expert Fintech and Data lawyer and partner in Reed Smith’s Technology & Data London team, on London’s current startup FinTech scene.

Sitting down with Womersley Smith, City AM reflected on a range of London Fintechs urging the Financial Conduct Authority (FCA) to break banks’ dominance over the use of consumer data. Womersley Smith sided with Fintechs and has long been saying that the startup scene needs exactly that to properly thrive in 2021. Fintechs have argued that the end of banks dominance would increase competition in the savings, credit, mortgages and pensions markets. However, Womersley Smith believes that we are some way off true portable banking. However, he noted that there is another factor in play, that of trust where banking with a household name provides an element of comfort for consumers which is difficult for challengers to compete with.
Continue Reading City A.M. interviews Howard Womersley Smith on London’s start up Fintech scene

The European Commission is considering amending the existing rules for the financial sector regarding digital operational resilience, with a view to unifying and strengthening the legal framework in this area.

The proposed change to legislation would amend the existing Network and Information Security (NIS) Directive and create a new regulation on digital operational resilience, known