We have carefully selected relevant news stories that you should be aware of from March 2019
Danske Bank selected for Nordic & Baltic Fintech initiative
March 18th 2019: Denmark’s Danske Bank has been selected as the official bank partner for the Nordic and Baltic fintech initiative – Lighthouse Development Program. This was established jointly by Mastercard and Sweden-based, NFT Ventures.
The Lighthouse program is a collaboration between prominent Nordic banks, global financial companies and FinTech start-ups. It allows the partners to work with and guide the start-ups in the course of their businesses. The Lighthouse program currently has 15 FinTechs from 3 countries attending its first ever session in Copenhagen (Source).
W2 viewpoint: Having worked alongside Sky Betting & Gaming as an integral part of their 2018 Colab program, it is interesting to hear what other FinTechs & RegTechs are doing. This is an area where W2 Global Data can add value and one that our clients should keep an eye on.
Lack of AML prosecutions
March 18th 2019: Lack of UK AML prosecutions raises concerns. The introduction of the UK’s new Money Laundering Regulations in 2017 has not been backed up with action. A Freedom of Information (FOI) request has revealed that no prosecutions were brought in the new regime’s first year.
Concerns have been raised about the UK’s anti-money laundering (AML) commitment. The FOI request was filed by Ruth Paley, a principal associate at Eversheds Sutherland in London, who said that the failure to bring any new prosecutions during that period is not necessarily a problem on its own. It is surprising and a missed opportunity to deter possible offenders (Source).
W2 viewpoint: Low adoption rates does make you wonder if the 5th AMLD will see offending rates get worse or better over time.
Regulators halt ING new business
March 16th 2019: ING Group NV was told to stop taking on new clients in Italy. The country’s central bank found shortcomings in money laundering checks at the country’s biggest online lender. The Bank of Italy identified compliance issues at the Amsterdam-based lender during a four-month inspection in Italy.
Milan prosecutors have opened a related money-laundering probe, Il Sole 24 Ore reported. After acknowledging “serious shortcomings” in executing due diligence policies to prevent financial crime at its Dutch unit from 2010 to 2016, Chief Executive Officer Ralph Hamers emphasized on multiple occasions that the bank had learned its lesson. Koos Timmermans, who was the chief financial officer, resigned after public discontent (Source).
W2 viewpoint: ‘shortcomings in money laundering checks’ indicates there may be a lot more to come on this case, so watch this space.
Open banking standards
March 14th 2019: The latest version of the OpenBanking Standards (v3.1.1) has been released. This includes updates to the Read/Write API Specification & Customer Experience Guidelines v1.2, enabling a solution that can support delivery of PSD2 & RTS compliance (Source).
W2 viewpoint: Technical changes to the Open Banking standards will impact on adoption rates of Open Banking.
ICO doubts on data breach reporting
March 10th 2019: ICO data raises doubts over UK firms’ ability to manage breaches. Most ICO data breach reports are late and incomplete prior to full GDPR implementation. This raises doubts about breach prevention, detection and response capabilities. Analysis of the data shows that, on average, it took companies 60 days to identify they’d been a victim of a data breach, with one business taking as long as 1,320 days (Source).
W2 viewpoint: Our Data Protection Officer (DPO) and Information Security Manager (ISM) closely track ICO findings. We can then share any lessons learned be shared with our clients. All businesses need a well-considered Incident Response Plan and Incident Response Policy in place should you ever find yourself needing to use it.
NIST Privacy framework
March 7th 2019: RSA Conference 2019 – NIST’s Privacy Framework Starts to Take Shape. Data privacy has been thrust into the limelight with the passage of the General Data Protection Regulation in Europe last year and a string of high-profile consumer privacy snafus.
The National Institute of Standards and Technology has plans to help companies address data privacy with the development of a Privacy Framework, which is due to be finalised by October. The NIST has proposed five functions of the framework: identify, protect, control, inform and respond.
Each of these headings will contain a set of best practices and approaches for achieving desired outcomes. NIST is still actively soliciting feedback on the Privacy Framework throughout the development process leading up to its publication later this year. (Source).
W2 viewpoint: Our DPO, ISM and wider InfoSec team closely monitor the development of new standards, tools and techniques for potential deployment as a part of our Cyber Security program.
Verify platform to cost £40m
6th March 2019: UK government ‘Verify’ platform predicted to cost £40m over the next decade. The National Audit Office said the problems with Verify were similar to ‘the failings in major programmes that we often see’. It concluded that successive decisions to continue with it were not justified. The Government Digital Service (GDS), part of the Cabinet Office, developed Verify in 2016 to be an easier way for people to prove their identities so they can access online government services securely (Source).
W2 viewpoint: The Government Guidance ‘Identity proofing and verification of an individual’ is available here Good Practice Guide (GPG) 45.
Privacy accountability shortfall
March 5th 2019: Organisations should be doing more to achieve privacy accountability. The Global Privacy Enforcement Network’s (GPEN) annual intelligence gathering operation looked at how well organisations have implemented the core concepts of accountability into their own internal privacy policies and programs.
The joint study is carried out by data protection regulators across the globe and this year looks at how they have taken responsibility for complying with data protection laws. Whilst there were examples of good practice, it was found that a number of organisations had no processes in place to deal with the complaints and queries raised by data subjects, and were not equipped to handle data security incidents appropriately (Source).
W2 viewpoint: Organisations need to continually up their game when it comes to compliance with data protection regulations.
FATCA violation leads to conviction
February 22nd 2019: ICE removes UK national convicted of violating FATCA. A United Kingdom national has become the first person to be convicted of violating the Foreign Account Tax Compliance Act (FATCA) in the US. He was removed to his home country by U.S. Immigration and Customs Enforcement’s (ICE) Enforcement and Removal Operations (ERO) deportation officers.
FATCA is a federal law enacted in 2010 that requires foreign financial institutions to identify their US customers and report FATCA Information about financial accounts held by US taxpayers either directly or through a foreign entity. FATCA’s primary aim is to prevent US taxpayers from using foreign accounts to facilitate the commission of federal tax offenses (Source)
W2 viewpoint. Along with the GDPR, FinCen’s rulemaking to Investment Advisors, Dodd-Frank, the Foreign Corrupt Practices Act and even Brazil’s Clean Companies Act add up to a compliance maze. We’re keen to provide regular updates on the upcoming and future regulatory change before its too late to act. Even if it’s just awareness of new and potential overseas regulation.
We hope that you found the above update useful. Please let us know if there are any topics you want to hear more or less about.