In the past few years there have been some major compliance and regulatory rules to for various industries and stakeholders to focus on. In this blog post we will address these and what you need to know to ensure you are currently compliant.
Major Compliance and Regulations we Hope you didn’t Miss!
GDPR, What do I need to know?
The General Data Protection Regulation (GDPR), was agreed upon by the European Parliament and Council in April 2016, and replaced the Data Protection Directive 95/46/ec in the o Spring 2018 as the primary law regulating how companies protect EU citizens’ personal data. Companies that are already in compliance with the Directive needed to ensure that they’re compliant with the new requirements of the GDPR when it became effective on May 25, 2018 (1).
Here are some of the requirements:
- Each individual must give explicit consent for their personal data to be collected and used.
- These individuals must understand how their information is going to be used.
- Companies must clearly stipulate the legal channels available should data-processing not comply with its agreed-upon use.
- All personal data must be wiped after a prescribed period of time.
- In the event of a serious cyberattack, companies must inform all those affected by the security breach, as well as the Information Commissioner’s Office, within 72 hours.
MIFID II, Meeting Data Transparency and Reporting Hurdles
Amid the regulatory requirements that have hit banks, financial firms are especially interested in a European regulation that came into effect on January 1, 2018. It’s Directive 2014/65/EU on markets in financial instruments – also known as Markets in Financial Instruments Directive II (MIFID II).
MIFID II affects all actors in the financial industry. On the one hand, it brings changes to the market structure, such as new rules about how to inform the market when selling a financial instrument, for example. It also means technological changes to make the markets more secure – changes that seek to create a better system and more effective consolidation of transaction data (2).
Under MiFID II, banks and financial firms must implement common data processes and data quality metrics, which will require adoption of data standards to ensure consistency of reporting across all regulated activities. They must also manage multiple identiﬁers, including industry standard Market Identiﬁer Codes (MIC) and the Global Legal Entity Identiﬁer (LEI).
AMLD4 and AMLD4.1, What Changes to Expect
Back in 2017, banks and other financial institutions faced an increasingly daunting framework of anti-money-laundering (AML) laws and regulations. During the past several years, regulatory agencies have been aggressively stepping up their enforcement actions. In 2017 there were some signifigant changes to AML4, also known as AML4.1. Although the regulation underwent changes some time ago, it’s keen to ensure you are complying regularly. In May 2016, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) imposed formal CDD requirements, and US financial institutions will had until May 11, 2018 to comply with those rules. Now is a good time to do a health check on compliance (3).
AML 4.1 increased the frequency with which financial institutions have to conduct due diligence checks, also known as Know Your Customer (KYC) checks on their customers, thereby increasing the already significant cost of compliance.It also exposed the frailties of many financial instituitions existing systems, too reliant on manual processes and ill-designed for the modern digital financial service environment and the use of totally digital channels, leaving financial services providers to find an alternative technology to bridge the gap. If you haven’t already updated your legacy systems, it’s not too late, now is the time!
Are you up to speed on the California Consumer Privacy Act?
The California Consumer Privacy Act (AB 375, or CCPA for short) is a law passed by California’s state legislature in June of 2018.
As detailed below, the CCPA establishes a new privacy framework for Covered Businesses by:
- Creating an expanded definition of personal information for purposes of the Act;
- Creating new data privacy rights for California consumers, including rights to know, access, have deleted and opt out of the sale of their personal information;
- Imposing special rules for the collection of consumer data from minors; and
- Creating a new and potentially severe statutory damages framework for violations of the Act and for businesses that fail to implement reasonable security procedures and practices to prevent data breaches.
Affected companies will have to compile a tally of every company to whom they disclose information about a California customer for business purposes. Retailers, banks, electric companies, or any organization that operate in California will either have to create a separate process for handling the personal data of the state’s residents, who make up about 12% of the U.S. population, or apply the Golden State standards nationwide.
In short, compliance and regulatory concerns abound: Built before a time enamored with lawsuits and corporate oversight, legacy applications were not designed to live up to today’s stringent compliance, regulative and industry initiatives like GDPR, PCI, PSD2, AML, and MiFID II.
Of course, legacy application modernization doesn’t just happen. The best results occur when companies embrace a holistic approach that’s future-oriented and considers enterprise goals. SEEBURGER can be your partner in the journey to digital transformation.
- General Data and Protecation Regulation,GDPR Info, https://gdpr-info.eu/
- What is MIFIID2?, Thomson Reuters, https://mifidii.thomsonreuters.com/en/what-is-mifid-ii.html
- AMLD4/AMLD 4.1 Facts, the Treasury’s Financial Crimes Enforcement Network (FinCEN), https://www.fincen.gov/
Get in contact with us.
We are looking forward to your message.