Upcoming developments to be expected at the midpoint of the UK's Economic Crime Plan for 2019-2022 (May 2021)
Almost two years on from the UK’s Economic Crime Plan for 2019-2022, the Government, in partnership with UK Finance, has reported on progress against the plan in the recently published Economic Crime Plan: Statement of Progress.
The buy now, pay later (BNPL) sector enjoys a largely unregulated existence in Australia, sitting outside the scope of the National Credit Code. With increasing pressure from consumer groups and interest in the BNPL sector from international regulators, moves by the Australian Securities and Investments Commission (ASIC) to remind the BNPL sector of the soon to commence design and distribution obligations (DDO) regime may be the first step in strengthening the BNPL regulatory framework.
Focus is on supply chain risk as DFS urges companies to adopt "zero trust" approach and timely address vulnerabilities.
The Federal Trade Commission ("FTC") recently published a blog post recommending best practices to businesses that utilize Artificial Intelligence ("AI") while also warning that improper use of AI may result in FTC enforcement.
DFS fines Insurance Company $3 Million for Unreported Data Breaches and False Compliance Certification (April 2021)
The New York Department of Financial Services (DFS) has fined the National Securities Corporation for failing to notify it of data breaches; the Department's second settlement demonstrates DFS's demand for strict compliance with its cybersecurity regulations.
Operational resilience: UK policy statements set out new requirements for financial institutions (April 2021)
The FCA and PRA have unveiled final rules reflecting new operational resilience obligations, with initial milestones to be reached by March 2022.
The investigation into MAPFRE cyber attack: Spanish Data Protection Agency stresses importance of a diligent response and transparency (April 2021)
Key factors that led to the investigation closing without a fine were the diligent and efficient crisis management and the swift notice to relevant regulators and third parties.
In this write-up from a recent Clifford Chance webinar, we explore the latest trends in US, EU and UK policy on economic sanctions and trade controls, including compliance and enforcement risks and potential changes under the Biden Administration.
Corporate investigations in Hong Kong – upcoming changes, key principles and hot topics (March 2021)
Global Investigations Review (GIR) has published the fifth edition of its practical guide for external and in-house counsel, compliance officers and accounting practitioners. Members of the Clifford Chance global RIFC practice are editors and authored several chapters including the Hong Kong chapter.
APRA accepts rare court enforceable undertaking to improve risk and compliance weaknesses from major insurer (March 2021)
The Australian Prudential Regulation Authority (APRA) has accepted a court enforceable undertaking (CEU) from Allianz Australia Insurance Limited (Allianz), acknowledging "past weaknesses" in Allianz's "risk culture, risk governance, and risk management".
OFSI has issued new guidance on the monetary penalties for breaches of financial sanctions in the UK, which comes into force on 1 April 2021. The amendments highlight some subtle but potentially important changes to enforcement risk which we discuss below in more detail.
Reports indicate that at least 30,000 companies have fallen victim to a hack compromising their Outlook email systems and broader IT networks.
ASIC's 'why not litigate?' strategy alive and well, with multiple new proceedings commenced against major organisations (March 2021)
The Australian Securities and Investments Commission (ASIC) has announced a number of significant enforcement proceedings for breaches of the Corporations Act 2001 (Cth) (Corporations Act) and ASIC Act 2001 (Cth) (ASIC Act), including criminal charges laid against Alliance and AWP, and civil penalty proceedings against NAB, CommSec and AUSIEX, and REST.
The New York State Department of Financial Services ("DFS") has fined a mortgage lender $1.5 million to settle violations of its Cybersecurity Regulations.
Council of Financial Regulators mandates increase in cybersecurity standards and cyber resilience (February 2021)
The Council of Financial Regulators (CFR) calls for Australian Financial Institutions (AFIs) to increase cybersecurity measures by increasing cyber self-defence activities.
Enforcement trends as revealed in the SFC's October – December 2020 quarterly report (February 2021)
On 23 February 2021, the Securities and Futures Commission (SFC) issued its quarterly report for October to December 2020, which keeps its stakeholders and the public informed of its key regulatory work during this period.
Apply within: ASIC requests applications from individuals seeking immunity from serious market misconduct (February 2021)
In a move that may come as a surprise to many, the Australian Securities and Investments Commission (ASIC) has released an immunity policy available to individuals who think they may have contravened certain financial market misconduct provisions in the Corporations Act 2001 (Cth) (Corporations Act).
Latest legislative initiatives in Spain still fail to provide legal framework for internal investigations.
UK Supreme Court rebalances Serious Fraud Office's extra-territorial evidence gathering powers (February 2021)
The SFO has suffered a further setback in its ability to gather evidence held overseas following a ruling by the Supreme Court that its "Section 2" powers do not extend to allowing it to compel the production of documents held outside of the UK by a foreign company.
What you need to know: Major overhaul of breach reporting obligations for Financial Services and Credit Licensees (February 2021)
Australian Financial Services Licensees and, for the first time, Credit Licensees have until October to ensure they can comply with a complex overhaul of breach reporting obligations.
Plug the Leak: Australian Regulator Orders Australian Government Agency to Compensate Victims for Unlawful Personal Information Disclosure (February 2021)
On 10 February 2014, the Australian Department of Home Affairs (DHA) inadvertently published the personal information of 9,258 detainees in immigration detention. A report was subsequently made to the Office of the Australian Information Commissioner (OAIC). On 11 January 2021, the OAIC released its determination, ordering compensation on a categorial loss basis, ranging from AU$0 to in excess of AU$20,000.
Enhanced U.S. Subpoena Authority over Foreign Banks with U.S. Correspondent Accounts: Watershed or Overreach? (February 2021)
Congress passed the Anti-Money Laundering Act of 2020 (the "Act") on January 1, 2021 as part of the National Defense Authorization Act for Fiscal Year 2021. The Act includes, among other significant updates to the Bank Secrecy Act and related U.S. anti-money laundering regimes, new and potentially groundbreaking authority for the U.S. Department of Justice ("DOJ") and the U.S. Department of the Treasury ("Treasury") to subpoena non-U.S. bank records stored outside the U.S., backed by hefty penalties for non-compliance.
Currently, there are no universal regulations on whistleblower protection under Spanish law, but specific laws in various sectors already contain some provisions that are in line with the requirements laid down by the Whistleblower Protection Directive.
In a recent settlement with the FTC, a photo storage application agreed to delete any facial recognition technologies it enhanced using improperly obtained photos.
New Federal District Court Decision Continues Trend of Ordering Disclosure of Cyber Investigation Reports (January 2021)
A law firm was recently ordered to disclose a forensic investigation report prepared following a data breach, despite the report being prepared at the instruction of outside counsel.
On 9 January 2021, the PRC Ministry of Commerce (MofCom) issued its new "blocking statute", known as the Rules on Counteracting Unjustified Extra-territorial Application of Foreign Legislation and Other Measures (Rules), which came into effect on the same date.
Restrictive measures in financial matters have just been reviewed in Luxembourg in order to integrate U.N. and E.U. progress in this area into national legislation.
On January 1, 2021, Congress passed into law the National Defense Authorization Act for Fiscal Year 2021, which includes the Anti-Money Laundering Act of 2020 (the "Act"), the most sweeping anti-money laundering ("AML") legislation since the enactment of the USA PATRIOT Act of 2001.