Risk and Compliance Update – 20th November

Risk and Compliance Update – 20th November

In this issue:

Risk & Compliance forecast

Data protection

Financial crime prevention

Business & human rights

Additional Risk & Compliance updates this week

Latest Q&A

LexTalk®Risk & Compliance: a Lexis®PSL community


Risk & Compliance forecast

Our new Risk & Compliance forecast as at 17 November 2020 is now live. This month, we report on issues including (1) AML & CTF; (2) data protection; and (3) crime prevention. You can rest assured we’re tracking forthcoming regulatory changes so you can plan ahead.


Data protection

ICO statement on new EDPB recommendations on international transfers published

The Information Commissioner’s Office (ICO) has issued a statement in response to new recommendations from the European Data Protection Board (EDPB) on international transfers of personal data following the Court of Justice's decision in Schrems II, Case C-311/18 (see LNB News 11/11/2020 75). The ICO says it is reviewing the recommendations published by the EDPB. See: LNB News 16/11/2020 24.

In the meantime, we’ve updated all the tools and guidance in our International transfers of personal data subtopic to reflect the EDPB recommendations.


EU Commission publishes draft SCCs for transfers of personal data outside the EU

The European Commission has published a draft decision and associated draft standard contractual clauses (SCCs) to facilitate international transfers of personal data under the GDPR. The SCCs are also designed to meet the requirements of general minimum terms that must be incorporated into all contracts between controllers and processors or between processors and sub-processors. The Commission is seeking feedback on the drafts until 10 December 2020 (midnight Brussels time).

See: LNB News 13/11/2020 10.


Data protection and data flows—updated Brexit transition guidance from DCMS

The Departments for Digital, Culture, Media & Sport (DCMS) and Business, Energy & Industrial Strategy (BEIS), along with the Office for Civil Society (OCS) and the ICO have published updated guidance on data protection and data flows to help stakeholders prepare for the end of the transition period.

See: LNB News 16/11/2020 108.


ICO tightens approach to data protection enforcement during pandemic

The ICO is allowing organisations less latitude for pandemic-related reasons, in relation to their compliance with data protection rules, judging by updates to two of the ICO’s guidance documents.

See News Analysis: ICO tightens approach to data protection enforcement during pandemic.


Court of Justice rules on consent under data protection law (Orange România SA v ANSPDCP)

The Court of Justice has given a further ruling on the requirements for valid consent under the GDPR. The court concluded it is for the controller to demonstrate the data subject had consented as required and had been given the required information beforehand in an appropriate form. The court also ruled that a consent box ticked by a sales representative in a contract ultimately signed by the data subject was not sufficient to show consent. Consent might also be challenged if the terms of the contract were unclear as to whether it was possible to conclude the contract without consent or where additional steps (such as filling in a further form) were required from those who refused their consent.

See News Analysis: Court of Justice rules on consent under data protection law (Orange România SA v Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)).


Financial crime prevention

UK’s sanctions regime requires unique compliance efforts

Law360: The UK’s transition out of the EU will end on 31 December 2020 and the UK’s sanctions regime will then come into effect. The domestic sanctions regime will transpose the restrictions currently imposed by the EU sanctions regime. Satindar Dogra, partner, Mikhail Vishnyakov, managing associate and Irene Obahiagbon, associate at Linklaters LLP discuss the UK’s future sanctions regime.

See News Analysis: UK’s sanctions regime requires unique compliance efforts.


FATF Executive Secretary delivers speech at V20 summit

The Financial Action Task Force (FATF) has published the opening remarks of FATF Executive Secretary, David Lewis, at the V20 summit. Since the last V20 meeting in 2019, Lewis commented that ‘the sector has continued to grow, evolve and edge closer to mainstream adoption’ with understanding of the importance of anti-money laundering and counter terrorist financing controls increasing. Lewis highlighted that 25 out of 39 FATF members have introduced new laws and regulations to implement FATF global Standards and industries have developed technological solutions to enable compliance.

See: LNB News 17/11/2020 78.


Gambling Commission publishes revisions to two pieces of guidance and advice

The Gambling Commission has published revisions to the fifth edition of its guidance for non-remote and remote casino operators on the prevention of money laundering and combating terrorist financing, and the fourth edition of its advice to all other operators on duties under the Proceeds of Crime Act 2002 (POCA 2002). The updated versions come into effect immediately.

See: LNB News 16/11/2020 81.


NCSC publishes white paper on security benefits gained from good cloud service

The National Cyber Security Centre (NCSC) has released a white paper that describes the security benefits to be gained from adopting a good cloud service, many of which have proved difficult to achieve in traditional IT deployments.

See: LNB News 16/11/2020 50.


Business & human rights

WBA finds number of companies flouting human rights principles ‘concerning’

The World Benchmarking Alliance (WBA) has published the findings of the fourth edition of its Corporate Human Rights Benchmark (CHRB). The CHRB assessed 230 global companies on their human rights disclosures. Nearly half of the companies assessed did not demonstrate that they are conducting human rights due diligence in line with the UN Guiding Principles on Business and Human Rights. 79 companies scored zero on all human rights due diligence indicators. Camille Le Pors, CHRB Lead at WBA, commented that the number of companies that have made little or no progress in the last 12 months was ‘concerningly large’.

See: LNB News 17/11/2020 72.


Additional Risk & Compliance updates this week

Are you getting complacent with compliance?

After months of many solicitors working from home, it’s easy to get comfortable. But with complacency comes the risk of non-compliance with your regulatory obligations. Jessica Clay, senior associate at Kingsley Napley LLP, provides a refresher on your duties, the risks involved in remote working, and how you can stay compliant.

See News Analysis: Are you getting complacent with compliance?

Latest Q&A

• How should I deal with a data subject access request received through a third party online portal?


LexTalk®Risk & Compliance: a Lexis®PSL community

Collaborate and network with a community of expert lawyers

LexTalk® is an online community forum which gives Lexis®PSL subscribers the opportunity to post questions, hold conversations, participate in discussions and share best practice. It has been designed to provide a secure place for legal professionals to discuss legal developments, offer and receive peer support, and gain a sense of up-to-date market practice and advances in real-time. You can access and post questions on all of the dedicated practice area forums, including a dedicated community for Lexis®PSL Risk & Compliance.

Click here to sign up and meet like-minded community members, create a profile, connect, share, and start participating today! Alternatively, you can access LexTalk® on the key resources tab on your Practice Area home page.

Related Articles:
Latest Articles:
About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.