Risk and Compliance Update – 23rd October

Risk and Compliance Update – 23rd October

In this issue:

Risk & Compliance forecast

Data protection

Financial crime and sanctions

Cyber security

LexTalk®Risk & Compliance: a Lexis®PSL community


Risk & Compliance forecast

Our new Risk & Compliance forecast (as at 20 October 2020) is now live. This month, we report on issues including (1) regulation of legal services; (2) data protection; and (3) crime prevention. You can rest assured we’re tracking forthcoming regulatory changes so you can plan ahead.

See: Risk & Compliance forecast as at 20 October 2020.


Data protection

New detailed subject access request guidance published by ICO

The Information Commissioner’s Office (ICO) has published detailed guidance on the right of access. The guidance aims to help organisations deal with subject access requests effectively and efficiently. The content of the guidance has been informed by a public consultation, which called on the ICO to provide ‘additional content and examples’ and ‘more support and clarification on some aspects of the law’.

See: LNB News 21/10/2020 57.


ICO fines British Airways £20m for breach of data protection law

The ICO has fined British Airways (BA) £20m for breaching data protection law which affected approximately 429,612 customers and staff. An ICO investigation found that BA failed to protect the personal and financial details of its customers and staff as it processed a significant amount of personal data without implementing the necessary security measures, and was subsequently subject to a cyber attack during 2018 which remained undetected for over two months. The ICO stated that BA should have identified weaknesses in its security system and should have resolved them with the available security measures. The cyber attack is believed to have potentially gained access to names, addresses, payment card numbers, CVV numbers, usernames, passwords and PINs. The £20m fine is a notable step down from the £183.39m fine the ICO initially intended to impose on BA.

See: LNB News 16/10/2020 36 and News Analysis: BA’s long-awaited UK data-breach fine puts spotlight on security of remote-access networks.


EDPB adopts final Guidelines on Data Protection by Design & Default

The European Data Protection Board (EDPB) has adopted a final version of the Guidelines on Data Protection by Design & Default. The guidelines focus on the obligation of data protection by design and by default in Article 25 of Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), and contain guidance on how to effectively implement the data protection principles in Article 5 of the GDPR, integrating comments and feedback received during the public consultation.

See: LNB News 21/10/2020 97.


Financial crime and sanctions

EU sets out Magnitsky Act sanctions regime against human rights abuses

Law360, London: The EU will launch a new sanctions regime targeted at individuals suspected of human rights abuses that will mirror the US Magnitsky Act, the EU Commission announced 19 October 2020.

See News Analysis: EU sets out Magnitsky Act sanctions regime against human rights abuses.


Seven questions for AML task force President Marcus Pleyer

Law360, London: Marcus Pleyer, the new president of the Financial Action Task Force (FATF), talks to Law360 about his priorities, including the risks posed by crypto-assets and the role of artificial intelligence (AI) in enforcement.

See News Analysis: Seven questions for AML task force President Marcus Pleyer.


SFO’s calls for tougher powers are going nowhere fast

MLex: Renewed calls by the Serious Fraud Office (SFO) for greater powers are understandable as it looks for ways to improve its patchy enforcement record, but experience suggests they will not be answered quickly, if at all.

See News Analysis: SFO’s calls for tougher powers are going nowhere fast.


Three years on and still no prosecutions for HMRC’s corporate criminal offence

HMRC’s 2015–2020 business plan pledged to increase the number of criminal investigations and prosecutions into serious and complex tax crime, focusing particularly on wealthy individuals and corporates. The stated aim was to increase prosecutions in this area to 100 a year by 2020. Key to this strategy was the implementation of the corporate criminal offence (CCO) of failure to prevent the facilitation of tax evasion, which came into force on 30 September 2017. David Sleight, partner at Kingsley Napley, examines the possible reasons for the current lack of CCO prosecutions.

See News Analysis: Three years on and still no prosecutions for HMRC’s corporate criminal offence.


Cyber security

ENISA publishes annual Threat Landscape 2020 report amid coronavirus (COVID-19)

The European Union Agency for Cybersecurity (ENISA) has published its 8th annual ENISA Threat Landscape (ETL) 2020 report amid the coronavirus (COVID-19) pandemic. The report outlines and assesses the top cyber threats between January 2019 and April 2020 and highlights the major change from the 2018 threat landscape following the transformation of the digital environment due to coronavirus. Cyber criminals have adapted to take advantage of the pandemic by enhancing their capabilities and targeting groups more effectively. The ETL report highlights several aspects and trends regarding the threat landscape.

See: LNB News 20/10/2020 87.


FSB final report on effective practices for cyber incident response and recovery

The Financial Stability Board (FSB) has published its final report on ‘Effective practices for cyber incident response and recovery’ (CIRR).

See: LNB News 19/10/2020 89.


LexTalk®Risk & Compliance: a Lexis®PSL community

Collaborate and network with a community of expert lawyers

LexTalk® is an online community forum which gives Lexis®PSL subscribers the opportunity to post questions, hold conversations, participate in discussions and share best practice. It has been designed to provide a secure place for legal professionals to discuss legal developments, offer and receive peer support, and gain a sense of up-to-date market practice and advances in real-time. You can access and post questions on all of the dedicated practice area forums, including a dedicated community for Lexis®PSL Risk & Compliance.

Click here to sign up and meet like-minded community members, create a profile, connect, share, and start participating today! Alternatively, you can access LexTalk® on the key resources tab on your Practice Area home page.

Related Articles:
Latest Articles:
About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.