Risk and Compliance Update – 24th December

Risk and Compliance Update – 24th December

In this issue:

Data protection

Financial crime prevention

Cybersecurity & cybercrime

Additional Risk & Compliance updates this week

Brexit coverage over the festive period

Latest Q&A

Risk & Compliance Highlights 2020/2021

LexTalk®Risk & Compliance: a Lexis®PSL community


Data protection

New Brexit transition guidance and guidelines for UK BCRs from the ICO

The Information Commissioner’s Office (ICO) has published new guidance on keeping data flowing from the EU lawfully from 1 January 2021 to help stakeholders prepare for the end of the transition period and beyond.

The ICO has also published new guidance on the use of Binding Corporate Rules (BCRs) following the end of the Brexit transition (or 'implementation') period.

See: LNB News 22/12/2020 142 and LNB News 17/12/2020 151.


ICO publishes Code of Practice on responsible data sharing methods

The ICO has published its Data Sharing Code of Practice, which is designed to advise organisations on responsible data sharing methods. The ICO has also launched a data sharing information hub, to complement the code, which includes case studies and data sharing FAQs and checklists.

See: LNB News 17/12/2020 175.


ICO announces webinar on understanding Age Appropriate Design Code

The ICO has announced it is holding a webinar on 14 January 2021 about the Age Appropriate Design Code, or Children’s Code which is a new code of practice. This code aims to consider the best interests of children in relation to online services. The webinar will discuss the 15 standards, how they can be met, who it applies to and implications of the code for organisations and sectors. In order to answer any questions, members of the ICO’s Children’s Code team will be made available.

See: LNB News 22/12/2020 43.


Processing ‘criminal offence data’

John Gollaglee, partner and David Cook, legal director of the DLA Piper contentious cyber security and data protection team discuss new guidance issued by the ICO on criminal offence data, how the guidance assists in conducting internal investigations into suspected offences, and its practical implications.

See News Analysis: Processing ‘criminal offence data’.


EDPB announces outcome of 43rd Plenary

The European Data Protection Board (EDPB) has announced the outcome of its 43rd Plenary session, which was held on 15 December 2020. Key outcomes include the adoption of the EDPB’s strategy 2021–2023, the establishment of a Support Pool of Experts, a statement and notice on the end of the Brexit transition period and the adoption of guidelines on restrictions of data subject rights. The EDPB also adopted final versions of its guidelines on the interplay between PSD2 and the GDPR and on Articles 46(2)(a) and 46(3)(b) of the GDPR, along with a statement on the protection of personal data processed in relation with the prevention of the use of the financial system for the purposes of money laundering and terrorist financing.

See: LNB News 17/12/2020 33.


EDPB communications on the end of the Brexit transition period

The EDPB has released an information note on data transfers and a separate statement relating to the impact of the end of the Brexit transition (or implementation) period under the EU's General Data Protection Regulation (Regulation (EU) 2016/679 (EU GDPR)).

See: LNB News 17/12/2020 156.


Insight—UK out of time to win EU data-adequacy decision this year

MLex: The UK has run out of time to secure an EU 'adequacy' decision on personal data flows before a year-end deadline, meaning companies will have to rely on other legal mechanisms, MLex has learned.

See News Analysis: Insight—UK out of time to win EU data-adequacy decision this year.


Updated Keeling Schedules for the Data Protection Act 2018 and UK GDPR

The Department for Digital, Culture, Media & Sport has released updated Keeling Schedules showing changes to the UK General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) and Data Protection Act 2018 that would be affected by the Data Protection, Privacy and Electronic Communications (Amendments etc)(EU Exit) Regulations 2019 as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc)(EU Exit) Regulations 2020.

See: LNB News 21/12/2020 52.


Financial crime prevention

HM Treasury publishes UK’s third national risk assessment of money laundering and terrorist financing 2020

HM Treasury has published the UK’s third national risk assessment (NRA) of money laundering and terrorist financing (ML/TF). The NRA sets out the key risks for the UK, how these have changed since the UK’s second NRA was published in 2017, and the action taken since 2017 to address these risks. The detailed findings of the NRA will inform future work to prevent ML/TF.

See: LNB News 17/12/2020 76.


European Commission publishes guidance on EU global human rights sanctions regime

The European Commission has published guidance on the implementation of specific provisions of Council Regulation (EU) 2020/1998 concerning restrictive measures against serious human rights violations and abuses. The guidance seeks to address the questions most likely to arise in the implementation of these new sanctions. It includes information about the scope of the financial restrictions therein and their application. It also explains in detail the responsibilities of those who must comply with the Regulation, covering notions such as ownership and control, and the functioning of derogations.

See: LNB News 18/12/2020 113.


EBA publishes anti money laundering risk assessment methodology

The European Banking Authority (EBA) has published its methodology for carrying out risk assessments as part of its new role to lead, co-ordinate and monitor the fight against money laundering and terrorist financing (ML/TF) in EU Member States.

See: LNB News 17/12/2020 84.


Coronavirus (COVID-19)—FATF updates report on pandemic money laundering risks

The Financial Action Task Force (FATF) has published an update on its report into coronavirus (COVID-19)-related money laundering and terrorist financing risks. The update builds upon the concerns expressed when the report was first published in May, eg the exponential increases in online shopping as a result of repeated lockdowns. The report also sets out how authorities and private sectors should take a risk-based approach based on the FATF standards.

See: LNB News 17/12/2020 164.


FATF publishes updated consolidated assessment ratings table

FATF has published a consolidated assessment ratings table, which provides an overview of the ratings on both effectiveness and technical compliance for all countries evaluated against the 2012 FATF recommendations and using the 2013 Assessment Methodology.

See: LNB News 22/12/2020 116.


The biggest UK corporate crime cases of 2020

The pandemic briefly put criminal trials on hold, but the past year had some big cases that highlighted the need for reform of outdated corporate crime laws, lowered the bar for proving criminal dishonesty and set the scope of new powers to fight the movement of dirty money.

See News Analysis: The biggest UK corporate crime cases of 2020.


Cybersecurity & cybercrime

European Commission proposes directives to improve cybersecurity across EU

The European Commission has adopted a proposal for a revised Directive on security of network and information systems (NIS 2 Directive) in a bid to ‘address the deficiencies’ of the previous Network and Information Systems Directive (the NIS Directive), Directive (EU) 2016/1148, which guided Member States’ regulatory approach to cybersecurity. The NIS 2 Directive is intended to adapt its predecessor to meet current needs and make it future-proof. The Commission has also proposed a Directive to enhance the resilience of critical entities.

See: LNB News 17/12/2020 73.


FCA publishes statement on SolarWinds Orion cyber incident

The Financial Conduct Authority (FCA) has published a statement saying it is aware of an ongoing cyber incident affecting the SolarWinds Orion suite of IT management tools. The National Cyber Security Centre (NCSC) has published guidance to firms to help identify if they may be affected. It includes a list of immediate actions to take if firms are using these tools. The FCA has been asked, along with regulatory bodies across other sectors, to assist the NCSC in promoting this guidance.

See: LNB News 21/12/2020 87.


Additional Risk & Compliance updates this week

Post-transition UK-EU trade in legal services

In this analysis, Jonathan Goldsmith, Law Society Council Member for EU matters, argues, from the point of view of the trade in legal services between the UK and the EU, that the post-Brexit deal or no-deal cliff-hanger does not make much difference.

See News Analysis: Post-transition UK-EU trade in legal services.


Top court rejects challenge to 1st unexplained wealth order

Law360, London: The Supreme Court on 21 December 2020 rejected the final attempt by the wife of an imprisoned Azeri banker to appeal against the UK’s first use of an unexplained wealth order (UWO) that compels her to reveal the source of her multimillion-pound fortune, ruling that her challenge raised no arguable point of law.

See News Analysis: Top court rejects challenge to 1st unexplained wealth order.


Brexit coverage over the festive period

During the festive period, we will be continuing to bring you the latest Brexit news and updates in our daily Practice Area alerts to ensure you don’t miss a thing as we head towards IP completion day.

For guidance on keeping up to date, including details of how to access the latest Brexit news updates and analysis, see: Brexit transition hub.



Latest Q&A

● What is a solicitor’s duty when they suspect an unrepresented person on the other side of a matter has not properly accounted for value added tax in relation to their business?


Risk & Compliance Highlights 2020/2021

This is our final Weekly Highlights for 2020. Our first Weekly Highlights of 2021 will be published on 7 January 2021 and mailed to customers on 8 January 2021. For details on how to keep up to date with the latest news on a daily and weekly basis, including Brexit news over the festive period see: ‘Daily and weekly news alerts’ section.

From all of us in the Risk & Compliance team, we wish you an enjoyable festive period and a happy new year.


LexTalk®Risk & Compliance: a Lexis®PSL community

Collaborate and network with a community of expert lawyers

LexTalk® is an online community forum which gives Lexis®PSL subscribers the opportunity to post questions, hold conversations, participate in discussions and share best practice. It has been designed to provide a secure place for legal professionals to discuss legal developments, offer and receive peer support, and gain a sense of up-to-date market practice and advances in real-time. You can access and post questions on all of the dedicated practice area forums, including a dedicated community for Lexis®PSL Risk & Compliance.

Click here to sign up and meet like-minded community members, create a profile, connect, share, and start participating today! Alternatively, you can access LexTalk® on the key resources tab on your Practice Area home page.

Related Articles:
Latest Articles:
About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.