Risk & Compliance weekly highlights—22 July 2021

Risk & Compliance weekly highlights—22 July 2021

In this issue:

Risk & Compliance forecast 

Data protection

Financial crime

Coronavirus (COVID-19)

Additional Risk & Compliance updates

UK/EU divergence—have your say

Daily and weekly news alerts

New and updated content



Risk & Compliance forecast

Risk & Compliance forecast as at 20 July 2021

Our new Risk & Compliance forecast (as at 20 July 2021) is now live. This month, we report on issues including (1) modern slavery (2) economic crime; and (3) cybersecurity and cybercrime updates. You can rest assured we’re tracking forthcoming regulatory changes so you can plan ahead.

See News Analysis: Risk & Compliance forecast as at 20 July 2021.


Data protection

ICO blog considers future of accountability framework

The Acting Director of Regulatory Assurance at the Information Commissioner’s Office (ICO), Anulka Clarke, has published a blog post about changes to the accountability framework. The framework is designed to help data protection professionals assess their organisation’s accountability, a key principle in data protection law. The next steps for the framework will include adding case studies and the ICO is looking for best practice examples to include. It will also be running online workshops to consider how the self-assessment tool can be adapted and improved.

See: LNB News 16/07/2021 94.

ICO publishes blog reflecting on data protection in the charity sector

The Chair of the Fundraising Regulator, Lord Toby Harris, and the UK Information Commissioner, Elizabeth Denham, have published a blog reflecting on the past five years of fundraising and data protection regulation in the charity sector. They praised the sector on its commitment to positive change and getting the implementation of the General Data Protection Regulation correct in 2017 as well as its dedication toward good fundraising and data protection practices since then.

See: LNB News 16/07/2021 92.

ICO releases beta version of AI and data protection risk toolkit 

The ICO has introduced a new version of its artificial intelligence (AI) and data protection risk toolkit. The toolkit is designed to help organisations which use AI to ensure that they are processing personal data in accordance with the law.

See: LNB News 20/07/2021 76.

New SCCs for international personal data transfers

William Long, partner, Francesca Blythe, senior associate, and Eleanor Dodding, associate, at Sidley Austin, discuss the European Commission’s implementing decision on Standard Contractual Clauses (SCCs) for the transfer of personal data outside the EEA pursuant to the EU’s Regulation (EU) 2016/679, the General Data Protection Regulation (the EU GDPR). They consider the main differences between these new SCCs and previous SCCs adopted in 2001, 2004 and 2010, how international personal data transfers may be streamlined as a result of the new SCCs and how they address the decision in Schrems II, as well as what challenges remain in place when using the SCCs, what actions organisations should take and implications for UK organisations.

See News Analysis: New SCCs for international personal data transfers.

EDPB announces German investigation into international data transfers

The European Data Protection Board (EDPB) has announced that German data protection supervisory authorities will carry out a nationwide assessment of companies’ compliance with the Regulation (EU) 2016/679, EU GDPR in relation to transfers of personal data outside the EEA. The action follows the Court of Justice’s decision in Schrems II, which invalidated the EU-US Privacy Shield and emphasised the need for a ‘transfer impact assessment’ to be undertaken when using standard contractual clauses, and for supplementary measures to be adopted where necessary.

See: LNB News 15/07/2021 6.

EDPB publishes public consultation on codes of conduct as tools of transfers

The EDPB has published a public consultation on the Guidelines 04/2021 on codes of conduct as tools for transfers. The comments from the public will then be made available on the EDPB website. The consultation is set to end on 1 October 2021.

See: LNB News 15/07/2021 4.


Financial crime

European Commission announces package of AML/CFT proposals

The European Commission has presented a package of legislative proposals to strengthen the EU’s anti-money laundering and counter-terrorist financing (AML/CFT) rules, including a proposal for the creation of a new EU authority to fight money laundering. The aim of the package is to improve the detection of suspicious transactions and activities, and to close loopholes used by criminals to launder illicit proceeds or finance terrorist activities through the financial system.

See: LNB News 21/07/2021 58.

European Commission proposes to make bank account registers available to competent authorities through new single access point

The European Commission has published a proposal for a directive amending Directive (EU) 2019/1153 with regard to access of competent authorities to centralised bank account registries through the single access point. The proposal would provide designated authorities competent for the prevention, detection, investigation or prosecution of criminal offences with the ability to directly access and search centralised bank account registries of other Member States through the bank account registers (BAR) single access point introduced by the proposed new anti-money laundering directive.

See: LNB News 21/07/2021 49

SFO announces two further DPAs have received judicial approval

The Serious Fraud Office (SFO) has announced that it has entered into deferred prosecution agreements (DPAs) with two companies, with a total value of just over £2m in fines and disgorgement. Mrs Justice May approved the DPAs on 19 July 2021.

See: LNB News 20/07/2021 48.

The emerging role of judicial approval and the absence of findings of fact in DPAs (SFO v Amec Foster Wheeler Energy Ltd)

On 1 July 2021, court approval was given to a DPA between the SFO and Amec Foster Wheeler Ltd. Quinton Newcomb, founder and managing partner of commercial crime and investigations practice, FOUR Law & Investigations Ltd, analyses the practical lessons of the judge’s decision, and what this reveals about the types of cases the SFO are likely to consider for DPAs in the future.

See News Analysis: The emerging role of judicial approval and the absence of findings of fact in DPAs (SFO v Amec Foster Wheeler Energy Ltd).


Coronavirus (COVID-19)

Coronavirus (COVID-19)—new guidance issued for working safely during step 4

The government has published new guidance for businesses and self-employed people in various sectors, aimed at helping employers plan business operations from step 4 of the government’s coronavirus (COVID-19) roadmap. The guidance applies to England and should be used to inform operations from 19 July 2021.

See: LNB News 15/07/2021 115.

A brave new world for employers?—living with COVID–19 after Freedom Day (UK)

Following the government’s announcement that ‘Freedom Day’ is due to go ahead as planned, David Whincup, partner at Squire Patton Boggs, discusses the impact on employers of the decision to re-open businesses and end social distancing measures within the workplace from 19 July 2021.

See News Analysis: A brave new world for employers? — living with COVID-19 after Freedom Day (UK).


Additional Risk & Compliance updates

CMA publishes guidance on whistleblowing

The Competition and Markets Authority (CMA) has published guidance on whistleblowing, what it means to be a whistleblower and how to report to the CMA. The CMA has stated that it protects the whistleblower’s identity from the organisation being reported and that information can be provided anonymously, though this means complaints cannot be discussed, making it difficult to take action. Reports can come through the phone, email or via an online form. A member of the CMA will respond to discuss the information provided and the next steps. The CMA may contact the business and remind them of the importance of complying with competition and consumer law protection law, investigate businesses suspecting of breaking the law, conduct studies or further investigation, prosecute those involved, take no further action or suggest that the complainant contact another authority.

See: LNB News 16/07/2021 100.


UK/EU divergence—have your say

Please click here to participate in our Customer Survey—UK/EU Divergence. The aim of the survey is to gather insight into customer needs and preferences for PSL coverage of how UK law diverges from EU law arising from the UK’s departure from the EU. The survey also covers potential for divergence within the devolved administrations of the UK (in areas where EU previously had competence), as well as needs around EU materials going forward. It should take around 20 minutes to complete.


Daily and weekly news alerts

Did you know that you can set up your own personal alerts to let you receive all of our news stories on either a daily or a weekly basis? Go to your ‘News’ tab and amend your personal settings to subscribe to regular updates by clicking on either ‘Email’ or ‘RSS’ (depending on how you prefer to receive them) on the right hand side of the blue banner.


New and updated content

Practice Note: What’s new and what’s changed in 2021—Risk & Compliance contains a summary of substantive changes to our content.
New Practice Note

Risk & Compliance forecast as at 20 July 2021

New Precedent

COVID-19 risk assessment—worked example

Updated Practice Notes

Brexit legislation tracker

Brexit timeline

Coronavirus (COVID-19)—testing and vaccination issues for employers

High-risk third countries tracker



Lexis®PSL Risk & Compliance has a dedicated area on the Key Resources section of the home page that tracks interesting and important cases, legislation, consultations and other key developments in the world of Risk & Compliance. For more information, see: Risk & Compliance forecast as at 20 July 2021.



Related Articles:
Latest Articles:
About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.