Information and cyber security for financial services firms

Copyright © 2025 LexisNexis

This overview is a guide to the Lexis+® UK Financial Services sub-topic Information and cyber security for financial services firms with links to appropriate materials.

General Data Protection Regulation

The General Data Protection Regulation (EU) 2016/679 (EU GDPR) applies to the processing of personal data originating in the EEA.Assimilated Regulation (EU) 2016/679 (UK GDPR) applies in the UK.

For information, see Practice Notes:

  1. Introduction to the EU GDPR and UK GDPR

  2. Financial services firms—legal obligation and legitimate interest under the GDPR—one minute guide

  3. Outsourcing by financial services firms—UK MiFID II Organisational Regulation, FCA Handbook, PRA Rulebook and UK GDPR—checklist

  4. The Data Protection Act 2018

  5. Key definitions under data protection law

  6. Data protection principles

  7. Processing personal data—standard of consent

  8. How to manage consent—personal data

  9. Data portability

  10. UK GDPR and EU GDPR—extra-territorial reach

  11. UK

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Financial Services News

PRA publishes letter on solvency-triggered termination rights in BPA transactions

The Prudential Regulation Authority (PRA) has published a 'Dear Chief Risk Officer' letter by its executive director of insurance supervision, Gareth Truran, to share its view of the potential risks arising from the use of solvency-triggered termination rights clauses (STTRs) in bulk purchase annuity (BPA) transactions and its assessment of how firms are mitigating those risks. The letter follows a thematic review of STTRs, which allow pension scheme counterparties to terminate BPA buy-in arrangements if an insurer’s solvency position falls below a defined threshold. The PRA notes that while these clauses are becoming more common, they may introduce financial and operational risks, particularly in stressed conditions, and could affect firms’ liquidity, asset composition and matching adjustment (MA) portfolios.

FCA announces two individuals sentenced for £1.5m crypto fraud

The Financial Conduct Authority (FCA) has announced that Raymondip Bedi and Patrick Mavanga have been sentenced to a combined 12 years’ imprisonment for their roles in a £1.5m crypto fraud. Between February 2017 and June 2019, the individuals cold-called victims and sold fake investments in crypto consultancy services. At least 65 investors were defrauded, with total losses amounting to £1,541,799. Bedi was sentenced at Southwark Crown Court to five years and four months’ imprisonment, and Mavanga received a sentence of six years and six months. Both had previously pleaded guilty to conspiracy to defraud and conspiracy to breach the general prohibition under the Financial Services and Markets Act 2000. Bedi also admitted to money laundering offences, while Mavanga was additionally convicted of perverting the course of justice. Confiscation proceedings are continuing. The FCA says that it has attempted to contact investors who lost out and has asked any who have not yet been contacted to come forward.

European Commission adopts Delegated Act regarding the use of alternative internal models under the CRR

The European Commission has adopted a Delegated Regulation supplementing Regulation (EU) 575/2013 (Capital Requirements Regulation (CRR)) with regard to regulatory technical standards specifying the conditions for assessing the materiality of extensions of, and changes to, the use of alternative internal models, and changes to the subset of the modellable risk factors. The Delegated Regulation enters into force on the 20th day of its publication in the OJ.

FCA announces two individuals sentenced for £1.5m crypto fraud

The Financial Conduct Authority (FCA) has announced that Raymondip Bedi and Patrick Mavanga have been sentenced to a combined 12 years’ imprisonment for their roles in a £1.5m crypto fraud. Between February 2017 and June 2019, the individuals cold-called victims and sold fake investments in crypto consultancy services. At least 65 investors were defrauded, with total losses amounting to £1,541,799. Bedi was sentenced at Southwark Crown Court to five years and four months’ imprisonment, and Mavanga received a sentence of six years and six months. Both had previously pleaded guilty to conspiracy to defraud and conspiracy to breach the general prohibition under the Financial Services and Markets Act 2000. Bedi also admitted to money laundering offences, while Mavanga was additionally convicted of perverting the course of justice. Confiscation proceedings are continuing. The FCA says that it has attempted to contact investors who lost out and has asked any who have not yet been contacted to come forward.

View Financial Services by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Priority between loss reliefs in loss making companies

Priority between loss reliefs in loss making companiesWhy does it matter?A company that is a member of a group and has incurred any of the types of losses available for surrender by way of group relief may, without any further rules, have more than one way in which to use the loss. There are a

Late payment penalties—inheritance tax

Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of caseA strike out order can be made either following an application by the parties or on the court's own initiative. This Practice Note deals with the scenario of the order being made following a party's application.Making an application

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an
Priority between loss reliefs in loss making companies

Priority between loss reliefs in loss making companies

Priority between loss reliefs in loss making companiesWhy does it matter?A company that is a member of a group and has incurred any of the types of losses available for surrender by way of group relief may, without any further rules, have more than one way in which to use the loss. There are a

Late payment penalties—inheritance tax

Late payment penalties—inheritance tax

Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of caseA strike out order can be made either following an application by the parties or on the court's own initiative. This Practice Note deals with the scenario of the order being made following a party's application.Making an application

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an