On February 8, the UK Financial Conduct Authority (FCA) and the UK Information Commissioner’s Office (ICO) published a joint statement on the EU General Data Protection Regulation (GDPR).

GDPR will go into effect in the UK on May 25. The GDPR is designed to strengthen the rules governing data protection across the European Union and will be regulated and enforced in the UK by the ICO, as part of its continuing mandate for the responsibility of data protection regulation.
Continue Reading

On January 8, the Financial Industry Regulatory Authority (FINRA) released its annual Regulatory and Examination Priority Letter detailing various issues that will be the subject of particular regulatory focus and scrutiny this year. Many of the areas noted are carry-overs from previous years, including the protection of senior investors and other retail customers, new product suitability reviews, and enhanced scrutiny of high-risk brokers. However, the letter also reflects various new issues that have caught FINRA’s attention and will require increased attention by FINRA member firms.
Continue Reading

On December 6, the Financial Industry Regulatory Authority (FINRA) released a summary of findings from its examinations of broker-dealers (Summary Report). As part of FINRA’s mission of investor protection and market integrity, FINRA conducts regular examinations of its broker-dealer members, with each broker-dealer being examined at least once every four years. FINRA prepares a report—which is only available to the examined FINRA member—based upon the examination findings, and the members are required to address issues identified in this report.
Continue Reading

On December 6, Her Majesty’s Treasury published a report setting out the UK government’s renewed long-term investment management strategy. This follows the announcement by the UK Chancellor of the Exchequer, Philip Hammond, in his Autumn 2017 Budget on November 22, that the government would be publishing its new strategy to “ensure that the UK asset management industry continues to thrive and deliver the best outcomes for investors and the UK economy.”
Continue Reading

The Commodity Futures Trading Commission’s LabCFTC has issued a primer on cryptocurrencies and distributed ledger technology. The primer is the first in a series that is intended to provide the public with educational information on financial technology innovation.

In the primer, LabCFTC highlights various risks inherent in cryptocurrencies, including operational risks, cybersecurity risks, speculative risks

On August 7, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert summarizing observations of its second round of cybersecurity focused examinations (Cybersecurity 2 Initiative) to assess financial services firms’ practices and legal and compliance issues related to cybersecurity preparedness. The Cybersecurity 2 Initiative is built upon OCIE’s

On May 13, the day after the start of the widespread “WannaCry” ransomware cyber-attack, the UK Financial Conduct Authority (FCA) published a statement on the cyber-attack. The statement advised firms to review guidance issued by the National Cyber Security Centre. If firms were affected by the attack, it advised them to contact Action Fraud and

On May 17, the Securities and Exchange Commission Office of Compliance Inspections and Examinations (OCIE), issued a Risk Alert in response to the widespread ransomware attack known as WannaCry, WCry, or Wanna Decryptor that started on May 12. The attack infected computers and servers of various organizations in more than 100 countries. The Risk Alert encourages broker-dealers and investment management firms (collectively, “Firms”) to review the May 12 alert published by the US Department of Homeland Security’s Computer Emergency Readiness Team and evaluate whether applicable patches for their operating systems are properly and timely installed.
Continue Reading

On September 8, the Commodity Futures Trading Commission approved amendments to its rules relating to system safeguards for derivatives clearing organizations, designated contract markets, swap execution facilities and swap data repositories (collectively, registered entities). The rules clarify existing obligations and enhance cybersecurity testing requirements.
Continue Reading