FCA: New rules for add-ons
In March the FCA published its consultation on new rules for add-ons…
Published 17 May 2016
The beginning of the month saw the publication of the FCA's 2016/2017 Business Plan. This sets out the FCA's work programme and priorities for the coming year.
Cyber-attacks and technological resilience have been identified as key risks which the FCA needs to respond to. Weaknesses in systems and a lack of expertise may expose firms to the increasing risk of cyber-attacks, posing risks to consumers and markets. The FCA warns that firms need to ensure that they have defences and plans in place to deal with them. Over the coming year, firms should expect the FCA to be asking questions about operational resilience risks and how the firm deals with such risks.
Innovation and technology have been identified as one of seven areas of focus for the FCA in the next twelve months. It is recognised that there must be a balance between supporting innovation that benefits consumers and ensuring they have adequate protection. Planned activities include:
The planned activity around reducing the regulatory burden on RegTech and FinTech follows the FCA's Call for Input on regulatory barriers to innovation in digital and mobile solutions (June 2015). The FCA recently published a feedback statement (FS 16/2). It reports that data storage, privacy and protection emerged as key issues. The FCA has listened to stakeholder's concerns that some of the proposed rules in the GDPR could prevent the development of emerging digital and mobile solutions. The FCA says it will continue to liaise with the ICO on issues related to data privacy and protection.
Finalised guidance on cloud data storage and the use of third-party providers is expected this summer.
In other news, firms who have had their electronic communications accessed by the FCA may be interested in the frequent recommendations published by the Interception of Communications Commissioner's Office (IOCCO) this month. The IOCCO is responsible for keeping under review the interception of communications and the acquisition and disclosure of communications data by intelligence agencies, police forces and other public authorities, including the FCA. The IOCCO identifies when the Regulation of Investigatory Powers Act 2000 (RIPA) (which regulates the manner in which certain public bodies may conduct surveillance and access a person's electronic communications) is not used as expected. It undertakes a revolving programme of inspection visits to all relevant public authorities who are authorised to acquire communications data under RIPA. The primary objective of an IOCCO inspection is to ensure that all acquisition of communications data has been carried out lawfully and in accordance with the Human Rights Act, RIPA and its associated Code of Practice.
To read the FCA Business Plan Click Here
To read the feedback statement by the FCA on reducing the regulatory burden on RegTech and FinTech Click Here
To see the frequent recommendations published by the IOCCO Click Here