Cloud service providers looking to capitalise on increased demand from the financial sector need to be aware of the risks and issues that come with the territory. Providers need to be sensitive to the specific needs of financial sector customers in order to build successful relationships with this diverse and often sophisticated user base. The regulatory landscape in the jurisdictions where the customer operates is a key consideration. Cloud service providers seeking to serve the…
Background On 18 July 2023, the Information Commissioner’s Office (“ICO”) and Financial Conduct Authority (“FCA”) issued a joint statement in response to queries from some firms regarding whether UK data protection laws prevented sending communications to customers about better savings rates. In the joint letter, the ICO and FCA confirmed that data protection and direct marketing laws do not prevent organisations from sending such “regulatory communications”. Summary The joint letter reiterates the ICO’s existing direct…
Last month, the European Supervisory Authorities (ESAs) launched a consultation package on the first batch of certain draft regulatory technical standards (RTS) and draft implementing technical standards (ITS) on certain aspects of the EU’s Digital Operational Resilience Act, DORA. You can find more detail in our alert here. The draft technical standards cover: the risk management framework that financial institutions (FIs) are required to introduce classification of ICT related incidents, and the test for classifying…
In Brief On March 15, 2023, the US Securities Exchange Commission (“SEC”) proposed amendments to Regulation S-P (“Reg S-P”). If adopted, the amendments would introduce new data security and governance requirements for broker-dealers, investment companies, and investment advisers registered with the SEC. Background When the SEC first promulgated Regulation S-P in 2000, the goal was to ensure that covered entities establish adequate safeguards to protect customer information. The existing version consists essentially of two cornerstone…
As predicted in our Connect on Tech discussion in March, the U.S. Securities and Exchange Commission (“SEC”) is ramping up its examination and enforcement focus on cybersecurity at financial institutions, including scrutiny on actual implementation and deployment of published procedures in response to discovery of cyber breach incidents. Furthermore, the SEC appears to signal its expectation that multi-factor authentication (“MFA”) for email accounts containing sensitive client and customer information should be in place. Email Account…
Baker McKenzie is pleased to announce that the Blockchain and Cryptocurrency in Africa report is now available. This guide summarizes the latest and key developments taking place in 22 selected African jurisdictions in respect of blockchain and cryptocurrency, focusing on the regulatory approaches up until the end of 2018. This guide also provides a comparative assessment of the stance adopted by such regulators, with a view to providing a better understanding of the opportunities and…
In January 2019, the U.S. Department of Justice published an opinion declaring that the agency interprets the federal Wire Act, which prohibits certain types of betting businesses in the U.S., to apply to gambling activities outside of sporting events and contests. This essentially reverses the Department of Justice’s opinion in 2011 that the Wire Act only applies to sports gambling. Therefore, businesses involved in interstate gambling activities of any type, such as lotteries and casino…
Pursuant to the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019 (the Prescription Order), which came into force on 15 January 2019, digital currencies and digital tokens which are not issued or guaranteed by any government body or central bank, and fulfils other specific features, are prescribed as securities.The implications of treating digital currencies and digital tokens as securities are significant as the Malaysian Capital Markets and Services Act…
Two recent decisions issued by an Italian Court of First Instance and, subsequently, by the Court of Appeal intervene in the debate around the qualification of cryptocurrencies as an asset or money that may be validly injected into a limited liability company’ s capital.Both decisions refer to the same question: can a company accept cryptocurrencies as a contribution in kind to the company’ s corporate capital? Both courts answered in the negative, however on different…
Given the increasing reliance of Financial Institutions (FIs) on technology and online systems and the increasing threat of cyber attacks, it is timely that the Bank Negara Malaysia (BNM) issued, on 4 September 2018, a set of minimum standards on technology risk and cybersecurity management by FIs in Malaysia – the Risk Management in Technology policy document (RMiT). The RMiT has been issued as an exposure draft which it is intended will come into force on…