Aggregated News From Investment Management Regulators

FCA warns firms to be responsible when handling client data

Report/Flag

Please complete the required fields.



The current economic climate is changing the way many firms operate and may cause some to leave the market or merge with other firms. When this happens, firms must make sure they lawfully process and transfer client data.

What firms need to consider

Principles in the FCA Handbook require firms to organise and control their affairs responsibly and effectively, with adequate risk management systems (Principle 3). Before transferring clients’ personal data, firms should consider whether this is fair to and in the interests of their clients (Principle 6). Firms should also pay due regard to the information needs of their clients and communicate with them clearly and fairly (Principle 7).

Data protection legislation and the Information Commissioner’s Office

Data protection legislation applies to data controllers such as firms, compliance consultants, insolvency practitioners and liquidators. The Information Commissioner’s Office (ICO) is responsible for regulating, and enforcing, information and privacy rights in the UK. Relevant legislation includes:

  • Data Protection Act 2018 (DPA)
  • General Data Protection Regulation (EU) 2016/679 (GDPR)
  • Privacy and Electronic Communications Regulations (EC Directive) 2003 (PECR)

How firms must protect client data

GDPR requires firms to provide information to clients clearly setting out ‘privacy information’, which includes the purposes for which they are collecting or processing client data, and individuals’ rights when their data is processed. Further detail on information that must be given when client data is collected, usually when taking on new clients, is available at the ICO Right to be informed page.

Firms should generally ensure they maintain a record of how and why they process, share and retain personal data. The ICO provides guidance on documentation and guidance on records management and security expectations.

Firms should also record the lawful basis for processing data.  If they are processing data based on consent, they should maintain an effective audit trail of how and when consent was given. The ICO provides guidance on obtaining, recording and managing consent and guidance for small organisations.

How we protect consumer interests

We will act where we identify breaches of relevant parts of the FCA Handbook. Firms that intend to transfer or receive personal client data must be able to demonstrate how they have considered the fair treatment of consumers and how their actions comply with data protection and privacy laws.

The impact of Brexit

GDPR currently has direct effect in the UK. At the end of the Brexit transition period the GDPR provisions will form part of retained EU law, with amendments made by DP exit regulations under the European Union (Withdrawal) Act 2018. The DPA 2018 and PECR will continue to apply, alongside the GDPR. There will be some amendments to ensure they work in a UK-only context. The ICO produced guidance on data protection for the end of the transition period which is regularly updated.

Source link

Regulator Information

Regulator Name: Financial Conduct Authority
Abbreviation: FCA
Jurisdiction: United Kingdom

Recent Articles

McCarter Capital Partners

We believe this firm may be providing financial services or products in the UK without our authorisation. Find out why you should be wary...

TorexFX/42 Marketing Limited (clone of FCA authorised firm)

Fraudsters are using the details of firms we authorise to try to convince people that they work for a genuine, authorised firm. Find out...

Federal Reserve Board issues enforcement action with Texico Bancshares Corporation and Texico State Bank

Please enable JavaScript if it is disabled in your browser or access the information through the links provided below.

eagle advisory services

We believe this firm may be providing financial services or products in the UK without our authorisation. Find out why you should be wary...

BAM Bundesweites Anlagenmanagement UG (haftungsbeschränkt), Hamburg/Berlin: information from BaFin with regard to the winding up of unauthorised deposit business

After reviewing the situation, BaFin has made the following arrangements to ensure that the purported “blocked accounts” (Sperrkonten) are wound up in an orderly manner. I.

Get the latest from Regulatory.News in your inbox!

×