Featured Pathways

More pathways

Banking Essentials - Part I

This pathway will walk us through the basics of banks, starting with some of the different types and their main functions, then starting to look at the regulation faced by the banks, both before and after the Global Financial Crisis.

Greenwashing

Greenwashing is the act of distributing false information about something being more environmentally friendly than it actually is.

More pathways

Book a demo

Pricing

Ready to get started?

Plans & Membership

Our Platform

Expert led content

+1,000 expert presented, on-demand video modules

Learning analytics

Keep track of learning progress with our comprehensive data

Interactive learning

Engage with our video hotspots and knowledge check-ins

Testing & certification

Gain CPD / CPE credits and professional certification

Managed learning

Build, scale and manage your organisation’s learning

Integrations

Connect Finance Unlocked to your current platform

Featured Content

More featured content

Tackling the Cost of Living Crisis

In this video, Max discusses the cost-of-living crisis currently enveloping the UK. He examines its impact on households as well as the overall economy.

CSR and Sustainability in Financial Services

In the first video of this two-part video series, Elisa introduces us to sustainability. She begins by looking at the difference between sustainability and corporate social responsibility, two terms that can be easily confused.

More featured content

Book a demo

Pricing

Ready to get started?

Featured Pathways

More pathways

Banking Essentials - Part I

This pathway will walk us through the basics of banks, starting with some of the different types and their main functions, then starting to look at the regulation faced by the banks, both before and after the Global Financial Crisis.

Greenwashing

Greenwashing is the act of distributing false information about something being more environmentally friendly than it actually is.

More pathways

Book a demo

Pricing

Ready to get started?

Plans & Membership

Our Platform

Expert led content

+1,000 expert presented, on-demand video modules

Learning analytics

Keep track of learning progress with our comprehensive data

Interactive learning

Engage with our video hotspots and knowledge check-ins

Testing & certification

Gain CPD / CPE credits and professional certification

Managed learning

Build, scale and manage your organisation’s learning

Integrations

Connect Finance Unlocked to your current platform

Featured Content

More featured content

Tackling the Cost of Living Crisis

In this video, Max discusses the cost-of-living crisis currently enveloping the UK. He examines its impact on households as well as the overall economy.

CSR and Sustainability in Financial Services

In the first video of this two-part video series, Elisa introduces us to sustainability. She begins by looking at the difference between sustainability and corporate social responsibility, two terms that can be easily confused.

More featured content

Book a demo

Pricing

Ready to get started?

Book a demo

Pricing

Ready to get started?

Regulatory Considerations relating to Personal Data

Regulatory Considerations relating to Personal Data

Jake Ghanty

20 years: Financial technology law

In this video of the series, Jake covers the role of regulators in relation to data. He explains the responsibilities of the Financial Conduct Authority (FCA), the relevant EBA Guidelines and the significance of data in relation to Open Banking and Payment Services Regulations (PSRs).

In this video of the series, Jake covers the role of regulators in relation to data. He explains the responsibilities of the Financial Conduct Authority (FCA), the relevant EBA Guidelines and the significance of data in relation to Open Banking and Payment Services Regulations (PSRs).

Subscribe to watch

Access this and all of the content on our platform by signing up for a 14-day free trial.

Regulatory Considerations relating to Personal Data

9 mins 23 secs

Overview

This essentially covers the role of financial regulators in relation to data. In the FCA handbook and under the EBA guidelines, there are a wide range of principles and requirements that ensure firms effectively manage, use and secure the use of customer data.

Key learning objectives:

  • Understand the relevance of the FCA principles in relation to data

  • Understand the key record-keeping and other practical requirements in relation to data

  • Outline the significance of data in relation to Open Banking and PSRs

Subscribe to watch

Access this and all of the content on our platform by signing up for a 14-day free trial.

Summary

Are the FCA and the PRA data regulators?

The FCA and the PRA are not data protection regulators in the same way as the UK Information Commissioner, whose remit is the protection of personal data. The FCA and PRA have a much broader remit. The FCA focuses on particular issues in relation to data.

Does the FCA keep information shared with it confidential?

Under section 348 of the Financial Services and Markets Act 2000, the FCA is under a duty, subject to certain exceptions, not to disclose confidential information shared with it.

What is the relevance of the FCA principles in relation to data?

  • Principle 2 - Requires firms to conduct their business with due skill, care and diligence. As regards data, this requires firms, for example, to deal with data in a way that keeps it secure
  • Principle 3 - Requires firms to take reasonable care to organise and control their affairs responsibly and effectively, with adequate risk management systems. This ensures firms have systems and controls in place to minimise the loss of data
  • Principle 11 - The FCA has reminded firms of the need to make a notification under Principle 11 of its principles for business, which covers the duty to be open and cooperative with the regulators where firms have been subject to a material cyber incident

Why should firms be concerned about the FCA principles?

The FCA’s principles, although high-level in nature, are in fact rules. This means that where the FCA finds a firm to have breached its principles, it can bring disciplinary action.

What are the key record-keeping and other practical requirements in relation to data?

  • Requirements include making and retaining adequate records of all services and transactions and keeping them in an orderly way to enable effective monitoring of compliance by the FCA
  • SYSC 4.1.1R requires firms to have robust governance arrangements, including effective systems and controls and safeguarding arrangements for information processing systems.

What specific safeguards must firms have in place?

  • Sound security mechanisms
  • Maintain confidentiality of data at all times
  • Guarantee the security and authentication of the means of transfer of information
  • Minimise the risk of data corruption and unauthorised access
  • Prevent information leaking

What are the relevant EBA guidelines that specifically address data?

  1. Firms should define data and system security requirements within the outsourcing agreement and monitor compliance with these requirements on an ongoing basis
  2. Firms should ensure that the outsourcing agreement includes the obligation that the service provider protects confidential, personal or otherwise sensitive information and complies with all legal requirements regarding the protection of data that apply to the firm

What is the significance of data in relation to Open Banking and PSRs?

  1. Open Banking
    • A quasi-regulatory or competition law initiative that essentially requires major banks to allow third party processors (TTPs) to access customer bank transaction data to provide innovative types of payment service. TTPs, with the customer’s consent, can pull data from their payment accounts and present that information to the customer or to another person in accordance with the customers instructions.
  2. PSRs
    • An example of how PSRs govern use of data is contained in regulation 97. A payment service provider must not access, process or retain any personal data for the provision of payment services by it, unless it has explicit consistent of the payment service user to do so.

What is an example of a breach in regulation resulting in FCA involvement?

There have been a number of high profile regulatory decisions. For example:

  • Cyber attackers exploited deficiencies in Tesco Bank’s design of its debit card, its financial crime controls and in its Financial Crime Operations team to carry out an attack. This netted the cyber attackers £2.26 million.
  • The FCA found that Tesco Bank had breached Principle 2 as it failed to exercise due skill, care and diligence to the design and distribution of its debit card, configure specific authentication and fraud detection rules, or to take appropriate action to prevent the risk of fraud.
  • The Nationwide Building Society case related to the theft of an employee’s laptop containing customer information.

Subscribe to watch

Access this and all of the content on our platform by signing up for a 14-day free trial.

Jake Ghanty

Jake Ghanty

Jake is a partner at Kemp Little where he heads the Financial Regulation practice, which is part of the Commercial Technology department. Jake's focus is on helping clients navigate the requirements of UK and European regulators.

There are no available videos from "Jake Ghanty"