The Information Commissioner’s Office (ICO) and the Financial Conduct Authority (FCA) released their Memorandum of Understanding (MoU) laying out their relationship concerning exchanges of information related to potential failures of systems and controls vis-à-vis data security and investigations.
The MoU derives from the FCA’s focus on enforcement of data protection and cyber security issues and follows the ICO and FCAs’ joint update on GDPR in February 2018, the FCA’s July 2018 discussion paper with the Prudential Regulation Authority (PRA) and the Bank of England in relation to operational resilience, in addition to the FCA’s £16.4m fine imposed on Tesco for failures relating to a 2016 cyberattack.
The MoU provisions regular communication between the ICO and FCA to discuss issues concerning FCA-authorised firms, certified individuals and approved persons and consult on any issues with significant implications for both organisations.
The MoU sets out that information which may be shared includes:
- Concerning investigations or action taken against a firm or person
- Regarding fraud, criminal or other activity which might cast doubt on the fitness or propriety of a party interest
- Indications there may be a failure of a firm’s regulated activities
The ICO and FCA will monitor the operation of the MoU and review it biennially.
To read more, please follow this link:
Contact us here
Please Note: This publication is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to. Readers should take legal advice before applying the information contained in this publication to specific issues or transactions