MiFID II: ESMA guidance on compliance function requirements

ESMA published, on 5 June 2020, new final guidelines on certain aspects of the compliance function requirements under the recast Markets in Financial Instruments Directive (MiFID II)[1]. The new guidelines replace those issued in 2012, and have been updated in accordance with MiFID II requirements - specifically article 16(2) of MiFID II and article 22 of the MiFID II Delegated Regulation[2]. Read more

IOSCO proposes updated Outsourcing Principles as Covid-19 drives operational resilience to the top of the agenda

This post gives a high level summary of the International Organization of Securities Commissions' (IOSCO's) consultation on proposed updates to the 2005 Outsourcing Principles for Market Intermediaries and the 2009 Outsourcing Principles for Markets, and includes a link to our briefing that focuses in more detail on: the scope of application; IOSCO’s definition of outsourcing; intragroup arrangements; concentration risk; and access and audit rights. Read more

COVID-19 Governance: SFC extends deadline for data storage compliance (Hong Kong)

The Hong Kong Securities and Futures Commission (SFC) has extended its deadline for licensed corporations to confirm compliance with its new data storage regulations, due to the COVID-19 outbreak. On 31 March 2020, the SFC granted a six-month extension to the implementation deadline for aspects of its 31 October 2019 circular on the use of external electronic data storage providers (EDSPs) by licensed corporations for the storage of regulatory records (EDSP Circular). Read more

FCA review of outsourcing by life insurers

This post was first published on our Digital TMT and Sourcing Notes blog. On 4 March 2020 the Financial Conduct Authority published a short set of findings from its review of outsourcing in the UK life insurance sector. Despite the review’s narrow scope, the FCA’s findings are readily applicable to other outsourcing contexts, so regulated firms … Read more

Hong Kong data protection reform: what you need to know

On 20 January 2020, the Constitutional and Mainland Affairs Bureau (CMAB) together with the Privacy Commissioner for Personal Data (Privacy Commissioner), published a consultation paper raising important data protection issues and proposing possible amendments to the Personal Data (Privacy) Ordinance (Cap. 486) (PDPO), after having reviewed the existing data protection regime in Hong Kong. These include possibly introducing a mandatory data breach notification mechanism, requiring data users to specify a retention period for personal data collected, raising the sanctioning powers of the Privacy Commissioner as well as potentially making data processors more accountable. Read more