You are here: Home - News -

FCA: GDPR requirements are ‘not incompatible’ with handbook

  • 09/02/2018
  • 0
FCA: GDPR requirements are ‘not incompatible’ with handbook
The Financial Conduct Authority (FCA) has been quizzed by firms about their ability to comply with incoming General Data Protection Regulation (GDPR) and FCA rules – but the regulator believes the requirements align with its core requirements.

However, the FCA added that it was listening to industry concerns about the rules which have yet to be finalised despite coming in to force on 25 May.

The regulator also highlighted that responsibility for GDPR was a compulsory board level concern for member firms.

GDPR is the latest stage in data protection regulations, updating the Data Protection Act.

In a joint statement with the Information Commissioner’s Office (ICO), which will be overseeing the implementation of GDPR, the FCA added that it too would be supervising how the financial services industry enacted the rules.

In the statement, the FCA noted that complying with some of its rules required financial services firms to process personal data.

“Firms have asked us about their ability to comply with both the GDPR and rules made by the FCA,” it said.

“We believe the GDPR does not impose requirements which are incompatible with the rules in the FCA Handbook.

“Indeed, there are a number of requirements that are common to the GDPR and the financial regulatory regime detailed in the Handbook.”


TCF compatible

The FCA noted that GDPR was aligned with the principles of Treating Customers Fairly and that senior management needed to be accountable.

“Compliance with GDPR is now a board level responsibility and firms must be able to produce evidence to demonstrate the steps that they have taken to comply,” it continued.

“The requirement to treat customers fairly is also central to both data protection law and the current financial services regulatory framework.”

It added that oversight would come from both the ICO and FCA: “While the ICO will regulate the GDPR, complying with the GDPR requirements is also something the FCA will consider under their rules, for example, the requirements in the Senior Management Arrangements, Systems and Controls (SYSC) module.

“As part of their obligations under SYSC, firms should establish, maintain and improve appropriate technology and cyber resilience systems and controls.”


Listening to industry concerns

However, there was an acknowledgement that the final rules have yet to be published and the regulator was working with the ICO and open to listening to industry concerns.

“We recognise that there are still ongoing discussions to ensure specific details of the GDPR can be implemented consistently within the wider regulatory landscape,” it said.

“The FCA and ICO are working closely together in preparation for the GDPR, and recently jointly hosted a GDPR Roundtable with firms and industry bodies to listen to industry concerns.”

The FCA and ICO added that they were reviewing the current Memorandum of Understanding in place outlining their co-operation and co-ordination to ensure it is still fit to address future collaboration.

There are 0 Comment(s)

You may also be interested in