According to FinTechReguLab principal, Peter Smith, one of Brexit’s thorniest issues is data. Here he offers his insights on the implications of the UK’s departure from the European Union for data management and financial services regulation as well as offering his thoughts on the rise of the security token offering.
There is a key concern here. At its plenary meeting on February 13, 2019, in Brussels, the European Data Protection Board (“EDPB”) adopted an Information Note on Data Transfers under GDPR in the event of a no deal Brexit and an Information Note on BCRs for Companies Which have the ICO (Information Commissioner) as BCR Lead Supervisory Authority.
The Information Note on Data Transfers reiterates the need for organisations to implement data transfer mechanisms if they wish to continue transferring personal data from the European Economic Area (“EEA”) to the UK following Brexit. As matters stand, the UK is due to leave the EU at 11pm GMT on March 29, 2019. No transition deal has yet been agreed upon, leaving looming the prospect of a “no-deal Brexit.”
The EDPB’s Information Note on Data Transfers lists the following steps that organisations should take to prepare for a no-deal Brexit:
- identify the processing activities that involve a personal data transfer from the EEA to the UK
- determine the appropriate data transfer mechanism (e.g., standard contractual clauses, binding corporate rules (“BCRs”), derogations)
- implement the transfer mechanism before March 30, 2019
- ensure internal documentation states that transfers will be made to the UK and
- update privacy notices to inform individuals that transfers will be made to the UK.
The Information Note on Data Transfers also mentions the UK government’s approach to transfers, which is to recognise existing EEA countries as offering adequate data protection from the point at which the UK leaves the EU. Any formal discussion of the UK’s adequacy, in contrast, will not take place until after the UK has left the EU.
If Brexit can be viewed as a closing doors then to what extent is financial technology going to keep them open?
Not sure I view Brexit as a closing door. The UK Fintech & Financial Services industry has been consistent about what it needs in the short term from government to secure its future.
First, we want markets to continue to operate smoothly, without disruption. As we get closer to March 29 the need for clarity is becoming ever more urgent.
Secondly, we want market access for both the UK and the EU that has more depth and certainty than the existing equivalence regime. This will require the right regulatory oversight to ensure we have close cooperation between regulators, central banks and authorities. Any new arrangements should be as robust as the EU regime that we have helped build as members. But we must also have the flexibility to ensure our regulatory system reflects the unique aspects of the UK economy and the global opportunities ahead.
Thirdly, we require continued access to the international talent and expertise that is so fundamental to the continued success of our industry and the UK’s position as an international financial centre.
We know that expanding our domestic talent pool is a particular focus for The Treasury. Industry is supporting The Treasury on The Financial Services Skills Taskforce and aim to help build the long-term pipeline of talent we need to remain globally competitive. Over 1 in 4 employees in banking and finance in London are non-UK citizens, with the majority filling UK skills shortages.
Finally, the development of new and deeper trading and regulatory relationships with countries across the globe will play a key role in driving future growth. This has just been reinforced with the announcement of GFIN –Global Financial Innovation Network bringing 29 jurisdictions together on standardising regulations and the prospect of a Global Sandbox.
All our current Fintech developments frictionless payment, compliance, data management, regtech etc will underpin this.
