Month: November 2019

Waymark Tech Named on the Prominent RegTech100 List for the Third Year Running

Waymark Tech, a UK based RegTech and SupTech firm that provides global regulatory insight and analytics to both the private and public sectors, has once again been named in the RegTech100 for 2020. This is RegTech100’s third annual top 100 list in which a panel of analysts and industry experts vote to identify the world’s most innovative regulatory technology companies. Only 21 companies have been named on the list in all three years and Waymark Tech is proud to be one of them. “More than 1,000 companies were identified from within the sector by RegTech Analyst this year, so with more competition than ever, to be named in the top 100 again is excellent and a huge honour,” said Mark Holmes, Founder and CEO of Waymark Tech.

The list identifies the world’s most innovative providers of solutions that address challenges and regulatory issues facing businesses within the financial services sector. Finalists are recognised for their innovative use of technology to solve a significant industry problem, or to generate cost savings, or efficiency improvements across the compliance function. “As a team we have worked meticulously to ensure our offering meets the ever-growing needs of our clients and to make the list for the third year running is testament to the team’s dedication and the success of our technology,” said Mark.

“Even though 51% of RegTech100 companies are based within the UK or US, the spread of RegTech innovation has seen companies from another 23 countries make the list,” said Mariyan Dimitrov, head of research at RegTech Analyst. “Employing RegTech solutions to modernise the compliance function is now mission-critical for financial institutions globally.” Furthermore, the list aims to assist senior management and compliance staff to assess the solutions that have the highest market potential to succeed, those that have a considerable impact on the regulatory technology industry, and those that are providing the most pioneering solutions.

A technology company at heart, Waymark utilises Artificial Intelligence (AI), specifically Natural Language Processing (NLP), to automatically deliver tailored and actionable regulatory content to its end users. This benefits the end user, typically compliance departments, professional service firms and government agencies, in three key ways:

  • Effort to conduct manual monitoring of data sources is reduced from man days to man hours
  • Reassurance that nothing gets missed and work is prioritised and tracked to completion
  • Provides Audit Trail to discharge obligation of NED or senior manager.
A Warning Not to retain Personal Information Longer Than Necessary - Waymark Tech Blog

A Warning Not to retain Personal Information Longer Than Necessary

Eighteen months on from Europe’s General Data Protection Act coming into force, the multi million Euro fines after starting to roll in. After major actions in the UK and France, Germany followed suit with a €14.5 million fine against real estate company, Deutsche Wohnen SE.
The fine in this instance relates to the company’s retention of personal data. In this instance, the Berlin DPA considered that the real estate company had retained personal data longer than necessary and that this amounted to a breach for three reasons.

  • The controller did not have a legal ground for storing this data longer than needed.
  • Article 25 covering data protection by design and default, and integrating safeguards into the processing in order to satisfy the rights of subjects.
  • Article 5 relating to the processing of data.

Deutsche Wohnen was found to have failed to establish a data retention and deletion policy which was compliant with GDPR for the personal data of their tenants. This was made worse by the fact that an audit had revealed problems in 2017 and that a second audit in 2019 revealed the company had still not managed to implement a GDPR compliant process because it still couldn’t demonstrate effective clean up of its storage or legal grounds for holding the data longer than necessary.

What can we learn

The DPA’s decision is not final and Deutsche Wohnen has already said it plans to appeal, but the ruling does offer a number of key lessons…

Europe’s regulators are getting tough: The slow start to GDPR enforcement led many to wonder if regulators were willing to resort to the full extent of their powers. We’ve now seen a number of fines from regulators in the million Euro bracket which suggests they aren’t shying away from large scale fines.

  1. Data retention is a problem: A common theme in fines is the legal basis for retaining data. Firms will need to ensure they have a clear legal justification if they continue to hold data for longer than is absolutely necessary.
  2. Data retention and deletion processes are crucial: All firms must have clear systems to archive and delete data. Deutsche Wohnen could have used one of a number of commercially available systems which allow it to separate data and apply different archiving and deletion rules.

This is also the first action to be taken under the DPA’s new guidelines for GDPR enforcement. These divide all violations into five categories:

Step 1: Companies are filtered based on their size.
Step 2: Average turnover is calculated.
Step 3: Daily rate is calculated by dividing average annual turnover of the undertaking for the previous year by 360.
Step 4: Establishing fine corridors which assess the perceived severity of the offence.
Step 5: Classification of the specific GDPR infringement.

Data protection authorities are all taking their own approaches to enforcement and fine calculation. This adds to the complexity of managing compliance as, although each one refers to the same regulation, authorities may always adopt their own individual stances.

This could become more complicated post Brexit. Although the UK has adopted the GDPR framework and will continue to do so after Brexit, future governments would be free to make changes in the future.

Employee Investigations: Managing Data

Employee Investigations: Managing Data

Much has been written about the importance of managing client data in the era of GDPR. However, many firms may be overlooking a vital issue when it comes to their own internal investigations.

The rules surrounding data privacy have become much more complicated in the last few years. GDPR, plus a number of other international regulations, create fresh regulatory issues some of which firms may not be aware of.

At the same time data is growing in volume and complexity. Keeping a handle on it all is becoming increasingly complex. The use of cloud storage brings issues of cross border data transactions, third party problems and multiple jurisdictions which can be difficult to manage.

Employee consent

Data processing is an extremely wide ranging term under GDPR and, as we’ve written elsewhere, the penalties for getting it wrong can be quite extensive. Employee data must be treated just as carefully as client data, which means people must have given fully informed consent for all the ways in which data will be used. Even when consent has been obtained, it can’t always be relied upon for investigations.

At the same time firms must keep employees informed about what data they store, how it may be shared and with whom. As in all walks of life, employees are increasingly aware of their data rights and may well enforce them during an investigation.

How should you respond?

It’s a difficult tightrope to walk and there’s a fair chance many companies are unwittingly leaving themselves open to non compliance.

So, what lessons can be learned?

First, investigations teams must have a clear idea of the boundaries, what data they can analyse and how it can be used. They should put in place clear policies in place which ensure investigators understand how they can use data, and that only data which is relevant for the purposes of that investigation is used.

When working across multiple jurisdictions it may be necessary to obtain legal advice. GDPR has set the template for other regulators, but each takes their own individual spin on the concept. For example, China’s data privacy regulations, although closely modeled on GDPR, adopts a much looser approach to the idea of consent. Understanding which data belongs in which jurisdiction and making sure all applicable regulations are being complied with, is complicated and challenging.

Consent must be managed.

A firm must have a reasonable basis of holding any data and inform all employees about how their data will be used and their rights. If an investigation is carried out they will need to be handed notices informing them about the way in which their data will be used.

This is extremely important. Individuals have become much more informed about GDPR and how it applies to them, and may use that power as part of any investigation. Authorities are also showing themselves to be increasingly willing to go further in applying the details of GDPR for employees.

Companies should take time to look again at their policies, to ensure they are achieving the same level of compliance for employees as they already have for clients. You can find out more about what’s required in an excellent insight article by Dispute Resolution Lawyer David Harris on our Global Regulatory Database.

Why You Should See Diversity as a Regulatory Issue - Waymark Tech

Why You Should See Diversity as a Regulatory Issue

Fresh data released by the FCA shows suggests the world of finance is still looking pretty male dominated. However, this is more than just an issue of equality, it could also be one of regulation.

The report in general makes for sober reading. Despite a lot of positive noise, senior jobs in finance are as male now as they were 15 years ago. The proportion of women in approved persons roles in the financial sector is 17% which is more or less the same as in 2005.

The picture is far from uniform. Smaller firms, it found, were less likely to have women in top roles than larger organisations. Major firms have seen a significant rise in the number of women in top jobs. Back in 2005 these firms were markedly less gender diverse than the industry average, but in 2019 they appear slightly above the industry average.

The conversation around gender diversity is also changing. Slowly but surely firms are beginning to realise that greater diversity is a benefit to the business rather than an ethical consideration.

Even so, this rise comes from a pretty low base and suggests that all the rhetoric surrounding diversity has not had the impact many might have expected.

A regulatory issue

Diversity is a regulatory issue for firms. Back in 2018 Christopher Woolard, Chief Executive of the FCA, pointed out that a firm’s approach to diversity and inclusion reveals a lot about their culture. Further more, he said, “the way firms handle non-financial misconduct, including allegations of sexual misconduct, is potentially relevant to our assessment of that firm, in the same way that their handling of insider dealing, market manipulation or any other misconduct is.”

In other words, the FCA believes a lack of gender diversity could be an indicator towards poor corporate behaviour.

Investors share this attitude with a move towards gender lens investment which examines a firm’s potential exposure to gender risk. A less diverse firm, one might assume, would be more likely to suffer from poor culture and may be open to a number of regulatory and PR issues which could impact financial return.

How firms should act

The lesson is the diversity is easy to talk about, but not quite as simple to achieve. However, some firms have managed it better than others. For those who have not, the message is clear: they should see this as a regulatory issue rather than just one of morality. Regulators see gender diversity as an important part of establishing the kind of positive culture they have been looking for.

So what can firms do?

The first is to be transparent about how you are performing on diversity. It should be a part of reports as much as other financial data.

The second is to make a clear commitment such as by joining the Treasuries Women in Finance initiative. The FCA’s report demonstrated that those firms which had done so were above the curve in terms of how many women make it into their top teams.

Thirdly it’s a case of education. The world of finance still suffers from a male dominated reputation, headlines such as the President’s Club still give the perception of an environment which is hostile to women. Changing this environment will encourage more women to choose finance and make their way up hierarchies.

There has already been plenty of reports showing the business case for diversity, but what’s becoming clear is that it’s also an issue of compliance. Having more women in top teams is not just about fairness, or about business performance; it’s also about reducing regulatory risk.

Going Green is Now A Regulatory Issue - Waymark Tech Blog

Going Green is Now a Regulatory Issue

This month, commuters in the city have spent much of their time dodging Extinction Rebellion protesters. The real pressure for change, though, is coming from the regulators.

The EU has led the way in developing a cross border framework to encourage a more sustainable financial system. The EU Action Plan for Sustainable Finance includes a taxonomy which would establish a unified classification for what can be considered sustainable activities.

The Commission sees this as the first step towards achieving a sustainable financial system and will follow it with:

  • Disclosures and Duties: Proposed regulation on disclosures for sustainable investment. This will introduce obligations for institutional investors and asset managers to disclose how they will integrate ESG factors into risk processes.
  • Benchmarks: A new category of benchmarks comprising low carbon and positive carbon impact benchmarks to help investors better understand the impact of their investments.
  • Amending regulations: The EU is also consulting on amendments to MiFiDII and the Insurance Distribution Directive to include ESG considerations into the advice that investment firms and insurance distributors provide to their clients.

These reforms aim to foster capital flows towards sustainable investment and to mainstream sustainability into risk management processes. They hope it will lead to better integration of sustainability into ratings, and research and clarify duties for institutional investors and asset managers.

Here in the UK we have the Taskforce for Climate Related Financial Disclosures which has made a series of recommendations encouraging organisations to improve the way in which they report on sustainability issues.

Just this month the FCA signalled that it was beefing up measures to ensure financial organisations are following the recommendations with measures designed to tackle greenwashing. In a statement it promised to consult on new rules to improve disclosures.

They recognise a problem. While the green finance market is growing, it is still relatively young and suffers from a lack of clear definition. This leaves the door open for greenwashing. Definitions of what is considered green varies from investor to investor.

Regulation, therefore, is coming from both international and regional levels. There is a growing recognition that climate reporting contributes to a more resilient financial system both among authorities and individual companies. For financial institutions, an improved stance on sustainability not only improves their corporate image but it can also reduce exposure to numerous climate-related risks.

Many are making changes voluntarily, but those lagging behind should take note. Climate-related regulation is coming, whether they like it or not. There will be more clarification on reporting requirements, green products, and obligations.

Those that have made the move early benefit on multiple levels. They can be seen as positive participants in the battle against climate change, they can access the growing sustainable investment markets and they can reduce compliance risks.

Sustainability is about to become an organisation-wide priority, from the boardroom to compliance teams and the trading floor. Firms can decide to make changes now or be forced to make them later. You can find out more detail about the coming climate-related regulations on our Global Regulatory Database. Link here:

Powered by WordPress & Theme by Anders Norén