GRC hot topics
Mirabella Group Launches New Tied-Agent Service in Malta
Mirabella Group, the regulatory hosting arm of ACA Compliance Group, announced that it has enhanced its hosting services in Malta by adding a Tied Agent solution to its existing alternative investment fund manager (AIFM) service. This new solution helps non-European Economic Area (EEA) firms to interact with their EEA clients using MiFID passporting.
MiFID II transaction reporting – Firms are still getting it wrong
Whilst the FCA’s priorities appear, for the time being, to be on understanding the nature and scale of reporting data errors and how they are addressed, failings under MiFID I moved it to take several high-profile enforcement actions. It is imperative that firms get to grips with their MiFID II transaction reporting processes and data quality checks as soon as possible.
- Trade & Transaction
IIA Releases an Exposure Draft To Revise Their Three Lines of Defense Model
On June 17, 2019, The Institute of Internal Auditors (the IIA) released an Exposure Draft (the Draft) on a study being conducted to review and modernize the Three Lines of Defense Model (3LoD). The Draft has been released for public comments from June 20, 2019 and September 19, 2019 and reflects the thoughts and analysis of a working group, chaired by Jenitha John, Vice Chairman of The IIA Global Board of Directors; and Chief Audit Executive, FirstRand Ltd.
- AML and Financial Crime
FinCEN Issues Updated Advisory on Business Email Compromise Fraud
On July 16, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an update to the September 6, 2018 advisory, "Advisory to Financial Institutions on E-mail Compromise Fraud Schemes." The updated advisory indicates a sharp rise in business email compromise (BEC) fraud across financial services and other industries.
FAQs: Brazil’s LGPD Data Privacy Law - What You Need to Know
The Lei Geral de Proteção de Dados (LGPD) is a sweeping data privacy regulation that goes into effect on February 15, 2020. Download our FAQs to find out what you need to know and how the law applies to your company.
UK extending Senior Managers and Certification Regime: What is it and how does it affect US firms?
The Senior Managers and Certification Regime (“SM&CR”) is new set of requirements that will affect all firms regulated by the Financial Conduct Authority in the UK. This includes US firms (and those based elsewhere) who have some presence in the UK. And because SM&CR touches on the way firms are governed, it has potential implications for senior managers and some other staff in such firms including, in some cases, those located in the US parent.
2019 Investment Management Compliance Testing Survey Results
ACA Compliance Group and the Investment Adviser Association release the results from their 2019 Investment Management Compliance Testing Survey. For the sixth year in a row, cybersecurity remains the biggest compliance concern at registered investment adviser firms – with 83 percent of survey respondents identifying cybersecurity as the “hottest” compliance topic and 70 percent indicating that their firms increased compliance testing in this area over the past year.
Regulatory Cyber Alert: Cyber Incidents Reported to the FCA by UK Financial Services Firms Increased by 1,087% in 2018
A recent Freedom of Information request to the UK’s Financial Conduct Authority (FCA) by accounting firm RSM revealed that 819 cyber incidents were reported to the FCA during 2018 – almost a 12-fold
Investment Adviser Standard of Conduct and Form CRS - What You Need to Know (Part 1 of 2)
On June 5, 2019, the SEC released a final comprehensive interpretation of the standard of conduct for investment advisers, which will become immediately effective upon publication in the Federal Register (anticipated July 2019). Here's what you need to know.
Regulatory Cyber Alert: ICO to Fine British Airways £183.39m ($230M) Under GDPR for Data Breach
The UK's ICO plans to fine British Airways £183.39m ($230M) under the General Data Protection Regulation (GDPR) for a breach that occurred in 2018. The proposed penalty represents the largest fine of a company since GDPR came into force.