Fintech Horizons - March 2016

Welcome to Burges Salmon's Fintech briefing.

• Safe Harbour 2.0: The EU/US Privacy Shield - In October 2015, we reported on the declaration of invalidity of the EU/US Safe Harbour regime by the Court of Justice for the European Union in the case of Schrems v Data Protection Commissioner. Following the Schrems judgment, the European Commission and US Government have been attempting to agree a replacement for Safe Harbour that complies with European data protection law and, on 2 February, announced the agreement of a new framework for the flow of personal data across the Atlantic, which has been branded the ‘EU/US Privacy Shield’.
• Seeing the wood for the trees: The new General Data Protection Regulation - The EU’s governing bodies recently reached an agreement on the text of the new General Data Protection Regulation (“GDPR”) after months of ongoing trilogue negotiations. The GDPR, which will replace the existing EU Data Protection Directive, must now be formally approved by the EU institutions. This is expected to occur in spring 2016, with its provisions taking effect two years later. As the GDPR is over 200 pages in length, this guide provides a summary of its key provisions, impacts and actions for you to consider.
• Virtual currencies - regulatory creep - We look at how currently unregulated virtual currencies may be drawn within the regulatory perimeter following proposals by the Council of the EU for the Commission to submit targeted amendments to the 4th Anti-Money Laundering Directive and the 2nd Payment Services Directive.
• European Central Bank plans system for bank transfers by email address or phone number - Similar to the UK’s Paym, this would facilitate faster and easier Person-to-Person bank transfers  with consumers exchanging phone numbers and allowing bank account details to remain secret.
• Time to review your whistleblowing policies - As part of the increasing emphasis on accountability in the financial services sector, new whistleblowing rules are due to come into force on 7 September 2016, with the more immediate requirement to appoint a so-called ‘whistleblowing champion’ in force from 7 March 2016. These new rules are compulsory for PRA-regulated firms and major insurers, but we anticipate will need to be taken into account by all firms in the sector. Although by and large these provisions reflect good practice and will already be followed by a number of firms, it is important that your whistleblowing policies and procedures are up to date to ensure that all the provisions of the new rules are covered.
• General Themes from our RegTech Roundtable with the FCA - Following the FCA’s recent Call for Input on supporting the development of RegTech we give a high level overview of some of the key themes which arose from our roundtable discussion with the FCA.

If you would like further information on any of the topics above, please contact a member of the fintech team, or your usual lawyer at Burges Salmon.