The Information Commissioner’s Office
(“the Commissioner”) and the Financial Conduct Authority
(“the FCA”) announced on 18 February 2019 that they had entered into a new Memorandum of Understanding
You’ll be relieved to know that this has nothing to do with Brexit, and indeed will stand whether Brexit occurs, and if it does, whether it is “soft” or “hard”.
The MoU sets out in detail how the two regulatory bodies will work together in future.
First, they will share information to assist each other with investigations and to enhance their existing powers by e.g. making the other aware of possible breaches. Surprisingly the MOU states that in some cases “personal data” will be exchanged but only in accordance with GDPR and Data Protection 2018 principles. This could be a difficult exercise and it will be interesting to see whether any business which is subject to enforcement action where personal data has been shared will seek to challenge the legality of the action.
Secondly, they will co-operate with, and assist each other, in relation to enforcement proceedings. The MoU will enable the Commissioner and the FCA to decide who will “take the lead” where proceedings open the door to either initiating them. This is a sensible and effective deployment of resources.
Collaboration between the two bodies is not new. Since 2014, the FCA and the Commissioner have had a Memorandum of Understanding in place, laying out their formal relationship and demonstrating their commitment to co-operation and the co-ordination of their activities. They have also carried out consultations with a range of institutions to obtain feedback on proposals and approaches and to help shape their approach to compliance issues and enforcement.
The latest MoU is welcome because it sets out the Commissioner’s and the FCA’s current attitude to a range of regulatory and enforcement scenarios.
For example, see paragraph 31:
“The parties will liaise closely to ensure that their separate awareness activities are complementary. Where appropriate, both regulators will share communication and publication plans to facilitate joined up messages and effective resource planning.”
Also, paragraph 33:
“The parties may refer a matter for action if the other body is considered more appropriate to deal with the matter.”
The Commissioner and the FCA have agreed to appoint a person (referred to in the MoU as a “key person”) to “monitor collaboration to ensure that the MoU remains effective and fit for purpose.” They [the “key persons”] will also “seek to identify any difficulties in the working relationship” …
“The Commissioner and the FCA will monitor the operation of this MoU and will review it biennially.” (paragraph 45).
The Commissioner and the FCA have wide ranging investigatory powers and have already demonstrated their effectiveness. In addition, they will act quickly and robustly to enforce. So, it is essential that all UK businesses review relevant areas of compliance to ensure that they are fit for purpose, that procedures are in place, and that regular and adequate training is provided. The first step is to carry out an audit, and we can either do this for you or provide you with guidance to enable you to do it yourself.
© Perfect Solutions Oxford Ltd. 2019