GDPR is big boogeyman right now. The General Data Protection Regulation has a compliance deadline rapidly approaching in the EU. It protects the personal data of EU residents. It has extra-territorial implications. Firms need consent for use of the data or a specific business relationship. Data breach notifications have to be made within 72 hours. The terrifying aspect is the enormous fines that can be levied for violations. The deadline is May 25.
One tricky aspect under GDPR is website cookies and tracking data. And what do you do with business cards?
You need to keep logs of collected personal information and arrange for destruction upon request. GDPR has a broader definition of personal information than US laws which are generally limited to a name and account number.
GDPR and the new FinCEN anti-money laundering rules are coming online at the same time. leading firms to ask for new personal information, while also increasing the rules an penalties around have possession of that information.
MiFID II targets securities trading. The big change is having to pay for research costs, separate from paying for securities transactions. There are lots of reporting requirements. There is a requirement for recording phone calls. “Inducements” is one of the items to focus on, such as gifts and entertainment.
Anti-Money laundering rules are keyed around ownership of more than 25% of the fund.
The new Cayman AML law requires an AML officer and a Deputy AML officer. It also proscribes certain procedures.
(This session was subject to the Chatham House Rule so I have not identified the participants and have not attributed any of the statements to anyone.)