ICO and FCA work together


The Information Commissioner’s Office (ICO) and the Financial Conduct Authority (FCA) announced on 18 February 2019 that they had entered into a new Memorandum of Understanding (MoU).

You’ll be relieved to know that this has nothing to do with Brexit, and indeed will stand whether Brexit occurs, and if it does, whether it is “soft” or “hard”.

The MoU sets out in detail how the two regulatory bodies will work together in future.

First, they will share information to assist each other with investigations and to enhance their existing powers by e.g. making the other aware of possible breaches.  Surprisingly the MOU states that in some cases “personal data” will be exchanged but only in accordance with GDPR and Data Protection 2018 principles.  This could be a difficult exercise and it will be interesting to see whether any business which is subject to enforcement action where personal data has been shared will seek to challenge the legality of the action.

Secondly, they will co-operate with, and assist each other, in relation to enforcement proceedings.  The MoU will enable the Commissioner and the FCA to decide who will “take the lead” where proceedings open the door to either initiating them.  This is a sensible and effective deployment of resources.

Collaboration between the two bodies is not new.  Since 2014, the FCA and the Commissioner have had a Memorandum of Understanding in place, laying out their formal relationship and demonstrating their commitment to co-operation and the co-ordination of their activities. They have also carried out consultations with a range of institutions to obtain feedback on proposals and approaches and to help shape their approach to compliance issues and enforcement.

The Commissioner and the FCA have wide ranging investigatory powers and have already demonstrated their effectiveness.  In addition, they will act quickly and robustly to enforce.  So, it is essential that all UK businesses review relevant areas of compliance to ensure that they are fit for purpose, that procedures are in place, and that regular and adequate training is provided.  The first step is to carry out an audit, and we can either do this for you or provide you with guidance to enable you to do it yourself.

Related Posts