UK businesses, particularly in financial services, are on the brink of enormous regulatory changes that expose them to serious risks, and it has nothing to do with Brexit.
The General Data Protection Regulation (GDPR) and the Senior Manager and Certification Regime (SMCR) impose far more certain and wide-reaching challenges.
No More Token Fines
Had GDPR been in force during the data breach at Tesco Bank for example, their fine could have been €1.9 billion. Gone are the token fines of older data protection legislation. GDPR will require businesses to audit, document and monitor almost all aspects of their operations and to transform a large number of processes to comply with new obligations.
Headaches are multiplied by the ruling of the European Court of Justice against the “safe harbour” arrangement with the US. Attempts to patch up a replacement are likely to fail and even small British firms using American based cloud solutions, hosting companies, Skype and Dropbox could be in breach of both old and new data protection laws.
Some of the SMCR came into force in March, with a deadline for full compliance by 2018. It imposes new codes of conduct and requires ongoing vetting and monitoring of staff in all financial service related businesses. FCA and PRA regulated firms have to demonstrate full monitoring and re-certify.
Regulations are extensive and any firm that hasn’t started to prepare is courting significant risks.
To meet these challenges, businesses need five things; granular end-to-end awareness of how their business functions and how it must change, an impact assessment, procedures for monitoring future compliance, and a means to demonstrate these things to inspectors.
Clearsight’s business mapping expertise can solve these problems for you, making all critical flows visible, and developing and implementing an action plan.
Time is running out. In subsequent blogs, we’ll describe the challenges and solutions of GDPR and SMCR in more detail.
Compliance is an opportunity! A thorough analysis of your processes and technology will engage your workforce and bring them together to reveal new and better ways to collaborate to do business better.