OpinionNov 14 2017

Why you need to comply with data protection rules

twitter-iconfacebook-iconlinkedin-iconmail-iconprint-icon
Search supported by
Why you need to comply with data protection rules
comment-speech

For some in the financial advice sector, any extra regulations may seem like an unnecessary extra responsibility that has been added to their already busy schedule

It is understandable that some in the profession may believe that there is no need for extra rules regarding data protection.

But while it may seem tempting to simply go about the work without paying any extra attention to what is being asked, not following the regulations brings its own set of risks.

This is true of the EU General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018. It is more extensive than the existing Data Protection Act.

Breaching it will carry fines of up to 4 per cent of global turnover or €20m (£17.9m) – whichever is the greater – not to mention the associated damage to an adviser’s reputation and business interests.

The cost of updating systems and software to ensure complete security would be minimal in comparison. It must also be remembered that financial advisers are regulated by the Financial Conduct Authority, which will show little leniency if there is evidence of regulations being flouted.

Financial advisers have to be aware of every aspect of the responsibilities placed on them and take action to make sure they comply with them.

Just as importantly, any failure to observe and follow the regulations could be severely damaging if a criminal investigation is ever opened into their activities. 

For example, if the police or other agency begin an investigation into, for example, fraud or money laundering that leads them to a financial adviser, that person will face some difficult questions if they have not followed the regulations. It may be the adviser is an innocent pawn who has been unwittingly involved in the money laundering or fraud.

But being able to prove innocence will be especially difficult if he has failed to follow the regulations imposed on his profession; especially if that failure is then shown to be a reason why the crime could be committed.

Regulations, however onerous they may seem, are introduced for a reason. Financial advisers have to be aware of every aspect of the responsibilities placed on them under GDPR and take action to make sure they comply.

As we know all too well, failure to meet regulatory obligations can prove costly. 

We are in an era where the authorities are keener than ever to crack down on financial crime. Cases that may have resulted in a civil law resolution a few years ago are now being treated as criminal matters.

Anyone failing to comply with the GDPR is likely to attract the attention of the authorities. At that stage, the issue is one of damage limitation.

Anyone in such a situation will need appropriate legal advice from experts: experts who can rebut prosecution claims of negligence or even dishonesty by proving that the person acted appropriately and took all possible precautions and has a professional history of integrity and honesty.

This, however, will be more difficult to achieve if regulations have not been followed.

Financial advisers are in a position of responsibility. They must act carefully and take care to act responsibly. That means complying with every aspect of every regulation placed upon them and making sure their software and systems are updated appropriately.

Aziz Rahman is senior partner at Rahman Ravelli