Our Works

  • 5th March 2021

Data: When adequacy isn’t an insult

Being told you are ‘adequate’ is hardly warm and fuzzy. But news from the European Commission is that an adequacy decision for the UK on personal data could be coming. We aren’t there yet but this is a good thing. So what is this ‘adequacy’ thing? And what should I do? Notwithstanding the UK having […]

  • 30th December 2020

Data: What the Brexit deal means

What will a Brexit deal mean for me on personal data and GDPR? There’s a short and a long answer to this. So, starting with the short answer. For four months, it doesn’t make much difference but don’t be complacent. The agreement is that essentially, we continue as we are for four months with an […]

  • 18th December 2020

Data, Brexit and the real challenge for 2021

2020 has been a difficult and challenging year for many on so many levels. 2021 brings more challenges. So where should you start on data privacy? Currently we have Brexit, real cyber threats, changing requirements and an increasingly informed and sensitised public. Let’s start with Brexit. By the time you read this we may have […]

  • 29th September 2020

QA and blurring the Lines of Defence – when 3 becomes 1?

You have to be very new to Financial Services and the regulatory regime to not have become acquainted with the concept of the Three/3 Lines of Defence (3LoD).  The 3LoD model for maintaining effective risk and compliance arrangements is something the regulators have been advocating for many years.    And you are probably familiar with Quality Assurance […]

  • 5th July 2020

Compliance: pandemic luxury or necessity?

At the time of writing this blog, the UK is struggling to recover from the Coronavirus pandemic.  It has just been confirmed that the UK economy contracted by an unprecedented 20.4% in the month of April 2020.   The country is anticipating further significant rises in unemployment and a prolonged and difficult journey back towards re-opening large swathes […]

  • 20th June 2020

Planning for the unforeseeable – is Business Continuity Planning dead?

Be honest – when Coronavirus hit, how many of you immediately reached out for your Business Continuity Plan (BCP) for advice and support on how to deal with a pandemic and protect your business?  Anyone?  And if you did, are you now feeling like life expects us to plan for the unforeseeable? Now we will apologise in […]

  • 12th June 2020

Does Coronavirus change regulation? How we can be ready

It’s been a while since our last Think post. And a lot has happened. Working with businesses in multiple sectors on a wide range of issues which were already challenging them, we can see potential further change that the impacts of the Coronavirus can bring to the regulatory and business environment. Here are our thoughts. […]

  • 20th September 2018

Equifax fined £150 mn and $billions to follow – how the story could play

A £150mn fine for Equifax could have been imposed, had their breaches been post May 2018 with the exposure of millions of consumers around the world.  Their £500,000 fine from the UK ICO is dwarfed by what it could have been. It’s small beer for a multinational. But everyone should be paying attention as GDPR […]

  • 31st May 2018

Sizing up the FCA’s Business Plan – Data, Culture, Outsourcing and Innovation

At the end of April 2018, the Financial Conduct Authority (FCA) released its 2018/19 Business Plan. The Business Plan is always the FCA’s Big Indicator of what it intends. But there’s always a risk only the compliance or regulatory affairs function in bigger firms will read it. So, while it may not be a masterclass […]

  • 23rd April 2018

Too small to matter? Too young to comply?

You’re a small or young business. You can’t have the compliance bureaucracy of a big firm? This must be correct but a recent bribery conviction has implications for all small and young firms on the importance of culture and what compliance arrangements they do put in place. At The Compliance Foundation we work with lots […]

  • 12th April 2018

MiFID II: Costs and Charges – 90 days and the spotlight sharpens

It’s over 90 days since MiFID II came into force.  And the FCA’s coming. Arming itself with a new requirement for asset managers to publish annual assessments relating to the costs and value for money of funds, the FCA makes clear in its 2018-19 Business Plan, it will ‘closely monitor’ compliance. Whatever you think of MiFID […]

  • 5th April 2018

Why culture should matter to Tech: why the new could learn from the “old”

  Events around Facebook and Cambridge Analytica have made us revisit what we wrote a year ago. We asked then why no one was talking about the culture of Tech.  Now we ask again, why culture should matter to Tech. Our article then, asked why we weren’t all talking about culture in FinTech, given what […]

  • 12th January 2018

Data management and corporate reputation – not just the what – it’s about the how

In this second article on data management, our key change and strategy associate looks at the shift in public perceptions about corporate reputation and how the requirements of the GDPR offer a unique opportunity to enhance your business and your customer relationships. Many of us are starting 2018 with a clear focus on complying with […]

  • 12th December 2017

Is GDPR the new Y2K? Choosing your expert carefully

This is a question we are hearing more and more people ask. Is GDPR the latest bandwagon on which everyone’s jumping? Our answer is yes and no. No, because Y2K, which was all about supposed IT glitches when the clock turned midnight to start the new millennium turned out to be either illusory or, where […]

  • 12th December 2017

GDPR – the real compliance deal or a load of old guff? Does it look different now?

Back in May 2017, TCF’s article ‘GDPR – hype or reality – a compliance revolution for data protection’ looked at the main features of GDPR and asked if GDPR is a real issue for organisations when approximately 50% of the organisations we were talking to were saying the hype was out of proportion. We thought […]

  • 24th November 2017

Public trust and GDPR – the virtuous circle of good data management

TCF’s key change and strategy associate looks at how personal trust is at the heart of our data expectations of businesses and the opportunities you can grasp in complying with GDPR. As 2017 closes it’s time to consider the roll call of organisations that have disclosed recent or historic data hacks during this year. Trusted […]

  • 29th July 2017

GDPR – are you ready?

Explore more: http://bit.ly/2tRtjN6  

  • 14th July 2017

Organisational Change – Harder than a Hard Thing?

At TCF we spend much of our time working with businesses who need to make changes.  Sometimes they need to change something relatively simple like following a new procedure in relation to data protection or restructuring a compliance team to work more effectively and sometimes they need to change something fundamental like their attitude to […]

  • 25th June 2017

The Practical Compliance Manager – Collected Wisdom for Compliance Managers

You may have already read our previous article – ‘What makes compliance so hard’ and if you have, you will be in no doubt that compliance can indeed be exceedingly challenging given the complex system of regulatory principles and rules that apply. So how, as a compliance manager, do you practically deal with the compliance […]

  • 18th June 2017

RegTech – Looking beyond the hype?

RegTech (the application of new technologies to deliver new solutions for regulatory activities) is now well and truly a thing.   It has its own conferences, its own growing list of celebrated RegTech entrepreneurs and is even acknowledged and supported by the regulators.  Many of the big banks and insurers are already trialling, prototyping and using new RegTech […]

  • 31st May 2017

Extending the SMCR to non banks – friend or foe?

Are you ready for SMR or SMCR as it is also known? Regulatory change never stops. Alongside the countdown to GDPR in 2018, runs the countdown to  SMCR or the Senior Managers and Certification Regime. This will replace the Approved Persons regime in much of financial services regulated by the FCA – or at least […]

  • 26th May 2017

The future of Compliance – computer says ‘no’?

Much has been written lately about the future of compliance, particularly in the light of the potential from Regtech and increased automation. But what does TCF see as the future based on what we see happening in the businesses around us? Compliance has undoubtedly been a growth industry across sectors responding both to the increased […]

  • 23rd May 2017

Cyber Security Meltdown – What are the lessons for Compliance from the latest global attacks?

Unless you have been “off grid” for the last few weeks you will be very aware that this month saw a significant cyber attack on vulnerable organisations around the globe including, in the UK, our very own NHS.   Unsurprisingly many of the more sensationalist of the media and commentators have heralded this event as […]

  • 23rd May 2017

Sandra on GDPR

Watch the video here.

  • 23rd May 2017

GDPR – hype or reality? A compliance revolution for data protection

When it comes to GDPR, what TCF is hearing from our clients and contacts falls into two categories: “Help, GDPR is a huge challenge – what am I going to do about it on top of everything else?” “The GDPR threat is completely out of proportion, I don’t know what the fuss is about.” At […]

  • 20th May 2017

Compliance Led Change – A fresh approach to business process reengineering

Ask most senior business executives what their experience of Compliance is and they’ll probably provide you with what is more or less the following answer – “a necessary but costly imposition”.    No-one tells you that they are strategically using compliance to support their process reengineering and to drive their business change programmes. And yet… […]

  • 26th April 2017

What makes compliance so hard?

Before you read through this article it’s important to set out a few markers.  Firstly if you are on the Board of a business, or a senior leader in a business and you are not finding compliance hard your business is probably not compliant and you might want to start asking some searching questions.   […]

  • 26th April 2017

Culture in FinTechs: why is no-one talking about this?

April 2017 has been a busy month in the world of FinTech. Innovate Finance’s Global Summit brought together a wide range of interests in FinTech. Mark Carney, Governor of the Bank of England, made a major speech on building infrastructure to realise FinTech’s promise and the FCA announced the second cohort that has been accepted […]

  • 21st November 2016

The Top Seven Authorisation Tips for FinTech Entrepreneurs

Whilst the FCA move to meet the demand for authorisation support from the rapidly expanding FinTech community, here are our top seven authorisation tips for FinTech Entrepreneurs

  • 1st September 2016

Is being an Appointed Representative a compliance easy rider?

Why firms looking to undertake regulated business shouldn’t assume becoming an Appointed Representative will mean easy compliance. We discuss why it is not failsafe and can still lead firms into hot water with the FCA

  • 1st September 2016

Post Brexit – Will there be a bonfire of the Regulations?

Why the result of the EU referendum won’t bring regulatory relief for firms

  • 1st August 2016

Culture, compliance and the weather – lessons from meteorology

How firms can get better at predicting outcomes by learning lessons from predictive meteorology

  • 28th June 2016

The challenges of managing FinTech compliance

As FinTechs seek to recruit and retain effective compliance managers, what they can learn from George Clooney and A Perfect Storm

  • 27th June 2016

Legal & professional privilege – a tricky relationship issue

The impact of asserting legal and professional privilege in a regulatory relationship and why it needs careful handling

  • 26th May 2016

Helping Start Ups understand – ‘big boys games, big boys rules’

As banks decline or terminate the accounts of smaller entrepreneurial businesses in order to reduce their risk, what smaller firms can do to reduce their risk profile