Our Works

  • 5th March 2021

Data: When adequacy isn’t an insult

Being told you are ‘adequate’ is hardly warm and fuzzy. But news from the European Commission is that an adequacy decision for the UK on personal data could be coming. We aren’t there yet but this is a good thing. So what is this ‘adequacy’ thing? And what should I do? Notwithstanding the UK having […]

  • 30th December 2020

Data: What the Brexit deal means

What will a Brexit deal mean for me on personal data and GDPR? There’s a short and a long answer to this. So, starting with the short answer. For four months, it doesn’t make much difference but don’t be complacent. The agreement is that essentially, we continue as we are for four months with an […]

  • 18th December 2020

Data, Brexit and the real challenge for 2021

2020 has been a difficult and challenging year for many on so many levels. 2021 brings more challenges. So where should you start on data privacy? Currently we have Brexit, real cyber threats, changing requirements and an increasingly informed and sensitised public. Let’s start with Brexit. By the time you read this we may have […]

  • 29th September 2020

QA and blurring the Lines of Defence – when 3 becomes 1?

You have to be very new to Financial Services and the regulatory regime to not have become acquainted with the concept of the Three/3 Lines of Defence (3LoD).  The 3LoD model for maintaining effective risk and compliance arrangements is something the regulators have been advocating for many years.    And you are probably familiar with Quality Assurance […]

  • 5th July 2020

Compliance: pandemic luxury or necessity?

At the time of writing this blog, the UK is struggling to recover from the Coronavirus pandemic.  It has just been confirmed that the UK economy contracted by an unprecedented 20.4% in the month of April 2020.   The country is anticipating further significant rises in unemployment and a prolonged and difficult journey back towards re-opening large swathes […]

  • 20th June 2020

Planning for the unforeseeable – is Business Continuity Planning dead?

Be honest – when Coronavirus hit, how many of you immediately reached out for your Business Continuity Plan (BCP) for advice and support on how to deal with a pandemic and protect your business?  Anyone?  And if you did, are you now feeling like life expects us to plan for the unforeseeable? Now we will apologise in […]

  • 12th June 2020

Does Coronavirus change regulation? How we can be ready

It’s been a while since our last Think post. And a lot has happened. Working with businesses in multiple sectors on a wide range of issues which were already challenging them, we can see potential further change that the impacts of the Coronavirus can bring to the regulatory and business environment. Here are our thoughts. […]

  • 20th September 2018

Equifax fined £150 mn and $billions to follow – how the story could play

A £150mn fine for Equifax could have been imposed, had their breaches been post May 2018 with the exposure of millions of consumers around the world.  Their £500,000 fine from the UK ICO is dwarfed by what it could have been. It’s small beer for a multinational. But everyone should be paying attention as GDPR […]

  • 31st May 2018

Sizing up the FCA’s Business Plan – Data, Culture, Outsourcing and Innovation

At the end of April 2018, the Financial Conduct Authority (FCA) released its 2018/19 Business Plan. The Business Plan is always the FCA’s Big Indicator of what it intends. But there’s always a risk only the compliance or regulatory affairs function in bigger firms will read it. So, while it may not be a masterclass […]

  • 23rd April 2018

Too small to matter? Too young to comply?

You’re a small or young business. You can’t have the compliance bureaucracy of a big firm? This must be correct but a recent bribery conviction has implications for all small and young firms on the importance of culture and what compliance arrangements they do put in place. At The Compliance Foundation we work with lots […]

  • 12th April 2018

MiFID II: Costs and Charges – 90 days and the spotlight sharpens

It’s over 90 days since MiFID II came into force.  And the FCA’s coming. Arming itself with a new requirement for asset managers to publish annual assessments relating to the costs and value for money of funds, the FCA makes clear in its 2018-19 Business Plan, it will ‘closely monitor’ compliance. Whatever you think of MiFID […]

  • 5th April 2018

Why culture should matter to Tech: why the new could learn from the “old”

  Events around Facebook and Cambridge Analytica have made us revisit what we wrote a year ago. We asked then why no one was talking about the culture of Tech.  Now we ask again, why culture should matter to Tech. Our article then, asked why we weren’t all talking about culture in FinTech, given what […]