Out-Law News 1 min. read
13 Dec 2016, 10:49 am
The Financial Markets Law Committee (FMLC) said that the International Organisation of Securities Commissions (IOSCO) should add a side letter or appendix to a multilateral memorandum of understanding (MMoU) it has established to facilitate such data sharing.
The FMLC is a UK body that highlights areas of legal uncertainty in financial services. It was set up by the Bank of England but is entirely independent.
In a new paper containing its recommendations (23-page / 146KB PDF), the FMLC said that it does not believe that a financial regulator based in the EU would "contravene data protection law" by entering into the MMoU, despite criticism of the framework by EU data protection authorities (DPAs).
The DPAs, via the Article 29 Working Party, have written twice to IOSCO in the past two years to express concern with the MMoU. The Working Party said the MMoU does not provide sufficient safeguards to ensure authorities signed up to the framework are compliant with EU data protection laws when sharing personal data with regulators based outside the European Economic Area (EEA), according to the FMLC's paper.
Despite not sharing the same concerns as the Working Party, the FMLC has recommended that IOSCO make some clarifications about the relationship between the MMoU and EU data protection laws.
IOSCO should clarify that regulators asked to disclose information under the MMoU are not required to do so if it would breach data protection legislation, the FMLC said. IOSCO should also clarify that the MMoU "is intended to deal with disclosures in response to specific requests, rather than the on-going bulk transfers made pursuant to standing arrangements between regulators", it said.
In addition, IOSCO should also clarify that it is best practice for regulators to work together to ensure that "any steps required by data protection or other law are taken to protect the disclosed information", it said.