Jersey and Guernsey-based financial services firms and financial advisers that hold too much personal information about their clients could face massive fines or be sued by their customers from next year, compliance experts have warned.
In May 2018, the EU’s General Data Protection Regulation (GDPR), which aims to strengthen data protection for EU citizens, is due to come into force. Under the new rules firms face fines of up to €20m euros (or four per cent of their worldwide turnover), if they breach the regulations, according to compliance consultants Comsure, speaking in an interview in The Jersey Evening Post.
From May 2108, all organisations – from multinational companies to charities – will need to ensure that the personal data they store is secure, not held for “longer than necessary” and is not excessive to their business requirements.
Personal information held on social media will also be more strictly protected and individuals will have greater rights to access their personal data and will have the right to know if it is being held by a company.
Social media fines?
Mathew Beale and Marc Allenet of compliance consultants Comsure said in an interview with The JEP that the GDPR ruling – which will apply to Jersey – could mean that common practices like looking up the personal details of finance clients or viewing a potential employees’ personal details on Facebook could even become illegal.
Beale said that the new regime could also conflict with other regulations such as those that have been implemented by the Jersey Financial Services Commission, which requires finance firms to carry out strict background checks on their clients as part of its anti-money-laundering rules.
“In financial services the case has been the more information you hold about your clients the better,” said Beale. “But with GDPR it will be the opposite – it’s the case that the less personal information you hold the better.
“And you could in future find yourself in trouble for looking up someone on Facebook or LinkedIn, if they find your digital footprint on their profile.”
Beale said that it was yet to be determined in what circumstances Jersey’s finance laws or GDPR would be in conflict with each other and which would take precedence. In specific cases some parts of the Jersey law has “not been written yet”, he said.
The additional scrutiny of data will cause concern for financial services companies and advisers, many of which complain that they are already over-burdened by regulation as things stand.
“It might take a few cases before we know where we are exactly,” Beale told The JEP.
“There are three areas of law where you can fall foul – regulations, criminal law and civil cases. For financial services, civil cases are a particular issue because they have very wealthy clients. If you are going to sue someone, you need money and a lot of the people that finance deal with, do.”
Data hosting protection
Marc Allenet, who works with Beale at Comsure added: “There are data hosting services which can help protect people from GDPR but it won’t protect them entirely.’
He added, however, that GDPR could be an opportunity for Jersey to sell tself as a well-regulated jurisdiction, if it is well-prepared in advance.
Furthermore, Jersey’s financial advisers have also been warned separately, that they could also face heavy fines in future if they are found to be carrying out inappropriate market conduct, according to local reports.
(…continued on page 2)
The Jersey Financial Services Commission (JFSC) presented its 2016 annual report to Jersey officials last week, JFSC director general John Harris, said: “An observation is that these penalty powers are somewhat limited, given they are only available against firms and not individuals. The JFSC intends to consult further with the government on this point over the coming year to consider what might work best in Jersey.”
Overall, the JFSC last year commenced 86 new enforcement cases, up from 76 in 2015, and issued 99 formal notices and 11 public statements, of which five specifically restricted individuals from working in the finance industry.
There were 25 calls to the whistle-blowing hotline (up from 21 in 2015), of which ten led to active investigations.
The JFSC says that although financial penalties were introduced in 2015 as an additional sanction, no such penalties have as yet been imposed.
As reported, last year also saw the preparatory work for the launch of the JFSC’s first public awareness campaign into mis-selling, following a new case involving inappropriate investment products.
Harris added: “In the wake of low interest rates over a sustained period, we have seen instances where Islanders have literally parted with all of their savings without fully understanding the risks.
“The catastrophic consequences for individual investors underline the need for Islanders to make informed choices and take responsibility for their own decisions.”