SlideShare a Scribd company logo

05 standards and general purpose regulations - impact on finance

I
innov-acts-ltd

Impact of Standards and General Purpose Regulations in the Finance Sector

Economy & Finance
1 of 22
Download to read offline
1H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY INNOV-ACTS, Limited H2020 FINSEC Project The FINSEC project is co-funded from the European Union’s Horizon 2020 programme under grant Agreement No 786727 Standards and General Purpose Regulations: Impact on Financial Technologies 15/11/2019
2H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Objectives ▪ Learn about the ISO/IEC standards applicable to the financial sector ▪ Understand their impact for information technologies ▪ Explore general purpose regulations and their relevance to the financial sector ▪ Identify their impact on financial technologies Goal Standards General purpose regulations
3H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Standards
4H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY List of standards and directives to be addressed ▪ ISO/IEC 27000 standards’ family ▪ ISO/IEC 27015:2012 ▪ Directive on security of network and information systems (NIS Directive)
5H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY ISO/IEC 27000 standards’ family  Issued by ▪ Provide best practice recommendations on information security management: management of information risks through information security controls ▪ Describes the fundamentals on information technology with respect to security techniques and information security management systems ▪ Provides additional support to the financial industry to set up an appropriate information security management system for the provisioning of their financial services *Note: The adoption of the standard is not universal in the finance and banking sector, although the compliance of financial organisations is recommended ▪ International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)  Focus  Objective
6H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY  Value added ▪ International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) ▪ Sector-specific guidance for the financial sector: ▪ information security of assets ▪ information processing in order to support the information security of processed information ▪ Requirements relevant to financial security  ISO 27000 series  Impact on financial technologies ISO/IEC 27000 standards’ family
7H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY ▪ specific requirements for maintaining the security of the organization’s information and information processing facilities that are accessed, processed, communicated to, or managed by external parties ▪ need to secure perimeters including walls, card controlled entry gates or manned reception desks ▪ maintain the security of information and software exchanged within an organization and with any external entity ▪ exposure to vulnerabilities is evaluated, and appropriate measures taken to address the associated risk ▪ information security events weaknesses associated with information systems are communicated such in a timely manner to allow for corrective action External parties Exchange of information Secure areas ISO 27000 – Requirements (selected) ISO/IEC 27000 standards’ family Evaluate vulnerabilities Reporting
8H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY ISO/IEC 27015:2012  Issued by ▪ ISO/IEC 27015:2012 Information technology - Security techniques – Information security management guidelines for financial services ▪ Technical report ▪ Supplement of the ISO/IEC 27000 family of International Standards for organizations providing financial services ▪ Guidance contained in this technical report extends information security controls defined in ISO/IEC 27002:2005 - Information security management and controls ▪ International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)  Objective
9H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Directive on security of network and information systems (NIS Directive)  Content  Geographical area ▪ EU-wide ▪ Boost cyber-security in the EU ▪ Legal measures to boost cyber-security in the EU ▪ Requires Operators of Essential Services (OESs) to implement appropriate and proportionate security measures to achieve the outcomes set out by the NIS principles and notify the relevant national authorities of serious incidents and events ▪ EU-wide legislation on cyber-security  Focus  Objective
10H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY  Scope ▪ Financial services and financial market infrastructure providers (including trading venues and central counterparties) are considered as “Operators of Essential Services” (OES) ▪ OES have to take appropriate and proportionate technical and organizational measures to manage the risks posed to the security of their networks and information systems ▪ Prevent and minimize the impact of cyber incidents ▪ Serious incidents need to be notified to the relevant national authority (i.e. Computer Security Incident Response Teams) that each EU country will need to set up *Note: Responsibility on the essential services providers: e.g., if a financial services company has outsourced the cloud computing services to a third party, the delegating entity still holds the main responsibility of any cyber attack data breach. Directive on security of network and information systems (NIS Directive)
11H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY  Impact on banking and financial services ▪ Notification about incidents in the banking sector is indicated to be specified by member states: ▪ Requirements for notification of incidents are part of normal supervisory practice in the financial sector Directive on security of network and information systems (NIS Directive)
12H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY General purpose regulations
13H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY List of general purpose regulations and standards ▪ EU Privacy Rules – GDPR ▪ e-Privacy ▪ eIDAS
14H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY General Data Protection Regulation (GDPR)  Content  Geographical area ▪ Europe-wide ▪ To empower EU citizens by making them aware of the kind of data held by institutions and the rights of the individual to protect their personal information ▪ Provides additional control to EU residents on over how their personal information is accessed, communicated and stored ▪ Failure to comply incurs significant penalties for institutions, this will be discretionary and, depending on the nature of the breach,  2% - 4% of worldwide revenue, max 20m Characteristics ▪ Designed in order to adapt the existing data protection legislation with respect to the way in which data is currently being used in the digital setting Details  Objective  Focus
15H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY General Data Protection Regulation (GDPR)  Scope ▪ Standardises data privacy laws and mechanisms across industries, regardless of the nature or type of operations -> financial institutions are affected ▪ Financial organizations collect large amounts of customer data which are used in a variety of processes and activities ▪ Institutions need to demonstrate the integrity and validity of their customer’s consent with respect to how their data is shared and used ▪ Processes involving customer data is exposed to different people, at different stages -> GDPR applied in any of the processes that requires the handling of any type of customer data ▪ Inform customers on how they plan to process and use the data. Additionally, each institution needs to appoint a Data Protection Officer (DPO) Characteristics Details  Impact on banking and financial services
16H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY ▪ Awareness of customers about personal data stored by financial institutions ▪ Any data that can be used to identify an individual (and any data related to pseudoanonymization) ▪ Individuals can request access to, or the removal of, their own personal data from financial institutions ▪ Financial institutions may keep some data to ensure compliance with other regulations, but in all other circumstances where there is no valid justification, the individual’s right to be forgotten applies ▪ Wide deployment of outsourcing services -> firms need to ensure that personal client data is not accessible to external vendors, thus significantly increasing the data’s net exposure ▪ Non-EU organisations that collaborate with EU banks or serving EU citizens, to ensure vigilance while sharing data across borders Data subject consent Minimizing chances of breach Data portability GDPR & relevance to financial services Vendor management Reporting
17H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY ▪ Controllers should embed privacy features and functionalities into products, systems from the time that are first designed ▪ Appropriate measures can be appliedon collected data, pseudonymisation techniques and improved encryption ▪ Data must also be pseudonymised into artificial identifiers to ensure the data access stays within the realms of the ‘need-to- know’ obligations ▪ Carry out an impact assessment (Privacy Impact Assessment - PIA) for organizations that perform data processing that may involve a high risk for the rights and freedoms of natural persons. The origin, nature, particularity and severity of such risk must be assessed Privacy by design Pseudoanonymization GDPR & relevance to financial services Impact assessment
18H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY ▪ Responsible individual is identified as the Data Protection Officer within each organization (required for org. >250 empl.) ▪ Duties relevant to monitoring the implementation and application of internal policies, coordinating audits, supervising the execution of the impact evaluation, point of contact for the supervisory authority etc. ▪ Financial services may use of biometrics, such as for example fingerprints and eye scans to identify their customers ▪ Required to take the necessary technical and organisational measures to prevent this special data from being exposed, as a consequence their systems being poorly managed Data Protection Officers (DPO) GDPR & relevance to financial services Biometrics
19H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY e-Privacy  Content  Geographical area ▪ Europe-wide ▪ Respect for private life and protection of personal data in electronic communications ▪ Protection of fundamental rights and freedoms of natural and legal persons with respect to the use of electronic communications services ▪ Free movement of electronic communications data and electronic communications services within the EU Includes data to trace and identify the source and destination of a communication ▪ Relevant to any metadata from electronic communications e.g., time/date of a call Characteristics ▪ Particularise and complement the GDPR by identifying certain rules for the rights of natural and legal persons on electronic communication Details  Objective  Focus
20H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY e-Privacy  Impact on financial technologies Characteristics ▪ All electronic communications exchanged in the financial sector are subject to stricter requirements, especially in the case that they contain personal or confidential data ▪ Additional security requirements for the transmission of personal and confidential data through electronic means ▪ Including email communication, fund transfers, information exchanges related to regulations such as AEI (Automatic Exchange of Information), FATCA (Foreign Account Tax Compliance Act) or MiFID (Markets in Financial Instruments Directive) ▪ Enhanced requirements in applications developed (such as web-banking or mobile banking apps) where data such as transaction details are stored by the user ▪ Internal screenings of e-mails and other electronic files will require the prior consent of the user Details
21H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY eIDAS  Content  Geographical area ▪ Europe-wide ▪ To provide certainty on the legal validity of all these services, businesses and citizens that will use the digital interactions as their natural way of interaction ▪ Ensure that individuals and businesses can use their own national electronic identification schemes (eIDs) to access public services in other EU member states ▪ Create a European internal market for eTS - namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication - by ensuring that they will work across borders and have the same legal status as traditional means Characteristics ▪ EU regulation on a set of standards for electronic identification and trust services for electronic transactions in the European Single Market Details  Objective  Focus
22H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY eIDAS  Impact on financial technologies ▪ Legal effects for qualified electronic signatures, seals, certificates for electronic seals, timestamps and documents, as well as e-signature and e-seal creation devices ▪ Legal framework for e-registered delivery services and website authentication services ▪ Basis for eID schemes notified under the regulation in one member state to be recognised in one another ▪ Security of personal data and breach notification requirements for all trust service providers ▪ Supervision for Qualified Trust Service Providers (QTSPs), trusted lists and a trust mark for QTSPs to demonstrate compliance with the regulation Characteristics Details

Recommended

11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sector11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sector
innov-acts-ltd
 
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
innov-acts-ltd
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
IT Governance Ltd
 
10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-model
Christos Laganas
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPR
IT Governance Ltd
 
Data Breaches and the EU GDPR
Data Breaches and the EU GDPRData Breaches and the EU GDPR
Data Breaches and the EU GDPR
IT Governance Ltd
 
ISDC_2015_Philippe Aerni_Cyber Versicherung
ISDC_2015_Philippe Aerni_Cyber VersicherungISDC_2015_Philippe Aerni_Cyber Versicherung
ISDC_2015_Philippe Aerni_Cyber Versicherung
IBM Switzerland
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practice
ZoneFox
 

Recommended

11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sector11 eu-institution-studies-regulation-finance-sector
11 eu-institution-studies-regulation-finance-sector
innov-acts-ltd
 
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
H2020 finsec-ort-webinar-ml-dl-cybersecurity-july 2020
innov-acts-ltd
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
IT Governance Ltd
 
10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-model
Christos Laganas
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPR
IT Governance Ltd
 
Data Breaches and the EU GDPR
Data Breaches and the EU GDPRData Breaches and the EU GDPR
Data Breaches and the EU GDPR
IT Governance Ltd
 
ISDC_2015_Philippe Aerni_Cyber Versicherung
ISDC_2015_Philippe Aerni_Cyber VersicherungISDC_2015_Philippe Aerni_Cyber Versicherung
ISDC_2015_Philippe Aerni_Cyber Versicherung
IBM Switzerland
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practice
ZoneFox
 
Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?
IT Governance Ltd
 
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
South Tyrol Free Software Conference
 
GDPR Workshop
GDPR WorkshopGDPR Workshop
GDPR Workshop
Curt Lewis
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer
IT Governance Ltd
 
Fintech and Data Protection by Balint Halasz and Zoltan Tarjan 25 10 2016
Fintech and Data Protection by Balint Halasz and Zoltan Tarjan 25 10 2016Fintech and Data Protection by Balint Halasz and Zoltan Tarjan 25 10 2016
Fintech and Data Protection by Balint Halasz and Zoltan Tarjan 25 10 2016
bhalasz
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR
IT Governance Ltd
 
Smart Cities - The Security Aspects
Smart Cities - The Security AspectsSmart Cities - The Security Aspects
Smart Cities - The Security Aspects
Graeme Parker
 
FinTech Regulatory Landscape by Trystan Tether and Gabor Helembai 25 10 2016
FinTech Regulatory Landscape by Trystan Tether and Gabor Helembai 25 10 2016FinTech Regulatory Landscape by Trystan Tether and Gabor Helembai 25 10 2016
FinTech Regulatory Landscape by Trystan Tether and Gabor Helembai 25 10 2016
bhalasz
 
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
James Bryce Clark
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
IT Governance Ltd
 
WISER @Ferma Forum, 4-7 October 2015, Venice, Italy
WISER @Ferma Forum, 4-7 October 2015, Venice, ItalyWISER @Ferma Forum, 4-7 October 2015, Venice, Italy
WISER @Ferma Forum, 4-7 October 2015, Venice, Italy
CYBERWISER .eu
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Benjamin Ang
 
Outpost24 webinar - preventing wireless attacks with device visibility and t...
Outpost24 webinar - preventing wireless attacks with device visibility and t...Outpost24 webinar - preventing wireless attacks with device visibility and t...
Outpost24 webinar - preventing wireless attacks with device visibility and t...
Outpost24
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Richik Sarkar
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
Benjamin Ang
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
Lilian Edwards
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?
Frederick Penaud
 
CyNation: 7 Things You Should Know about EU GDPR
CyNation: 7 Things You Should Know about EU GDPRCyNation: 7 Things You Should Know about EU GDPR
CyNation: 7 Things You Should Know about EU GDPR
Iryna Chekanava
 
Datum DPO outsourced May 2016
Datum DPO outsourced May 2016Datum DPO outsourced May 2016
Datum DPO outsourced May 2016
Mark Honeyball
 
EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)
Napier University
 
03 regulatory landscape&regtech
03 regulatory landscape&regtech03 regulatory landscape&regtech
03 regulatory landscape&regtech
innov-acts-ltd
 
04 regulations-impact-on-finance-sector
04 regulations-impact-on-finance-sector04 regulations-impact-on-finance-sector
04 regulations-impact-on-finance-sector
innov-acts-ltd
 

More Related Content

What's hot

SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
South Tyrol Free Software Conference
 
Datum DPO outsourced May 2016
Datum DPO outsourced May 2016Datum DPO outsourced May 2016
Datum DPO outsourced May 2016
Mark Honeyball
 

What's hot (20)

Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?
 
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
 
GDPR Workshop
GDPR WorkshopGDPR Workshop
GDPR Workshop
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer
 
Fintech and Data Protection by Balint Halasz and Zoltan Tarjan 25 10 2016
Fintech and Data Protection by Balint Halasz and Zoltan Tarjan 25 10 2016Fintech and Data Protection by Balint Halasz and Zoltan Tarjan 25 10 2016
Fintech and Data Protection by Balint Halasz and Zoltan Tarjan 25 10 2016
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR
 
Smart Cities - The Security Aspects
Smart Cities - The Security AspectsSmart Cities - The Security Aspects
Smart Cities - The Security Aspects
 
FinTech Regulatory Landscape by Trystan Tether and Gabor Helembai 25 10 2016
FinTech Regulatory Landscape by Trystan Tether and Gabor Helembai 25 10 2016FinTech Regulatory Landscape by Trystan Tether and Gabor Helembai 25 10 2016
FinTech Regulatory Landscape by Trystan Tether and Gabor Helembai 25 10 2016
 
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
WISER @Ferma Forum, 4-7 October 2015, Venice, Italy
WISER @Ferma Forum, 4-7 October 2015, Venice, ItalyWISER @Ferma Forum, 4-7 October 2015, Venice, Italy
WISER @Ferma Forum, 4-7 October 2015, Venice, Italy
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
 
Outpost24 webinar - preventing wireless attacks with device visibility and t...
Outpost24 webinar - preventing wireless attacks with device visibility and t...Outpost24 webinar - preventing wireless attacks with device visibility and t...
Outpost24 webinar - preventing wireless attacks with device visibility and t...
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?
 
CyNation: 7 Things You Should Know about EU GDPR
CyNation: 7 Things You Should Know about EU GDPRCyNation: 7 Things You Should Know about EU GDPR
CyNation: 7 Things You Should Know about EU GDPR
 
Datum DPO outsourced May 2016
Datum DPO outsourced May 2016Datum DPO outsourced May 2016
Datum DPO outsourced May 2016
 
EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)
 

Similar to 05 standards and general purpose regulations - impact on finance

Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
ARMA International
 
Mi Fid Congress 2007
Mi Fid Congress 2007Mi Fid Congress 2007
Mi Fid Congress 2007
tettta
 

Similar to 05 standards and general purpose regulations - impact on finance (20)

03 regulatory landscape&regtech
03 regulatory landscape&regtech03 regulatory landscape&regtech
03 regulatory landscape&regtech
 
04 regulations-impact-on-finance-sector
04 regulations-impact-on-finance-sector04 regulations-impact-on-finance-sector
04 regulations-impact-on-finance-sector
 
09 blockchain-security-information-sharing
09 blockchain-security-information-sharing09 blockchain-security-information-sharing
09 blockchain-security-information-sharing
 
09 blockchain-security-information-sharing
09 blockchain-security-information-sharing09 blockchain-security-information-sharing
09 blockchain-security-information-sharing
 
06 digitalization-in-finance
06 digitalization-in-finance06 digitalization-in-finance
06 digitalization-in-finance
 
EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...
 
01 introduction-to-digital-finance
01 introduction-to-digital-finance01 introduction-to-digital-finance
01 introduction-to-digital-finance
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud Providers
 
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
 
Mi Fid Congress 2007
Mi Fid Congress 2007Mi Fid Congress 2007
Mi Fid Congress 2007
 
Keep your data safe and be compliant via a 360° approach
Keep your data safe and be compliant via a 360° approachKeep your data safe and be compliant via a 360° approach
Keep your data safe and be compliant via a 360° approach
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 
Initio at World Blockchain & Cryptocurrency Summit 2018
Initio at World Blockchain & Cryptocurrency Summit 2018Initio at World Blockchain & Cryptocurrency Summit 2018
Initio at World Blockchain & Cryptocurrency Summit 2018
 
Ipswitch and cordery on the road " All you need to know about GDPR but are t...
Ipswitch and cordery on the road " All you need to know about GDPR but are t...Ipswitch and cordery on the road " All you need to know about GDPR but are t...
Ipswitch and cordery on the road " All you need to know about GDPR but are t...
 
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ... Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
 
Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber security
 
IASA ey deck presentation
IASA ey deck presentationIASA ey deck presentation
IASA ey deck presentation
 
10 the-finstix-data-model
10 the-finstix-data-model10 the-finstix-data-model
10 the-finstix-data-model
 

More from innov-acts-ltd

More from innov-acts-ltd (6)

H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
 
12 ai-digital-finance-overview
12 ai-digital-finance-overview12 ai-digital-finance-overview
12 ai-digital-finance-overview
 
08 notable-security-incidents-in-the-finance-sector
08 notable-security-incidents-in-the-finance-sector08 notable-security-incidents-in-the-finance-sector
08 notable-security-incidents-in-the-finance-sector
 
07 role of network effects and digital ecosystems
07 role of network effects and digital ecosystems 07 role of network effects and digital ecosystems
07 role of network effects and digital ecosystems
 
02 the-fin tech-revolution
02 the-fin tech-revolution02 the-fin tech-revolution
02 the-fin tech-revolution
 
Finsec innov-acts-open banking-london080319-4web
Finsec innov-acts-open banking-london080319-4webFinsec innov-acts-open banking-london080319-4web
Finsec innov-acts-open banking-london080319-4web
 

Recently uploaded

falcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesfalcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunities
Falcon Invoice Discounting
 
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budgetCall Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Sareena Khatun
 
Call Girls in Yamuna Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in Yamuna Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in Yamuna Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in Yamuna Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...
Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...
Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...
priyasharma62062
 
Premium Call Girls Bangalore Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
Premium Call Girls Bangalore Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...Premium Call Girls Bangalore Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
Premium Call Girls Bangalore Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
vershagrag
 

Recently uploaded (20)

Toronto dominion bank investor presentation.pdf
Toronto dominion bank investor presentation.pdfToronto dominion bank investor presentation.pdf
Toronto dominion bank investor presentation.pdf
 
Strategic Resources May 2024 Corporate Presentation
Strategic Resources May 2024 Corporate PresentationStrategic Resources May 2024 Corporate Presentation
Strategic Resources May 2024 Corporate Presentation
 
falcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesfalcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunities
 
W.D. Gann Theory Complete Information.pdf
W.D. Gann Theory Complete Information.pdfW.D. Gann Theory Complete Information.pdf
W.D. Gann Theory Complete Information.pdf
 
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budgetCall Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
 
Call Girls in Yamuna Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in Yamuna Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in Yamuna Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in Yamuna Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Lion One Corporate Presentation May 2024
Lion One Corporate Presentation May 2024Lion One Corporate Presentation May 2024
Lion One Corporate Presentation May 2024
 
CBD Belapur((Thane)) Charming Call Girls📞❤9833754194 Kamothe Beautiful Call G...
CBD Belapur((Thane)) Charming Call Girls📞❤9833754194 Kamothe Beautiful Call G...CBD Belapur((Thane)) Charming Call Girls📞❤9833754194 Kamothe Beautiful Call G...
CBD Belapur((Thane)) Charming Call Girls📞❤9833754194 Kamothe Beautiful Call G...
 
7 steps to achieve financial freedom.pdf
7 steps to achieve financial freedom.pdf7 steps to achieve financial freedom.pdf
7 steps to achieve financial freedom.pdf
 
Call Girls in Benson Town / 8250092165 Genuine Call girls with real Photos an...
Call Girls in Benson Town / 8250092165 Genuine Call girls with real Photos an...Call Girls in Benson Town / 8250092165 Genuine Call girls with real Photos an...
Call Girls in Benson Town / 8250092165 Genuine Call girls with real Photos an...
 
Business Principles, Tools, and Techniques in Participating in Various Types...
Business Principles, Tools, and Techniques in Participating in Various Types...Business Principles, Tools, and Techniques in Participating in Various Types...
Business Principles, Tools, and Techniques in Participating in Various Types...
 
2999,Vashi Fantastic Ellete Call Girls📞📞9833754194 CBD Belapur Genuine Call G...
2999,Vashi Fantastic Ellete Call Girls📞📞9833754194 CBD Belapur Genuine Call G...2999,Vashi Fantastic Ellete Call Girls📞📞9833754194 CBD Belapur Genuine Call G...
2999,Vashi Fantastic Ellete Call Girls📞📞9833754194 CBD Belapur Genuine Call G...
 
Significant AI Trends for the Financial Industry in 2024 and How to Utilize Them
Significant AI Trends for the Financial Industry in 2024 and How to Utilize ThemSignificant AI Trends for the Financial Industry in 2024 and How to Utilize Them
Significant AI Trends for the Financial Industry in 2024 and How to Utilize Them
 
Seeman_Fiintouch_LLP_Newsletter_May-2024.pdf
Seeman_Fiintouch_LLP_Newsletter_May-2024.pdfSeeman_Fiintouch_LLP_Newsletter_May-2024.pdf
Seeman_Fiintouch_LLP_Newsletter_May-2024.pdf
 
Benefits & Risk Of Stock Loans
Benefits & Risk Of Stock LoansBenefits & Risk Of Stock Loans
Benefits & Risk Of Stock Loans
 
Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...
Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...
Female Russian Escorts Mumbai Call Girls-((ANdheri))9833754194-Jogeshawri Fre...
 
Premium Call Girls Bangalore Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
Premium Call Girls Bangalore Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...Premium Call Girls Bangalore Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
Premium Call Girls Bangalore Call Girls Service Just Call 🍑👄6378878445 🍑👄 Top...
 
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot GirlsMahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
 
Certified Kala Jadu, Black magic specialist in Rawalpindi and Bangali Amil ba...
Certified Kala Jadu, Black magic specialist in Rawalpindi and Bangali Amil ba...Certified Kala Jadu, Black magic specialist in Rawalpindi and Bangali Amil ba...
Certified Kala Jadu, Black magic specialist in Rawalpindi and Bangali Amil ba...
 
Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...
Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...
Solution Manual For Financial Statement Analysis, 13th Edition By Charles H. ...
 

05 standards and general purpose regulations - impact on finance

  • 1. 1H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY INNOV-ACTS, Limited H2020 FINSEC Project The FINSEC project is co-funded from the European Union’s Horizon 2020 programme under grant Agreement No 786727 Standards and General Purpose Regulations: Impact on Financial Technologies 15/11/2019
  • 2. 2H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Objectives ▪ Learn about the ISO/IEC standards applicable to the financial sector ▪ Understand their impact for information technologies ▪ Explore general purpose regulations and their relevance to the financial sector ▪ Identify their impact on financial technologies Goal Standards General purpose regulations
  • 3. 3H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Standards
  • 4. 4H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY List of standards and directives to be addressed ▪ ISO/IEC 27000 standards’ family ▪ ISO/IEC 27015:2012 ▪ Directive on security of network and information systems (NIS Directive)
  • 5. 5H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY ISO/IEC 27000 standards’ family  Issued by ▪ Provide best practice recommendations on information security management: management of information risks through information security controls ▪ Describes the fundamentals on information technology with respect to security techniques and information security management systems ▪ Provides additional support to the financial industry to set up an appropriate information security management system for the provisioning of their financial services *Note: The adoption of the standard is not universal in the finance and banking sector, although the compliance of financial organisations is recommended ▪ International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)  Focus  Objective
  • 6. 6H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY  Value added ▪ International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) ▪ Sector-specific guidance for the financial sector: ▪ information security of assets ▪ information processing in order to support the information security of processed information ▪ Requirements relevant to financial security  ISO 27000 series  Impact on financial technologies ISO/IEC 27000 standards’ family
  • 7. 7H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY ▪ specific requirements for maintaining the security of the organization’s information and information processing facilities that are accessed, processed, communicated to, or managed by external parties ▪ need to secure perimeters including walls, card controlled entry gates or manned reception desks ▪ maintain the security of information and software exchanged within an organization and with any external entity ▪ exposure to vulnerabilities is evaluated, and appropriate measures taken to address the associated risk ▪ information security events weaknesses associated with information systems are communicated such in a timely manner to allow for corrective action External parties Exchange of information Secure areas ISO 27000 – Requirements (selected) ISO/IEC 27000 standards’ family Evaluate vulnerabilities Reporting
  • 8. 8H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY ISO/IEC 27015:2012  Issued by ▪ ISO/IEC 27015:2012 Information technology - Security techniques – Information security management guidelines for financial services ▪ Technical report ▪ Supplement of the ISO/IEC 27000 family of International Standards for organizations providing financial services ▪ Guidance contained in this technical report extends information security controls defined in ISO/IEC 27002:2005 - Information security management and controls ▪ International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)  Objective
  • 9. 9H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY Directive on security of network and information systems (NIS Directive)  Content  Geographical area ▪ EU-wide ▪ Boost cyber-security in the EU ▪ Legal measures to boost cyber-security in the EU ▪ Requires Operators of Essential Services (OESs) to implement appropriate and proportionate security measures to achieve the outcomes set out by the NIS principles and notify the relevant national authorities of serious incidents and events ▪ EU-wide legislation on cyber-security  Focus  Objective
  • 10. 10H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY  Scope ▪ Financial services and financial market infrastructure providers (including trading venues and central counterparties) are considered as “Operators of Essential Services” (OES) ▪ OES have to take appropriate and proportionate technical and organizational measures to manage the risks posed to the security of their networks and information systems ▪ Prevent and minimize the impact of cyber incidents ▪ Serious incidents need to be notified to the relevant national authority (i.e. Computer Security Incident Response Teams) that each EU country will need to set up *Note: Responsibility on the essential services providers: e.g., if a financial services company has outsourced the cloud computing services to a third party, the delegating entity still holds the main responsibility of any cyber attack data breach. Directive on security of network and information systems (NIS Directive)
  • 11. 11H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY  Impact on banking and financial services ▪ Notification about incidents in the banking sector is indicated to be specified by member states: ▪ Requirements for notification of incidents are part of normal supervisory practice in the financial sector Directive on security of network and information systems (NIS Directive)
  • 12. 12H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY General purpose regulations
  • 13. 13H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY List of general purpose regulations and standards ▪ EU Privacy Rules – GDPR ▪ e-Privacy ▪ eIDAS
  • 14. 14H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY General Data Protection Regulation (GDPR)  Content  Geographical area ▪ Europe-wide ▪ To empower EU citizens by making them aware of the kind of data held by institutions and the rights of the individual to protect their personal information ▪ Provides additional control to EU residents on over how their personal information is accessed, communicated and stored ▪ Failure to comply incurs significant penalties for institutions, this will be discretionary and, depending on the nature of the breach,  2% - 4% of worldwide revenue, max 20m Characteristics ▪ Designed in order to adapt the existing data protection legislation with respect to the way in which data is currently being used in the digital setting Details  Objective  Focus
  • 15. 15H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY General Data Protection Regulation (GDPR)  Scope ▪ Standardises data privacy laws and mechanisms across industries, regardless of the nature or type of operations -> financial institutions are affected ▪ Financial organizations collect large amounts of customer data which are used in a variety of processes and activities ▪ Institutions need to demonstrate the integrity and validity of their customer’s consent with respect to how their data is shared and used ▪ Processes involving customer data is exposed to different people, at different stages -> GDPR applied in any of the processes that requires the handling of any type of customer data ▪ Inform customers on how they plan to process and use the data. Additionally, each institution needs to appoint a Data Protection Officer (DPO) Characteristics Details  Impact on banking and financial services
  • 16. 16H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY ▪ Awareness of customers about personal data stored by financial institutions ▪ Any data that can be used to identify an individual (and any data related to pseudoanonymization) ▪ Individuals can request access to, or the removal of, their own personal data from financial institutions ▪ Financial institutions may keep some data to ensure compliance with other regulations, but in all other circumstances where there is no valid justification, the individual’s right to be forgotten applies ▪ Wide deployment of outsourcing services -> firms need to ensure that personal client data is not accessible to external vendors, thus significantly increasing the data’s net exposure ▪ Non-EU organisations that collaborate with EU banks or serving EU citizens, to ensure vigilance while sharing data across borders Data subject consent Minimizing chances of breach Data portability GDPR & relevance to financial services Vendor management Reporting
  • 17. 17H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY ▪ Controllers should embed privacy features and functionalities into products, systems from the time that are first designed ▪ Appropriate measures can be appliedon collected data, pseudonymisation techniques and improved encryption ▪ Data must also be pseudonymised into artificial identifiers to ensure the data access stays within the realms of the ‘need-to- know’ obligations ▪ Carry out an impact assessment (Privacy Impact Assessment - PIA) for organizations that perform data processing that may involve a high risk for the rights and freedoms of natural persons. The origin, nature, particularity and severity of such risk must be assessed Privacy by design Pseudoanonymization GDPR & relevance to financial services Impact assessment
  • 18. 18H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY ▪ Responsible individual is identified as the Data Protection Officer within each organization (required for org. >250 empl.) ▪ Duties relevant to monitoring the implementation and application of internal policies, coordinating audits, supervising the execution of the impact evaluation, point of contact for the supervisory authority etc. ▪ Financial services may use of biometrics, such as for example fingerprints and eye scans to identify their customers ▪ Required to take the necessary technical and organisational measures to prevent this special data from being exposed, as a consequence their systems being poorly managed Data Protection Officers (DPO) GDPR & relevance to financial services Biometrics
  • 19. 19H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY e-Privacy  Content  Geographical area ▪ Europe-wide ▪ Respect for private life and protection of personal data in electronic communications ▪ Protection of fundamental rights and freedoms of natural and legal persons with respect to the use of electronic communications services ▪ Free movement of electronic communications data and electronic communications services within the EU Includes data to trace and identify the source and destination of a communication ▪ Relevant to any metadata from electronic communications e.g., time/date of a call Characteristics ▪ Particularise and complement the GDPR by identifying certain rules for the rights of natural and legal persons on electronic communication Details  Objective  Focus
  • 20. 20H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY e-Privacy  Impact on financial technologies Characteristics ▪ All electronic communications exchanged in the financial sector are subject to stricter requirements, especially in the case that they contain personal or confidential data ▪ Additional security requirements for the transmission of personal and confidential data through electronic means ▪ Including email communication, fund transfers, information exchanges related to regulations such as AEI (Automatic Exchange of Information), FATCA (Foreign Account Tax Compliance Act) or MiFID (Markets in Financial Instruments Directive) ▪ Enhanced requirements in applications developed (such as web-banking or mobile banking apps) where data such as transaction details are stored by the user ▪ Internal screenings of e-mails and other electronic files will require the prior consent of the user Details
  • 21. 21H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY eIDAS  Content  Geographical area ▪ Europe-wide ▪ To provide certainty on the legal validity of all these services, businesses and citizens that will use the digital interactions as their natural way of interaction ▪ Ensure that individuals and businesses can use their own national electronic identification schemes (eIDs) to access public services in other EU member states ▪ Create a European internal market for eTS - namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication - by ensuring that they will work across borders and have the same legal status as traditional means Characteristics ▪ EU regulation on a set of standards for electronic identification and trust services for electronic transactions in the European Single Market Details  Objective  Focus
  • 22. 22H2020 FINSEC – DIGITAL FINANCE ACADEMY FOR SECURITY eIDAS  Impact on financial technologies ▪ Legal effects for qualified electronic signatures, seals, certificates for electronic seals, timestamps and documents, as well as e-signature and e-seal creation devices ▪ Legal framework for e-registered delivery services and website authentication services ▪ Basis for eID schemes notified under the regulation in one member state to be recognised in one another ▪ Security of personal data and breach notification requirements for all trust service providers ▪ Supervision for Qualified Trust Service Providers (QTSPs), trusted lists and a trust mark for QTSPs to demonstrate compliance with the regulation Characteristics Details