BANKING AND FINANCE COMPLIANCE SERVICES

We provide advice and headcount for finance sector privacy and data protection teams. The sector is subject to a multitude of legislation and regulation for handling of customer data in many jurisdictions. We support privacy teams in banks, insurance companies, mortgage lenders and fintech through short and long-term secondments and undertake any type of privacy impact assessment or privacy audit which encompass finance-specific regulatory obligations.

Our expertise includes the complex landscapes in key markets where there is overlap of general privacy law with sector-specific obligations on financial institutions:

USA — the GLBA Financial Privacy Rule, Safeguards Rule and Pretexting Protection Rule; State-level statutes, Children's Online Privacy Protection Act (COPPA)

EU — GDPR and its interplay with PSD2, the ePrivacy Directive (ePD) and Anti-Money Laundering (AML) Directives

Singapore — PDPA alongside Monetary Authority of Singapore (MAS) Notices and Guidelines, Finance Companies Act and Securities and Futures Act (SFA) requirements for intermediaries and financial advisors.

Hong Kong — Personal Data (Privacy) Ordinance (PDPO), Code of Practice on Consumer Credit Data, Guideline on Protecting Personal Data in Online Transactions, Hong Kong Monetary Authority (HKMA) Supervisory Policy Manual

Canada —PIPEDA and the Alberta, B.C. and Quebec equivalents, the Bank Act and the Insurance Act, as well as the provincial insurance statutes.

Australia — Privacy Act, APRA CPS 220 Risk Management, CPS 231 Outsourcing, and CPS 234 Information Security, AFS reporting obligations to ASIC, Credit Privacy Code

Japan —APPI, PPC-FSA Guidelines

South Korea — PIPA, Credit Information Use and Protection Act, Act on Specific Financial Information