The UK Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) on December 20, 2022, announced fines totaling £48.65 million ($59 million) on TSB Bank plc (TSB) for operational resiliency failures, after an IT upgrade led to customers being unable to access core banking services.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
The Digital, Culture, Media and Sport Committee (DCMS) of the UK Parliament published a call for evidence on the operation, risks, and benefits of non-fungible tokens (NFTs) and blockchain. The DCMS noted that digital assets such as NFTs provide for flexible ownership, making them attractive for wide adoption. But with limited NFT regulation in the United Kingdom, the DCMS is considering how investors may be exposed.
The European Union (EU) Commission released its Draft Adequacy Decision for the EU-US Data Privacy Framework on December 13, which, in conjunction with President Biden’s executive order issued on October 7, will further facilitate trans-Atlantic data flows. The Draft Adequacy Decision mirrors the executive order, which established safeguards relating to the handling of personal information in the course of signals intelligence activities. If and when adopted, the adequacy decision will impact contractual requirements and processes by restoring data flows through a new Trans-Atlantic Data Privacy Framework.
The New York Department of Financial Services (NYDFS) published its proposed amendment to its 23 NYCRR Part 500 (Cybersecurity Rules) on November 9, 2022, following the release of the draft version on July 29, 2022. The proposed amendments complement the efforts of the US government to further regulate cybersecurity practices pursuant to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). If adopted, the proposed amendment, among other things, establishes “Class A” companies, and requires covered entities (i.e., insurance companies, banks and other financial institutions regulated by the NYDFS) to, within 180 days, review their existing policies and procedures and ensure compliance with all applicable requirements of the Cybersecurity Rules.
On October 11, the Bank of England (BoE), the Prudential Regulation Authority (PRA), and the UK Financial Conduct Authority (FCA) (together, the Supervisory Authorities) published a discussion paper (DP5/22) on the safe and responsible adoption of artificial intelligence (AI) in financial services (Discussion Paper). The Discussion Paper forms part of the Supervisory Authorities’ AI-related program of works, including the AI Public Private Forum and is being considered in light of the UK government’s efforts towards regulating AI.
As part of our Spotlight series, we welcome David McManus, a partner in our New York office and the deputy leader of Morgan Lewis’s labor and employment practice, and Emily DeSmedt, a partner in our Princeton office, who represents employers in a wide variety of employment-related matters. David frequently works with our team on the employment aspects inherent in outsourcings and other technology and commercial transactions, and Emily provides counseling on complex issues such as leaves of absence, disability, pregnancy, and religious accommodation requests. We have invited David and Emily to discuss employment topics related to remote work.
Although data security concerns may have held back early adoption, the COVID-19 pandemic accelerated cloud usage and digital transformation within public service organizations in many countries around the world. In a recent study, Accenture surveyed 364 public service executives at both the local and federal levels in six countries—Australia, Canada, Germany, Singapore, the United Kingdom, and the United States—to learn about the public sector’s cloud adoptions strategies.
On November 18, days before the FIFA World Cup Qatar 2022 was due to start, Anheuser-Busch InBev (the owner of Budweiser, a World Cup sponsor since 1985) was dealt an unexpected yellow card: FIFA issued a statement that appeared to renege on certain terms of their $75 million (£63 million) commercial sponsorship agreement.
The US Department of Commerce’s Bureau of Industry and Security released an interim final rule (IFR) on October 7 imposing new export controls on certain advanced computing and semiconductor manufacturing destined for the People’s Republic of China (PRC). In their LawFlash, partners Giovanna Cinelli, Kenneth Nunnenkamp, and Carl Valenstein; of counsel Heather Sears; and associates Katelyn Hilferty, Christian Kozlowski, Patricia Cave, and Jiazhen Guo discuss the scope of the new export controls, open issues and questions regarding the regulation, and potential courses of action to consider.
Despite general awareness regarding phishing (we have written about phishing in a prior post), it still remains one of the most common ways to accomplish cyberattacks. It should be no surprise that cybercriminals are constantly coming up with more elaborate and sophisticated ways to gain access to sensitive systems and data. A recent CIO.com article lists three measures designed to deter phishing and related attacks, which we have summarized below.