Connect with us

Top Stories

Privacy Compliance Laws: Why the European Commission Has Finally Got It Right

Published

on

Marc Vael
By Marc Vael, CISA, CISM, CGEIT, CRISC, CISSP

ISACA’s Marc Vael tells you why the European Commission’s new privacy rules are an opportunityMarc Vael
The debate about privacy compliance has always been a heated one. Add to the mix new European Commission legislation and you have a recipe for not only a lively debate but also a controversy about the interference in privacy of a European bureaucracy. The recent European Commission cookie law guidelines not only reignited controversy about privacy compliance in Europe and prompted furious debates in the trade press, quality press and tabloids, but also ignited considerable international interest. This article concentrates on examining the stances which have been taken, their validity and, more importantly, what an enterprise needs to be doing as it turns from merely talking shop to setting and implementing concrete policies on privacy.

What tended to be ignored in the early days of the European Commission’s proposals was that the cookies rule was just a small part of a law aimed at safeguarding privacy online and an attempt to protect Internet users from an increasingly aggressive, intrusive and pervasive corporate marketing machine. These are real concerns which have been growing for a number of years and which the European Commission sought to address in its rulings. It is ironic that the European Commission takes considerable flak for ‘creating’ initiatives when usually it is responding to pressure from below. It was the relative failure of the European Commission’s 2003 directive that led to the cookie law. As international competition begins to heat up and the rapidly emerging markets of India, China and Brazil force companies into become more aggressive in their search for international markets, organisations providing content and obtaining information about users are utilising even more sophisticated and invasive techniques which many people are becoming alarmed about.

The ultimate aim is to protect user privacy to ensure that consent is given for all Internet marketing and a tidal wave of spam is averted. This is a laudable aim and one which should be supported. It should also be pointed out that these are merely a set of proposals—albeit a fairly comprehensive set—of reforms to the EU’s 1995 data protection rules to “…strengthen online privacy rights and boost Europe’s digital economy,” according to the EU’s web site.
 
The site adds, “Technological progress and globalisation have profoundly changed the way our data is collected, accessed and used. In addition, the 27 EU Member States have implemented the 1995 rules differently, resulting in divergences in enforcement. A single law will do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. The initiative will help reinforce consumer confidence in online services, providing a much needed boost to growth, jobs and innovation in Europe.”
 
EU Justice Commissioner Viviane Reding, the Commission’s Vice President, said, “Seventeen years ago, less than 1% of Europeans used the Internet. Today, vast amounts of personal data are transferred and exchanged, across continents and around the globe in fractions of seconds. The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data. My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information. The reform will accomplish this while making life easier and less costly for businesses. A strong, clear and uniform legal framework at EU level will help to unleash the potential of the Digital Single Market and foster economic growth, innovation and job creation.”
 
BOX OUT
Key changes in the reform include:

  • A single set of rules on data protection, valid across the EU. Unnecessary administrative requirements, such as notification requirements for companies, will be removed. This will save businesses around €2.3 billion a year.
  • Instead of the current obligation of all companies to notify all data protection activities to data protection supervisors—a requirement that has led to unnecessary paperwork and costs businesses €130 million per year—the regulation provides for increased responsibility and accountability for those processing personal data.
  • Companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible (if feasible within 24 hours).
  • Organisations will only have to deal with a single national data protection authority in the EU country where they have their main establishment. Likewise, people can refer to the data protection authority in their country, even when their data is processed by a company based outside the EU. Wherever consent is required for data to be processed, it is clarified that it has to be given explicitly, rather than assumed.
  • People will have easier access to their own data and be able to transfer personal data from one service provider to another more easily (right to data portability). This will improve competition among services.
  • A ‘right to be forgotten’ will help people better manage data protection risks online: people will be able to delete their data if there are no legitimate grounds for retaining it.
  • EU rules must apply if personal data is handled abroad by companies that are active in the EU market and offer their services to EU citizens.
  • Independent national data protection authorities will be strengthened so they can better enforce the EU rules at home. They will be empowered to fine companies that violate EU data protection rules. This can lead to penalties of up to €1 million or up to 2 percent of the global annual turnover of a company.
  • A new Directive will apply general data protection principles and rules for police and judicial cooperation in criminal matters. The rules will apply to both domestic and cross-border transfers of data.
As companies such as British Airways announce that they are going to search for details of their regular customers on Google in order to provide a better service, it becomes increasingly obvious that data privacy is becoming more important than ever. For information security professionals who need to keep up-to-date with each movement in this privacy legislation and its attendant political shifts, I recommend using COBIT 5 (www.isaca.org/cobit) as a framework to govern privacy, work out the risks around privacy, ensure property security management and allow auditing of privacy measures in place. COBIT 5 for Information Security will be especially relevant. There are some factors which are critical to handling privacy in an effective and efficient manner. The most important one, and a factor which is often forgotten in many IT security implementations, is rock-solid commitment from senior management at board level. If the senior management team members are not aware of or concerned about the privacy of the enterprise’s customers or employees, they will not make available resources in terms of staff and the necessary budgets to handle privacy in a professional manner.
 
At companies such as RSA Security and Sony, a lack of leadership on these issues from the top contributed to catastrophic laxity in IT security measures further down the line of junior management. It is very much the case that the tone has to be set from the top.
 
If IT security professionals are unsure if they can obtain senior management buy-in for a project, they seriously need to take stock of their own position, the position of IT security within the company and whether their senior management is taking IT security seriously.
 
The same importance must be given to the other stakeholders with roles and responsibilities around IT security. There has to be proper coordination of these individuals, but more importantly, they have to know that everyone has a role to play in data privacy. This will include the Council, information technology generally, human resources, applications, business unit leaders, security (corporate, IT, physical and executive protection) and internal audit.
 
A major issue facing many privacy coordinators is the diversity of all types of privacy legislation and regulations, particularly when working in multinational environments. Sometimes in these environments, there are even conflicting privacy rules and requirements which make it difficult to select on privacy solution. The COBIT 5 solution is to select a privacy baseline, but allow local implementation guidelines to allow local units to make individual adjustments without violating basic concepts and rules. This is, in today’s world, a massive challenge and one of the drivers of change in the European privacy legislation.
 
It is important to have communication mechanisms built around privacy for internal and external usage. ISACA has always stressed the importance of ensuring trust in, and value from, information. In COBIT 5, ISACA suggests making a clear distinction between privacy governance and privacy management, meaning that the board of directors of any organisation should direct, evaluate and monitor the privacy vision and requirements based on business needs, whereas the executive management and employees involved with privacy-related information should focus on the plan, build, run and monitor approach.
 
As the EU legislation suggests, privacy has an effect on the whole organisation. It is advisable to review and use COBIT 5 enabling processes to make sure the board and executive management have proper coverage of all privacy-related requirements, benefits, risks and resources. Only processes which are under control and meet the expectations can remain as they are; all others will have to be reviewed. The COBIT 5 implementation model suggests seven steps to improve privacy processes with three rings: program management; change management and continuous improvement.
 
If the above safeguards are included in major organisations’ planning programmes, and senior management is fully involved, the privacy and European commission legislation will be a valuable addition to the management manuals of all organisations.
 
About the author
Marc Vael, CISA, CISM, CGEIT, CRISC, CISSP, is international vice president of ISACA and chief audit executive at Smals, a Belgian not-for-profit IT organization with more than 1,800 people working exclusively for the Belgian federal government on social security automation. He is also the current president of the ISACA Belgium Chapter.
 
 
 
 
 

Top Stories

Bringing finance into the 21st Century – How COVID and collaboration are catalysing digital transformation

Published

on

Bringing finance into the 21st Century – How COVID and collaboration are catalysing digital transformation 1

By Keith Phillips, CEO of TISATech

If just six or seven months ago someone had told you that in a matter of weeks people around the world would be locked down in their homes, trying to navigate modern work systems from a prehistoric laptop, bickering with family over who’s hogging the Wi-Fi, migrating online to manage all financial services digitally, all while washing their hands every five minutes in fear of a global pandemic… You’d think they had lost their mind. But this very quickly became the reality for huge swathes of the world and we’re about to go through that all over again as the UK government has asked that those who can work from home should.

Unsurprisingly, statistics show that lockdown restrictions introduced by the UK government in March, led to a sharp increase in people adopting digital services. Banks encouraged its customers to log onto online banking, as they limited (and eventually halted) services at branches. This forced many customers online as their primary means of managing personal finances for the first time.

If anyone had doubts before, the Covid-19 pandemic proved to us the importance of well-functioning, effective digital financial services platforms, for both financial institutions and the people using them.

But with this sudden mass online migration, it’s become clear that traditional banks have struggled to keep up with servicing clients virtually. Legacy banking systems have always stilted the digitisation of financial services, but the pandemic thrust this issue into the limelight. Fintech firms, which focus intently on digital and mobile services, knew it was only a matter of time before financial institutions’ reliance was to increase at an unprecedented rate.

For years, fintechs have been called upon by traditional players to find solutions to problems borne from those clunky legacy systems, like manual completion of account changes and money transfers. Now it is the demand for these services to be online coupled with the need for financial services firms to cut costs, since Covid-19 hit the economy.

Covid-19 has catalysed the urgent need to bring digital transformation to a wider pool of financial services businesses. Customers now have even higher expectations of larger institutions, demanding that they keep up with what the younger and more nimble challengers have to offer. Industry leaders realise that they must transform their businesses as soon as possible, by streamlining and digitising operations to compete and, ultimately, improve services for their customers.

The race for digital acceleration began far before the recent pandemic – in fact, following the 2008 financial crisis is likely more accurate. Since the credit crunch, there has been a wave of new fintech firms, full of young, bright techies looking to be the next big thing. Fintechs have marketed themselves hard at big conferences and expos or by hosting ‘hackathons’, trying to prove themselves as the fastest, most innovative or the most vital to the future of the industry.

However, even during this period where accelerating innovation in online financial services and legacy systems is crucial, the conditions brought about by the pandemic have not been conducive to this much-needed transformation.

The second issue, which again was clear far before the pandemic, is that fact that no matter how nimble or clever the fintechs’ solutions are, it is still hard to implement the solutions seamlessly, as the sector is highly fragmented with banks using extremely outdated systems populated with vast amounts of data.

With the significance of the pandemic becoming more and more clear, and the need for better digital products and services becoming more crucial to financial services firms and consumers by the day, the industry has finally come together to provide a solution.

The TISAtech project was launched last month by The Investing and Saving Alliance (TISA), a membership organisation in the UK with more than 200 leading financial institutions as members. TISA asked The Disruption House, a specialist benchmarking and data analytics business, to create a clearing house platform for the industry to help it more effectively integrate new financial technology. The project aims to enhance products and services while reducing friction and ultimately lowering costs which are passed on to the customers.

With nearly 4,000 fintechs from around the world participating, it will be the world’s largest marketplace dedicated to Open Finance, Savings, and Investment.

Not only will it provide a ‘matchmaking’ service between financial institutions an fintechs, it will also host a sandbox environment. Financial institutions can pose real problems with real data and the fintechs are given the space to race to the bottom – to find the most constructive, cost-effective solution.

Yes, there are other marketplaces, but they all seem to struggle to achieve a return on investment. There is a genuine need for the ‘Trivago’ of financial technology – a one stop shop, run by an independent body, which can do more than just matchmaking. It needs to go above and beyond to encompass the sandboxing, assessments, profiling of fintechs to separate the wheat from the chaff, and provide a space for true collaboration.

The pandemic has taught us that we are more effective if we work together. We need mass support and collaboration to find solutions to problems. Businesses and industries are no different. If fintechs and financial institutions can work together, there is a real chance that we can start to lessen the economic hit for many businesses and consumers by lowering costs and streamlining better services and products. And even if it is just making it that little bit easier to manage personal finances from home when fighting with your children for the Wi-Fi, we are making a difference.

Continue Reading

Top Stories

What to Know Before You Expand Across Borders

Published

on

What to Know Before You Expand Across Borders 2

By Sean King, Director of International Tax at McGuire Sponsel

The American retail giant, Target Corporation, has a market cap of $64 billion and access to seemingly limitless resources and advisors. So, when the company engaged in its first global expansion, how could anything possibly go wrong?

Less than two years after opening its first Canadian store in 2013, Target shut down all133 Canadian locations and terminated more than 17,000 Canadian employees.

Expansion of an operation to another country can create unique challenges that may impact the financial viability of the entire enterprise. If Target Corporation can colossally fail in its expansion to Canada, how might Mom ‘N’ Pop LLC fare when expanding into Switzerland, Singapore, or Australia?

Successful global expansion requires an understanding of multilayered taxes, regulatory hurdles, employment laws, and cultural nuances. Fortunately, with the right guidance, global expansion can be both possible and profitable for businesses of any size.

Permanent establishment

Any company with global ambitions must first consider whether the company’s expansion outside of the U.S. will give rise to a taxable presence in the local country. In the cross-border context, a “permanent establishment” can be created in a local country when the enterprise reaches a certain level of activity, which is problematic because it exposes the U.S. multinational to taxation in the foreign country.

Foreign entity incorporation

To avoid permanent establishment risk, many U.S. multinationals choose to operate overseas through a formal corporate subsidiary, which reduces the company’s foreign income tax exposure, though it may result in an additional level of foreign income tax on the subsidiary’s earnings. In most jurisdictions, multinationals can operate their business in the foreign country as a branch, a pass through (e.g., partnership,) or a corporation.

As a branch, the U.S. multinational does not create a subsidiary in the foreign country. It holds assets, employees, and bank accounts under its own name. With a pass through, the U.S. multinational creates a separate entity in the foreign country that is treated as a partnership under the tax law of the foreign country but not necessarily as a partnership under U.S. tax law.

U.S. multinationals can also create corporate subsidiaries in the foreign country treated as corporations under the tax law of both the foreign country and the U.S., with possibly two levels of income taxation in the foreign country plus U.S. income taxation of earnings repatriated to the U.S. as dividends.

Check-the-box planning

Under U.S. entity classification rules, certain types of entities can “check the box” to elect their classification to be taxed as a corporation with two levels of tax, a partnership with pass-through taxation, or even be disregarded for U.S. federal income tax purposes. The check the box election allows U.S. multinationals to engage in more effective global tax planning.

Toll charges, transfer pricing and treaties

When establishing a foreign corporate subsidiary, the U.S. multinational will likely need to transfer certain assets to the new entity to make it fully operational. However, in many cases, the U.S. multinational cannot perform the transfer without recognizing taxable income. In the international context, the IRS imposes certain outbound “toll charges” on the transfer of appreciated property to a foreign entity, which are usually provided for in IRC Section 367 and subject to various exceptions and nuances.

Instead, the U.S. multinational may prefer to license intellectual property to the foreign subsidiary for a fee rather than transfer the property outright. However, licensing requires the company and foreign subsidiary to adhere to transfer pricing rules, as dictated by IRC Section 482. The U.S. multinational and the foreign subsidiary must interact in an arms-length manner regarding pricing and economic terms. Furthermore, any such arrangement may attract withholding taxes when royalties are paid across a border.

Are you GILTI?

Certain U.S. multinationals opt to focus on deferring the income recognition at the U.S. level. In doing so, they simply leave overseas profits overseas and delay repatriating any of the earnings to the U.S.

Despite the general merits of this form of planning, U.S. multinationals will be subject to certain IRS anti-deferral mechanisms, commonly known as “Subpart F” and GILTI. Essentially, U.S. shareholders of certain foreign corporations are forced to recognize their pro rata share of certain types of income generated by these foreign entities at the time the income is earned instead of waiting until the foreign entity formally repatriates the income to the U.S.

The end goal

Essentially, all effective international tax planning boils down to treasury management. Effective and early tax planning can properly allow a company to better achieve its initial goal: profitability.

If global expansion is on the horizon for your company, consult a licensed professional for advice concerning your specific situation.

Continue Reading

Top Stories

Pandemic risks eclipse treasury priorities as businesses diversify investments to mitigate impact

Published

on

Pandemic risks eclipse treasury priorities as businesses diversify investments to mitigate impact 3

The Covid-19 pandemic has shunted aside existing challenges to sit atop treasurers’ priority lists, according to “The resilient treasury: Optimising strategy in the face of covid-19”, a survey run by the Economist Intelligence Unit (EIU) and sponsored by Deutsche Bank.

The results show that treasurers are looking to diversify their investments in a bid to mitigate the pandemic impacts, including heightened liquidity, foreign-exchange and interest-rate risk. As many as 55% plan to increase investments in long-term instruments, with 48% increasing investments in bank deposits, another 48% in local investment products, and 47% in money-market funds.

“The Covid-19 pandemic has drastically altered business plans in 2020. It has placed a certain level of strain on treasury processes, but the challenge it presents has been managed by traditional treasury skills. It is clear that pandemic risk will be on the treasury checklist for years to come, but it is one of many risks the department faces and will continue to manage,” says Melanie Noronha, the EIU editor of the report.

Despite Covid-19 looming large, other challenges wait in the wings. Notably, the replacement of the London Interbank Offered Rate was identified by 38% of respondents as the main challenge of their function.

Technology, meanwhile, continues to be a pressing issue, with treasury teams becoming increasingly reliant on IT solutions. Here, data quality is rising up the list of concerns. Already highlighted as very or somewhat concerning in 2019 by 69% of respondents, the figure rose to 78% in 2020. Acquiring the necessary skill sets to realise the full benefits of this data and technology is also a continuing priority – with some progress registered from last year. In 2020, 30% of respondents say they have all the skills they need to manage technological change, up from 22% in 2018.

“Treasury’s focus on technology is not only helping teams operate more efficiently in a remote-working environment, it has long played – and continues to play – a key role in realising their long-term priorities,” notes Ole Matthiessen, Head of Cash Management, Corporate Bank, Deutsche Bank. The survey shows that

Release 1 | 2  managing relationships with banks and suppliers (highlighted by 32% of respondents) and collaborating with other functions of the business (also 32%) remain top of the agenda – and seamless digital systems will help give treasurers the bandwidth and insight to be more effective partners for both internal and external stakeholders.

Based on a global survey of 300 treasury executives, conducted between April and May, the survey explores stakeholders’ attitudes among corporate treasurers towards the drivers of strategic change in the treasury function – from the pandemic through to regulation and technology – and their priorities for the next five years.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Mobile engagement will prove vital for enhanced customer experience in the world of finance 4 Mobile engagement will prove vital for enhanced customer experience in the world of finance 5
Business9 hours ago

Mobile engagement will prove vital for enhanced customer experience in the world of finance

By Nick Millward, VP Europe at mGage With the world becoming more digital – as smartphones play an intrinsic part...

How are investors traversing the UK’s transition out of lockdown? 6 How are investors traversing the UK’s transition out of lockdown? 7
Investing9 hours ago

How are investors traversing the UK’s transition out of lockdown?

By Giles Coghlan, Chief Currency Analyst, HYCM Just when we thought we had overcome the initial health challenges posed by COVID-19, the...

Why are there so few female CEOs and what does it take to succeed in a male dominated industry? 8 Why are there so few female CEOs and what does it take to succeed in a male dominated industry? 9
Business9 hours ago

Why are there so few female CEOs and what does it take to succeed in a male dominated industry?

By Gayle Carpenter, Director of creative agency, Sparkloop   When you think about inspirational female leaders or role models, names such as Malala...

Sustainable technology must be prioritised over enhancement: Re-focusing a wasteful tech culture 10 Sustainable technology must be prioritised over enhancement: Re-focusing a wasteful tech culture 11
Technology9 hours ago

Sustainable technology must be prioritised over enhancement: Re-focusing a wasteful tech culture

By Jo Barnard, Founder of Morrama The UN recently reported that as a global population we are throwing away £50bn...

How has the online trading landscape changed in 2020? 12 How has the online trading landscape changed in 2020? 13
Trading10 hours ago

How has the online trading landscape changed in 2020?

By Dáire Ferguson, CEO, AvaTrade  This year has been all about change following the outbreak of coronavirus and the subsequent...

Hatton Gardens 5 top tips for investing in Diamonds 14 Hatton Gardens 5 top tips for investing in Diamonds 15
Investing10 hours ago

Hatton Gardens 5 top tips for investing in Diamonds

By Ben Stinson, Head of eCommerce at Diamonds Factory Investing in diamonds can be extremely rewarding, but only if you...

AI reduces procurement fraud, error and abuse 16 AI reduces procurement fraud, error and abuse 17
Technology10 hours ago

AI reduces procurement fraud, error and abuse

By Hans Bonde, Senior Industry Consultant, SAS In recent years, there has been an increasing focus on financial crime in...

Bringing finance into the 21st Century – How COVID and collaboration are catalysing digital transformation 18 Bringing finance into the 21st Century – How COVID and collaboration are catalysing digital transformation 19
Top Stories10 hours ago

Bringing finance into the 21st Century – How COVID and collaboration are catalysing digital transformation

By Keith Phillips, CEO of TISATech If just six or seven months ago someone had told you that in a...

Why hybrid working will shift the economy, not ruin it 20 Why hybrid working will shift the economy, not ruin it 21
Business10 hours ago

Why hybrid working will shift the economy, not ruin it

By Pete Braithwaite, COO at B2B self-service portal KIT Online, Today explained that despite the major drive to get people...

What to Know Before You Expand Across Borders 22 What to Know Before You Expand Across Borders 23
Top Stories19 hours ago

What to Know Before You Expand Across Borders

By Sean King, Director of International Tax at McGuire Sponsel The American retail giant, Target Corporation, has a market cap...

Newsletters with Secrets & Analysis. Subscribe Now