While businesses around the world are busy getting ready for GDPR, another wide-reaching EU regulation crept up and took many outside the Financial Services industry by surprise in January 2018 – the Payment Services Directive 2 (PSD2).
PSD2 removes the previous easy-to-use exemption for electronic communications providers. Instead, it introduces a much more limited exclusion – and if they want to exercise it, they must provide an annual independent audit opinion relating to it. If they are unable to use the new exemption, they may need a full Financial Conduct Authority (FCA) licence as a payment institution.
As electronic communication becomes ever faster and ever easier, and the EU ramps up its Digital Single Market Strategy, 2018 will see a steady stream of regulatory change for Telcos and online services providers beyond the GDPR. Key themes include security, consumer protection and competition management.
We’ve pulled together the headlines on EU and UK developments, as a brief overview of what’s coming up. If you want to know more, please click through here for our background document, including a timeline.
As 2018 begins to take shape, the regulatory outlook seems dominated by one particular area - data. As the value of the data held by organisations increases, so does the risk from cyber criminals and pressure from regulatory authorities. There is also increasing thought given on how to regulate social media such as Twitter, Facebook and WhatsApp.
However, there are other topics on the agenda – this update covers briefly:
Potential net annual cost savings of £250,000 or more should be music to corporate ears. Those ears however seem resistant to the siren song of plain language for regulatory compliance communications.
Evidence shows that small investments in clearer messages save significant time (and therefore money), and improve reader understanding and compliance. For example, in the US Federal Express revised its ground operations manuals, which staff had to search for an average of 5 minutes to find information, with only 53% then finding the right answer. Average search times with the new manuals fell to 3.6 minutes, with an 80% success rate and conservatively estimated annual savings of $400,000. 
The second UK corporate offence of failing to prevent a crime committed by an associated person has just been introduced by the Criminal Finances Act 2017, covering facilitation of tax evasion and following in the tracks of the similar UK Bribery Act 2010 offence.
Most corporates would agree that aiming to prevent associates from committing crimes within the business is the right thing to do, and that the defences of having adequate procedures (for the UKBA) or reasonable procedures in all the circumstances (for the CFA) appear sensible. So this approach could provide a sound solution to the problem of corporate criminal liability. It should, however, be used with caution.