In this issue, we look at important regulatory developments in the areas of data protection, financial market regulation and money laundering prevention. The data protection supervisory authority is launching a consultation on AI applications, while the EBA is presenting new guidelines on product governance and third-party risks. BaFin also updates its list of countries for combating money laundering – with direct consequences for practice.
Table of Contents
- Data protection supervision: BfDI launches consultation on data protection challenges posed by AI models
- EBA consultation: Revision of the guidelines on product governance in retail banking
- Third-party risks outside ICT: EBA launches consultation on new guidelines
- BaFin updates country list for money laundering prevention
- Now receive the most important compliance reports every week free of charge
- Would you like to be up to date every day?
Data protection supervision: BfDI launches consultation on data protection challenges posed by AI models
Applicable for:
Data protection officers, developers of AI systems, data controllers, IT and compliance departments in data-processing organizations
The Federal Commissioner for Data Protection and Freedom of Information (BfDI) has launched a consultation process on data protection issues relating to the use of AI models. Among other things, this concerns the legal admissibility of the processing of personal data by AI, compatibility with the principles of the GDPR, transparency obligations and the protection of data subjects’ rights. The results of the consultation are to be incorporated into the future interpretation and application of data protection law in the AI context.
Measures required:
- Review existing AI applications for GDPR compliance, in particular with regard to data minimization, purpose limitation and lawfulness of processing
- Establishment of internal assessment procedures for new AI applications with the involvement of data protection, IT and specialist departments
- Training development teams and data protection coordinators on the specific GDPR risks when using AI
EBA consultation: Revision of the guidelines on product governance in retail banking
Applicable for:
Product managers in retail banking, compliance officers, sales management, internal audit, senior management of credit institutions
The European Banking Authority (EBA) has published a draft revision of its guidelines on product supervision and governance in retail banking. The aim is to focus more strongly on the needs of consumers, define the target market more precisely and improve product monitoring over the entire life cycle. Particularly vulnerable customer groups are to be given greater consideration.
Measures required:
- Revise product development and approval processes, taking risk-based governance requirements into account
- Adaptation of target market definitions and monitoring criteria for existing and new products
- Training of relevant employees in sales and product management with regard to the new EBA requirements
Third-party risks outside ICT: EBA launches consultation on new guidelines
Applicable for:
Risk management, outsourcing and service provider management, internal audit, compliance officers in financial institutions
The EBA has launched a consultation on guidelines for the management of third party risks that are not covered by the DORA Regulation for ICT service providers. The planned guidelines relate in particular to physical services (e.g. facility management, consulting, logistics) and are aimed at standardized practices for risk identification, assessment and monitoring of such relationships.
Measures required:
- Expansion of the outsourcing directory to include non-ICT-related third parties
- Introduction of risk-based due diligence checks and ongoing monitoring obligations for all service providers
- Adaptation of internal guidelines for third-party management and sensitization of responsible departments
BaFin updates country list for money laundering prevention
Applicable for:
Money laundering officers, AML compliance, financial institutions, payment service providers, insurance companies
BaFin has published a new version of the country list, which includes high-risk countries and countries with strategic deficits in the area of anti-money laundering. The list is based on the current FATF assessment and has a direct impact on the due diligence obligations for business relationships with customers from these countries.
Measures required:
- Updating internal lists and parameters in AML systems
- Increased due diligence obligations for transactions relating to listed high-risk countries
- Inform relevant specialist departments about the changed country situation
Now receive the most important compliance reports every week free of charge
Many compliance officers already use our free service and receive the most important news from the areas of compliance, money laundering prevention, data protection and IT security. We provide a weekly overview of the most important reports and categorize them.
Subscribe now free of charge.
Would you like to be up to date every day?
Our legal rights monitoring software gives you access to all notifications and allows you to filter them by relevance, type and area. You can create and download summaries. Get in touch with us.
We wish you a successful week.
Your Riscreen team