In this issue, we look at three key developments: new EDPB guidelines on international data transfers to authorities in third countries, an ESMA working paper on the responsible use of large language models in the financial sector and the list of criteria for AI systems in the financial sector published by the BSI. These topics provide decisive impetus for data protection, RegTech and AI governance.
Inhalt
- EDPB publishes final guidelines on data transfers to authorities in third countries
- ESMA publishes working document on the responsible use of LLMs in the financial sector
- BSI presents criteria catalog for AI systems in the financial sector
- Receive the most important compliance messages every week free of charge
EDPB publishes final guidelines on data transfers to authorities in third countries
Applicable for:
Data Protection Officers, compliance officers, international companies with data transfers to third countries, especially outside the EU.
The guidelines specify how data transfers to authorities in third countries are to be assessed in accordance with the GDPR. They provide a framework for the identification, analysis and documentation of such transfers and emphasize the duty of transparency, data minimization and risk assessment prior to disclosure.
Measures required:
- Review and adapt existing processes for data transfers to authorities outside the EU.
- Implement a documented risk analysis for each potential third country transfer.
- Update internal policies and training with regard to the new EDPB guidelines.
- Close coordination with data protection supervisory authorities in cases of doubt or legal uncertainty.
ESMA publishes working document on the responsible use of LLMs in the financial sector
Applicable for:
Financial institutions, RegTech developers, compliance and risk management departments, AI-related project managers in the financial services sector.
In its working paper, ESMA emphasizes the opportunities and risks of using large language models (LLMs) in the financial industry. The focus is on governance issues, transparency requirements and potential systemic risks. The authority advocates a controlled and gradual introduction, accompanied by regulatory monitoring.
Measures required:
- Establishment of internal governance structures to monitor LLM deployments within the company.
- Carrying out risk analyses and impact assessments before using generative AI.
- Implementation of transparency obligations, particularly in the interaction of LLMs with customers or in investment decisions.
- Monitoring regulatory developments at EU and national level for future requirements.
BSI presents criteria catalog for AI systems in the financial sector
Applicable for:
IT security officers, AI development teams, financial service providers, internal audit departments, compliance functions with a focus on technology use.
The catalog of criteria published by the German Federal Office for Information Security (BSI) is aimed at the IT security and trustworthiness of AI systems in the financial sector. It includes requirements for transparency, robustness, data quality and monitoring as well as specific specifications for high-risk AI applications.
Measures required:
- Evaluation of existing AI applications based on the BSI criteria and identification of gaps.
- Establishment of monitoring and documentation mechanisms for the secure operation of AI systems.
- Integration of the criteria catalog into the internal control system and product development processes.
- Preparation for possible audit requirements by supervisory authorities based on the new standards.
Receive the most important compliance messages every week free of charge
Many compliance officers already use our free service and receive the most important news from the areas of compliance, money laundering prevention, data protection and IT security. We provide a weekly overview of the most important reports and categorize them.
Subscribe now free of charge.
Would you like to be up to date every day?
Our legal rights monitoring software gives you access to all notifications and allows you to filter them by relevance, type and area. You can create and download summaries. Get in touch with us.
We wish you a successful week.
Your Riscreen team