The 25th May 2018 was a watershed moment for an individual’s personal data for citizens of the EU and in jurisdictions which have equivalence in their data protection under an “adequacy ruling” following the coming into force of the EU General Data Protection Regulations.
The coming into force of these new regulations coincided with the publication on 21st May 2018 by the House of Commons Foreign Affairs Committee of its report “Moscow’s Gold: Russian Corruption in the UK”. Among the recommendations coming out of this report was that it was a matter of national security for the UK and that the UK Government should take grater action in respect of the British Overseas Territories and Crown Dependencies to push towards having publicly accessible beneficial ownership registers given they were considered as routes for money laundering.
In the same week we have therefore seen significant legislation being passed which affords individuals rights to privacy about them and yet the UK Government (as well as other jurisdictions or supra-national bodies such as the EU) is pushing for ever greater transparency with publicly accessible registers for companies and structures such as Trusts. So how can we balance the needs for transparency whilst respecting the rights of our clients to privacy and confidentiality?
Trust and company service providers (“TCSP”) have been dealing with this question for many years, particularly as regulation and legislation has evolved. This is very much the case for a regulated TCSP such as Fiduchi.
Even before the introduction of anti-money laundering legislation in Jersey in the late 1990s and release of the Handbook for the Prevention and Detection of Money Laundering and the Financing of Terrorism in 2008 alongside the evolving regulation of the trust industry, we have had to balance the privacy of our clients and their data and being able to meet these legislative and regulatory obligations. Geoff Cook from Jersey Finance recently highlighted this balance and Jersey’s approach in his article, where he discussed privacy, the fact that the fact that beneficial ownership information has been retained on a central register in Jersey since 1989 where such information has been (and remains today) available to law enforcement and other relevant authorities where necessary and that clients will use a jurisdiction such as Jersey simply for confidentiality reasons in terms of personal safety, rather than for any tax reason.
In the most part clients should be rest assured that their data should be secure. The requirements of previous data protection legislation and regulatory obligations required that appropriate measures and controls were implemented to ensure that client data was kept confidential. The introduction of the new data protection legislation reinforces those already existing obligations.
Only where a legal and or regulatory obligation has existed would client information be or have been shared with the relevant competent authority. Where information is or has been shared with the Companies Registry (such as was the case in 2017 with the revision to the Jersey Beneficial Ownership filing regime) this is done on the basis that the information is held privately, subject to the same legal or regulatory caveat.
TCSPs such as Fiduchi should always be open and transparent with clients and inform them of any potential change in how their data may be processed and handled, subject to obligations arising under relevant AML / CFT legislation.
Importantly firms will and should be investing in their systems to ensure data security and to minimise the possibilities of cyber events happening. Whilst such events cannot necessarily be 100% protected against, regulated TCSPs will be expected to have in place robust measures and controls, including policies and procedures. Many will look to achieve a relevant accreditation such as Cyber Essentials Plus (regulation may require this in due course) and as regulators interact more with regulated entities through application programming interfaces this will reinforce this need.
Recent years has seen FATCA, CRS, Beneficial Ownership disclosure driving the transparency agenda and increasing the need for data sharing and the future will only see this continue. Already coming are the UK Trust register or UK Real Estate Property Ownership Register, in Jersey the Register of Directors and the EU is continuing its drive to greater transparency with the next rounds of their AML Directive being considered.
As future information requirements are identified, so we will look to engage with clients and their advisors as much as we are able, or legislation and regulations allow. Most of all we hope that our balanced approach to data can continue just as Jersey’s balanced approach to data and transparency continues. Your data is very important to us and will always be, and through all these changes that is a constant that does not change.