Security & Fraud

As GDPR Entrenches, Some Regulators Seek Exemptions

Just a few weeks in, the data privacy law that has just taken root in the European Union already has some regulators seeking exemptions around the globe.

As noted last week, some regulators, spanning the United Kingdom, North America and Asia, are seeking those exemptions as they contend that the General Data Protection Regulation (GDPR) could stymie cross-border law enforcement actions that focus on fraud and manipulations of markets.

Pertaining to investigations, the regulation – which took effect on May 25 – places restrictions on the data that can be shared internationally in the “public interest.” The language is open to interpretation, so regulators in those aforementioned geographies are looking for an “administrative arrangement” that would dictate how an exemption might be applied to cross-border sharing.

The regulatory bodies span the EU’s European Securities and Markets Authority (ESMA), the Securities and Exchange Commission (SEC), the U.S. Commodity Futures Trading Commission (CFTC), the Ontario Securities Commission (OSC), the Japan Financial Services Agency (FSA) and Britain’s Financial Conduct Authority (FCA).

Addressing at least some of those concerns, Christian Wigand, a spokesman for the European Commission, stated that data sharing between countries located both within and outside of the EU would be ensured under GDPR.

Equifax Reaches Deal on Breach With Eight States 

In company-specific news, Equifax has struck an agreement with banking regulators across eight states that would bolster the firm’s security measures. The agreement allows the company to sidestep fines that would otherwise have been assessed in the wake of the data breach that impacted as many as 145 million individuals. The data included addresses, Social Security numbers and other details.

Under the terms of the agreement – with states including New York, North Carolina, Texas and Maine, along with Georgia and Alabama – the company has to institute assessments of cyber threats and boost ongoing efforts to fix vulnerabilities. Thus far, costs incurred by Equifax have topped $68 million in the first quarter, cumulatively exceeding $242 million. Another $275 million in future costs are predicted to be incurred.

The regulatory landscape has reached beyond the confines of data privacy, of course. Perhaps unsurprisingly, regulatory efforts have also targeted cryptocurrencies. The marquee name here is bitcoin – in some respects a poster child for the space, it has dipped to a price level below $5,800.

There have been hacks in the recent past, of course, with two exchanges in South Korea having been targeted in the last several weeks. In Japan, the country’s financial regulatory body has stated that there must be “business improvements” amid the six licensed cryptocurrency exchanges that are currently operating, with the order coming in the wake of on-site inspections within the last few months, as noted tin CoinDesk and other venues.

The Financial Services Agency stated that the exchanges, such as bitFlyer, Bitbank and Bitpoint, boost internal auditing and other operations. Among those exchanges, bitFlyer said at the end of last week that it had stopped accepting new customers – at least temporarily – in order to take time to identify “certain” extant customers.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.