Queen’s Speech 2022 and Compliance

What the UK government has planned for compliance

It’s a bumper Queen’s Speech, with a raft of measures which will affect compliance departments. Chiefly is the long-awaited overhaul of GDPR in the UK and reform of the Audit sector. Companies House role is also expanding, and modern slavery reporting is to be strengthened. So there is plenty in this Queen’s Speech for compliance departments to think about. 

We will be tracking all these new rules, alongside existing legislation, consultations, and events on the horizon, in our monthly regulatory agenda.

Key compliance areas affected:

  • GDPR and data protection
  • Modern slavery
  • Sanctions
  • Client onboarding and due diligence
  • Competition law
  • Financial services
  • Audit and accounting

Data Reform Bill

The UK looks on course to radically alter GDPR with the Data Reform Bill announced in the Queen’s Speech. This bill will implement the government’s proposals we’ve covered previously, which will essentially re-orientate data protection toward encouraging businesses to make the most of the data they hold and reduce the regulatory burden of using data.

There is concern from some quarters however that changes to UK GDPR will negatively impact human rights. The ICO has outlined a number of issues within the proposed reforms, including making it easier for the press to publish individual’s personal details over and above their right to privacy, and severely reduce the ICO’s ability to hold to account public authorities’ use of personal data.

Regardless of concerns, the government is keen to go ahead with the Data Reform Bill, given its prominent inclusion in the Queen’s Speech. Whether this affects the UK’s adequacy decision from the EU remains to be seen, which is one reason the government is likely to get these reforms in place and working before the adequacy decision is up for renewal in 2025.

Modern Slavery Bill

The government will bring forward measures to strengthen the requirements on businesses with a turnover of £36 million or more to publish an annual modern slavery statement. This statement requires them to set out steps taken to prevent modern slavery in their operations and supply chains. 

The changes will focus on mandating the reporting areas to be covered in modern slavery statements, and companies will be required to publish their statements on a government-run registry. This will be extended to public companies as well, and civil penalties will be introduced for the first time against companies who do not comply.

This bill builds upon the government’s modern slavery statement registry, which was launched in March 2021. That registry encouraged companies to submit on a voluntary basis, whereas submission will now be made mandatory. 

Economic Crime and Corporate Transparency Bill

Following on from promised additions to the sanctions regime, this new bill will expand the remit of Companies House. The powers of the Registrar of Companies will be broadened so they become a more active gatekeeper over company creation and custodian of more reliable data, including new powers to check, remove or decline information submitted to, or already on, the Company Register. 

Companies House will also have increased investigation and enforcement powers, and will be better able to cross-check data with other public and private sector bodies. 

There will be a new identity verification requirement for people who manage, own and control companies and other UK registered entities. This requirement is aimed at improving the accuracy of Companies House data, to support business decisions and law enforcement investigations.

There will also be new regulation around crypto assets, creating powers to more quickly and easily seize and recover crypto assets. The creation of a civil forfeiture power will mitigate the risk posed by those who cannot be criminally prosecuted but use their funds to further criminality. 

Financial Services and Markets Bill

Significantly, the government will revoke retained EU law on financial services and replace it with UK legislation to regulate the UK’s capital markets and financial services. The government will also remove restrictions on trading in wholesale markets which will benefit around 3,200 investment firms in the UK.

Digital Markets, Competition and Consumer Bill

The role of the Competition and Markets Authority will be strengthened, with new powers to decide for itself when consumer law has been broken, and to issue monetary penalties for those breaches. 

There will be a crackdown on fake reviewers, and there will be new rules to create new competition rules for digital markets and the largest digital firms. The CMA will also be empowered to take swift action when it sees competition is under threat. 

Electronic Trade Documents Bill 

This will do away with the need for wet ink signatures internationally. 

Audit Reform Bill

The government is finally moving ahead with the long-awaited reform of the audit sector, with the establishment of a new statutory regulator, the Audit, Reporting and Governance Authority, that will protect and promote the interests of investors and other users of corporate reporting.

The new regulator will have powers to enforce directors’ financial reporting duties, to supervise corporate reporting, and to oversee and regulate the accountancy and actuarial professions. 

This bill is aimed at increasing competition in the audit market by supporting the growth of challenger firms to reduce the dominance of the largest audit firms, giving businesses greater choice and making the market more resilient. In the last 30 years, the number of audit firms has halved from eight to four. In 2020, every company in the FTSE 100 and 91 per cent of the FTSE 250 were audited by one of the four largest audit firms. 

The regulation of Insolvency Practitioners will also be reformed to give greater confidence to creditors and strengthen corporate governance of firms in or approaching insolvency so that ‘asset stripping’ can be more effectively tackled. 

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.