SCL Event Report: Foundations of IT Law Programme – An Introduction to Regulated Environments

July 18, 2017

The event started with the Chair, David Berry, Senior Associate at
Stephenson Harwood, highlighting the fact that, while the majority of
industries have to comply with generally applicable regulations, eg data
protection and health and safety, there are specific industries that also have an
additional level of regulation and complexity to comply with. Examples of such
industries included those in the financial services, telecoms and the public
sector, which is what the speakers would be discussing.

Chris Hill, Commercial Technology Partner and Fintech Lead at Kemp
Little, kicked off the session talking us through financial services by
emphasising that it is European legislation that has been the driver in the
current regulatory landscape we have today. How this will change post Brexit is
unclear. While Chris highlighted the key legislation and bodies involved in our
financial regulatory environment such as FMSA and the EBA, Chris advised that
the UK has a ‘twin peaks’ model of supervision of financial firms, with the FCA
responsible for conduct and the PRA responsible for prudential supervision.
Chris emphasised that the purpose of financial regulation was primarily to:

  • prevent financial skulduggery;
  • protect consumers;
  • ensure a level playing field for competition
    and innovation; and
  • protect the financial system.

Chris concluded that the regulatory landscape in financial services
impacts IT in a significant way, as this sector is a large user of IT and
outsourcing services. This use looks set to increase with the new initiatives
such as Fintech, emoney, cryptocurrency and mobile wallets.

Neil Brown, Managing Director of decoded:Legal, started his section off
with two videos. One was of a traditional Mobile Virtual Network Operator (MVNO)
advertising its mobile services to consumers. The second was an over-the-top
operator called Vyber, where users of the same app could talk to each other
over the internet. What was interesting from this presentation was that the
MVNO would have a significant amount of regulation to comply with, whereas, the
over-the-top provider would have barely any, other than the generally
applicable regulations. As well as covering the myriad of telecoms regulations,
Neil also spoke about the Universal Service Directive requiring access to a
basic level of service from large metropolises to rural farmlands, which can
present a number of logistical challenges.

Mark Lumley, Partner at Shulmans, then highlighted a relatively
under-invested and often overlooked area of regulation which is infrastructure
security. Mark talked about some of the logistics companies, manufacturing
industries and public sector bodies that set up processes and infrastructure
many years ago, which were created without security at their core. As a result,
some of the legacy systems and processes that are in place today are incredibly
vulnerable. Some of the UK’s core infrastructure in particular could be prone
to the ever increasing cyber-attacks, which could have a knock-on effect on
other industries trading and working with such companies and bodies.

What was clear from the talks is that those working in these heavily
regulated industries face significant obstacles when trying to grow their
business in comparison to some of these new companies entering the market using
different methods, eg some Fintech companies and over the top communications
providers. However, as the regulations are increasing in scope and reach, it
will not be long until some of these new providers are either caught by existing
regulations or new regulations are set up to govern their services.

David Berry is a Senior Associate in Stephenson Harwood’s Commercial,
Outsourcing and Technology team.