back to article FCA 'gold-plates' EU rule, hits BYOD across entire UK finance sector

The UK's Financial Conduct Authority has quietly transposed an EU rule without including a crucial bit of detail, thus effectively banning BYOD policies in all financial services organisations across Blighty. The UK version of the rule, which came into force on January 3, prohibits any business regulated by the FCA from …

  1. Gomez Adams

    Text: "Coming for a pint?"

    Text: "Ok?"

    In pub: "Have you heard about Going Under plc?"

    :/

    1. Anonymous Coward
      Anonymous Coward

      Priceless

      Give it to the UK for screwing up written English.

  2. Anonymous Coward
    Anonymous Coward

    It does state reasonable steps - another lovely grey area weasel word inserted into a law - so that could be a company policy stating the fact that no-one is allowed to do this and any breach will be considered gross misconduct, rather than blocking all possible means on a user's personal device (impossible without taking over the device).

    1. jhth

      Big Firms will do this,

      Smaller firms rely on personal equipment for employees.

      To comply a firm of say 10 staff will need Good mail (no web access to company mail/files so practicably 0365/Gmail is out) or a Corporate Mobile contract with Mobile Device Management for app install & sandboxing and Web control to prevent web access, archiving of stuff for 5 years plus a nerd to do it all.

      That will cost a fortune either way.

      The regulations are meant to be reducing the barriers to entry to foster competition and innovation. This forces it all back to the too big to fail brigade.

      J/.

    2. jhth

      That's how most big firms, unless they (used to) have a BYOD strategy would do it.

      However smaller firms who are also bound by the SYSC rules will also need to ban personal mobiles, open a corporate smartphone account, sort out a full Mobile Device Management setup and content firewall as well as doing full recording and archiving for 5 years.

      That would cost a fortune if you can actually do that, and despite the image of "financiers" (most of whom work for large franchise firms not small ones), there isn't a whole load of money around to do that sort of thing.

      The whole EU strategy is to make finance a lower cost industry with a level playing field to create innovation and competition. This sort of thing prices the innovation and competition out of the market and strengthens the too big to fail firms.

      1. Mark 65

        I can't see how you can ban someone from bringing their own phone to work. If they need to be able to make private calls after they leave the office WTF are they supposed to do? I also cannot see it happening as I think you would be on legally very shaky ground if you completely banned employees having personal mobile phones without replacing that with a corporate mobile phone and that gets very expensive very quickly as you then cannot ban private calls as you foisted this need upon them. Justifiable for traders, not so much for some base grade non-trading floor admin bod. Grab the pop-corn, this will be fun.

        1. eldakka

          > I can't see how you can ban someone from bringing their own phone to work. If they need to be able to make private calls after they leave the office WTF are they supposed to do?

          I've worked for organisations and at specific locations where exactly this situation occurs. In the entrance lobby are little lockers where you lock up your private phone (or any other no-no devices - cameras) before entering and retrieve it from when leaving the building/area.

  3. Adrian Harvey
    Headmaster

    Pedant here....

    From the article : "privately-owned equipment which the firm is unable to record or copy"

    Putting on my pedantic hat here, doesn't the law only disallow equipment which is BOTH privately owned AND which the firm is unable to record or copy. In other words company owned, but the firm is unable to record is ok, as is privately owned, but recordable (say, through BYOD software add-ons)

    Might not be what they meant, but it is what they wrote...

    1. lglethal Silver badge
      Go

      Re: Pedant here....

      Yes, you're right in once sense, but I can imaqgine you would be screwed massively by privacy legislation if you demanded that someone allow all telephone calls on their private phone to be recorded by the company.

      Are you willing to let your company copy and record every communication with your private phone, I know exactly what my answer to my boss would be if he demanded that, rhymes with Luck Toff...

      1. Charles 9

        Re: Pedant here....

        To which the boss would reply, since this is now a legal mandate, the mandated replies would be F you back and YNWITIA.

      2. Anonymous Coward
        Anonymous Coward

        Re: Pedant here....

        Are you willing to let your company copy and record every communication with your private phone, I know exactly what my answer to my boss would be if he demanded that, rhymes with Luck Toff...

        Then don't use your private phone for business activity. If you do, there is always a risk that your employer wants you to do something with it which you arent comfortable with.

        1. Gordon 10

          Re: Pedant here....

          Or just make sure that all the work stuff is in a secured partition that work can log and remote wipe. Good or the vanilla iOS solution is fine. Vanilla iOS is far superiorly integrated imo.

    2. IWVC

      Re: Pedant here....

      2 further points.

      1) A Directive is binding on all Member States but has to be implemented by national law. So (before Brexit is completed at least) companies who comply with the Directive but not the stricter UK interpretation could appeal to the EU Courts?

      2) Each directive is published in all the 24 official languages of the EU so your interpretation of the phrase needs to be checked in the other 23.....

      (not a joke, many years ago I was dealing with directives on vehicle standards and one had different calculations of a critical dimension in the English, French and German translations - they were all different. The Commission's response to my unofficial query was that all languages are equal in the legal sense so you could approve to whichever language text suited you! A correction was later issued.)

    3. jhth

      Re: Pedant here....

      That's caught by a different rule (SYSC9) which isn't really coherent with the Call Recording rule (SYSC10.1A). But does say you should record everything and keep it for 5 years

      The best bit is the guidance to the Retention rule....

      "Subject to any other record-keeping rule in the Handbook, the records required under the Handbook should be capable of being reproduced in the English language on paper.

      Where a firm is required to retain a record of a communication that was not made in the English language, it may retain it in that language. However, it should be able to provide a translation on request. "

    4. Cuddles

      Re: Pedant here....

      "In other words company owned, but the firm is unable to record is ok"

      Not if you read the previous paragraph in the handbook:

      "A firm must take all reasonable steps to record telephone conversations, and keep a copy of electronic communications, that relate to the activities in financial instruments referred to in SYSC 10A.1.1R(2) (and that are not excluded by SYSC 10A.1.4R), and that are made with, sent from, or received on, equipment:

      (1) provided by the firm to an employee or contractor; or

      (2) the use of which by an employee or contractor has been accepted or permitted by the firm."

      It pretty much covers all bases - the firm must record everything* regardless of what device is used, and must also prevent privately owned devices being used unless that recording is possible. So company owned but unable to record is not OK, while privately owned and recordable is fine. Of course, the latter is impossible as noted in the article, hence effectively being a complete ban on BYOD.

      * Depending on exactly how the weaselly "reasonable steps" part is interpreted.

  4. James 51
    Gimp

    Wow, this is going from taking back control and stepping in to the relm of (see icon).

  5. Warm Braw

    Rights conflict?

    Given that there have been previous court decisions confirming that employees both have a general right not to be monitored and recorded and to make and receive personal calls necessary for their family life this could presumably create some confusion. Any restrictions would have to be necessary and proportionate and if they exceed those required by the EU directive, presumably that would bring their necessity and proportionality into question?

    Having said that, we all managed to function perfectly well in the days before mobile phones...

    1. Anonymous Coward
      Anonymous Coward

      Re: Rights conflict?

      "Given that there have been previous court decisions confirming that employees both have a general right not to be monitored and recorded and to make and receive personal calls necessary for their family life this could presumably create some confusion"

      Not true.

      For starters,in the financial sector they have specific laws requiring calls etc to be monitored. This trumps other parts.

      You don't also don't have the "right" not to be monitored. What is in place is a) you have to be informed, there has to be provision to avoid this. e.g. the ability to use a phone that isn't monitored, or time to use your own mobile and b) It also has to be reasonable and relevant to the job, for example. it is reasonable to monitor phone calls, as that is direct customer facing. However, much harder to argue you are monitoring the warehouse staff calls, unless you suspect thing such as foul play, but again they still need provisions in a).

      However GDPR is throwing the 2nd part into more confusion, as there is far more onus on consumer rights, so just recording, say 1 in 10 calls for quality, will not be enough.

    2. Anonymous Coward
      Anonymous Coward

      Re: Rights conflict?

      Given that there have been previous court decisions confirming that employees both have a general right not to be monitored and recorded

      Can you cite any of these?

      As a general rule of thumb, most organisations have a warning banner which says words to the effect of "use of this asset is monitored etc." There should be no expectation of privacy when using a corporate asset. This is important for lots of reasons, regulatory compliance is just one of many.

      The problem with BYOD is that the reasons still exist but the ownership changes that expectation of privacy.

      In the spirit of the law, however, it is worth considering - would you want a fraudulent financial sales team to be let off simply because they used their own phones to defraud people so no evidence was retained?

      1. Anonymous Coward
        Anonymous Coward

        Re: Rights conflict?

        > Can you cite any of these?

        https://www.theregister.co.uk/2017/09/06/human_rights_court_limits_workplace_surveillance/

        ^ Would be a starting point. It doesn't say you can't do it, but it does state that it has to be as limited and non-invasive as possible.

        1. Anonymous Coward
          Anonymous Coward

          Re: Rights conflict?

          > Can you cite any of these?

          https://www.theregister.co.uk/2017/09/06/human_rights_court_limits_workplace_surveillance/

          ^ Would be a starting point. It doesn't say you can't do it, but it does state that it has to be as limited and non-invasive as possible.

          Very valid point but there are two issues:

          1) The article highlights that the main problem was that "He claimed he had not been properly informed about communication monitoring." - Hence the numerous login banners and the like which state words to the effect of "continued use of this asset means consent to monitoring"

          2) The judgement itself doesn't really state that employee behaviour can't be monitored, it is just that it needs to be appropriate and informed. The key bit for this issue is that if you say "we will record your calls because we have to in order that we can comply with $law" the only real alternative is to "use your personal device for personal calls and work device for work calls."

    3. Doctor Syntax Silver badge

      Re: Rights conflict?

      "Having said that, we all managed to function perfectly well in the days before mobile phones."

      By using the employer's phone which might be being recorded.

  6. Dwarf

    Mobile devices

    So that would apply to everyone's private mobile phones too then given that they can do Voice, Text, E-mail, video calling etc.

    How 1980's

  7. Joe Harrison

    More than that

    This is just one item in the new regs. There is a lot more. One of the most significant is EU individuals (i.e. you) are now effectively banned from buying all sorts of non-EU financial instruments. You're not actually banned but you have to comply with conditions you can't comply with. For example US Treasuries, very popular as a low-risk not-sterling investment, last month I could buy them now I can't.

  8. Anonymous Coward
    Anonymous Coward

    Can you still send letters and pass post it notes?

    I can see a lot of employee facebook groups disappearing.

    1. Anonymous Coward
      Anonymous Coward

      I can see a lot of employee facebook groups disappearing.

      You may have just fingered one of then big boy organisations that will fight this.

  9. Natalie Gritpants

    Self employed and BYOD

    Not sure it's possible to have BYOD when you are BeingYourOwnCorporation.

    1. Naselus

      Re: Self employed and BYOD

      Set up a ltd so that YouTheCompany and YouThePerson are legally separate entities. You'll likely save on tax that way anyway.

      1. Doctor Syntax Silver badge

        Re: Self employed and BYOD

        "Set up a ltd so that YouTheCompany and YouThePerson are legally separate entities."

        Always a good idea. Case in point: a local bookshop owner died suddenly back in October. The shop is still closed and looks likely to be so for some time. He was a sole trader so all the stock was his personal property (unless on sale or return if that applied to any of it) and he died intestate. Nothing can be done until probate is sorted out and that's complicated.

        1. Yes Me Silver badge

          Re: Self employed and BYOD

          He was a sole trader so... Nothing can be done until probate is sorted out
          He probably didn't care. Not his problem.

          As for the main story, nobody does bureaucracy and compliance as well as the British. And for some reason we've always been the most zealous implementors of every EU rule. Why do I think it will get worse if Brexit proceeds?

          1. Lars Silver badge
            Happy

            Re: Self employed and BYOD

            "And for some reason we've always been the most zealous implementors of every EU rule".

            And the French are the very opposite. And to believe that you have to be British. It's quite a popular idea in more or less every EU country that we <inset country> stick to the rules while nobody else does it.

            Repeating bullshit year after year is how it's done, nothing new under the stars.

  10. Anonymous Coward
    Anonymous Coward

    Blocking WhatsApp, FaceTime, iMessage etc...

    ... not to mention actual old-school voice calls - meaning that the phone has no remaining usable function, except perhaps the FM radio and torch.

    If the objective is to prevent people sharing insider information (without being traced), I don't see how an anti-BYOD policy achieves this.

    You would also have to forbid your staff from *owning* or *using* any form of communication device, even out of the office. For example, having a landline at home, or using a public payphone or wifi hotspot, as well as carrying a personal mobile.

    1. Velv
      Headmaster

      Re: Blocking WhatsApp, FaceTime, iMessage etc...

      "except perhaps the FM radio and torch"

      Just the torch, not many come with the FM radio any more :(

      1. SkippyBing

        Re: Blocking WhatsApp, FaceTime, iMessage etc...

        'Just the torch, not many come with the FM radio any more :('

        I'm fairly sure you can use the torch to send Morse code so that's probably out too!

    2. Anonymous Coward
      Anonymous Coward

      Re: Blocking WhatsApp, FaceTime, iMessage etc...

      If the objective is to prevent people sharing insider information (without being traced), I don't see how an anti-BYOD policy achieves this.

      Don't let perfect be the enemy of good here. Yes it is still possible to do BadStuf but this makes it slightly harder. More importantly, it means anything done from the company phone number, with the company email address etc., is subject to scrutiny.

      This is largely customer protection. If sleazebag drone rings up potential investor and lies through their teeth, it is recorded and (hopefully) things can be done. If they have to call from the payphone the victim (or mark or target or conspirator take your pick) has a greater chance of thinking "hang on, this is odd."

      Nothing is perfect, evil people will circumvent any control. The idea is just to make it a bit harder each time...

      1. John Stirling

        Re: Blocking WhatsApp, FaceTime, iMessage etc...

        This is largely customer protection. If 'sleazebag drone rings up potential investor and lies through their teeth, it is recorded and (hopefully) things can be done. If they have to call from the payphone the victim (or mark or target or conspirator take your pick) has a greater chance of thinking "hang on, this is odd."

        Nothing is perfect, evil people will circumvent any control. The idea is just to make it a bit harder each time...'

        The problem with this is that actually the sleaze bags carry on, as the incentive is still sufficient to encourage them, and the disincentive of making it a bit more difficult is not sufficient to dissuade them.

        The cumulative cost of regulation now exceeds the cost of fraud before regulation existed.

        It is not possible to go back to the 'wild times', nor would one want to, but regulation does need a root and branch rethink about how to actually inconvenience the bad guys enough to make 'bad stuff' uneconomic without stopping legitimate activity completely.

  11. small and stupid

    Does this stuff apply to the non-financial everyday admin bits of the business? I mean, does BigBank have to be able to monitor the facilities manager arguing with the catering company about sandwiches ?

    What if theres a conglomerate, with one wing that sells consumer finance and another that sells holidays?

    1. <BLINK/>

      As long as you don't have access to any financial information.

    2. Doctor Syntax Silver badge

      "does BigBank have to be able to monitor the facilities manager arguing with the catering company about sandwiches ?"

      From TFA:

      A firm must take all reasonable steps to prevent an employee or contractor from making, sending, or receiving relevant telephone conversations and electronic communications on privately owned equipment which the firm is unable to record or copy.

      1. Mark 65

        Ex-ante, how do you know it's relevant? You don't, therefore you record everything save you breach the law by missing one.

  12. Anonymous Coward
    Anonymous Coward

    Surely decent MDM packages address this ?

    Installed on a personal device, and don't allow corporate and personal to mix ?

    Certainly "Good" allows this ?

    1. jhth

      Re: Surely decent MDM packages address this ?

      Bust costs a fortune (relatively), is difficult for non techs to install and maintain and doesn't hit up popular services like o365 & Gmail on which a lot of small financial firms rely.

      J/.

  13. }{amis}{
    Devil

    Cat pigeons rapid fluttering sounds

    Lol just forwarded to the company compliance dept.

  14. cantankerous swineherd

    seems like a good idea to me.

    1. tiggity Silver badge
      Meh

      @ cantankerous swineherd

      Indeed

      BYOD is bad in so many ways

      All sorts of nasties could get on the machine when it's out of the work environment (obv, could also happen in work env, but at least you can run good network separtion, firewall rules, blacklists etc.)

      Company issued kit (and ideally that kit taken off site / linked up mto any other networks only when absolutely necessary and when taht is going to happen flash it back to last known "safe" before network reattachment)

      On the plus side separate personal / work machine avoids (hopefully) any accidental slip of personal data.

      On a work machine you must assume nothing is private and so users should know better than to do anything that may release personal data (be that FB, twitter, through to typing up job application for a different employer) - if they do personal stuff on work machine then their fault.

      The BYOD approach always removes some level of ownership / control over your own PC, as (unless work is absolutely useless) requires instal;l of monitoring, anti intrusion etc software you would not necessarily want / need on your machine, and also other software (Word, excel, outlook on a work machine is one thing, no way are they going on my own machine)

      (aside: NOT looking forward to effects of meltdown patches on already performance crippling AV software)

      1. Mark 65

        You seem to be missing the most important device when considering BYOD and that is the humble mobile phone. Also, don't forget that there is BYOD as in "do work on your personal device" and BYOD as in "I've got my personal mobile with me".

  15. J4

    Not sure FCA rules say what you think

    While in general yes there is a distinction between 'firm' and 'investment firm' in the regs, if you look at the preamble to this section of the FCA handbook you will see they are defining 'firm' for this rule. It is restricted to certain types of regulated firms doing certain types of things, mostly large scale / institutional activities. It won't cover Mrs Miggins High Street IFA Emporium.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not sure FCA rules say what you think

      General question though: if the FCA interpretation of a directive leaves a UK company disadvantaged compared with, say, a Spanish firm, what easy/quick/reasonable comeback does that company have against the FCA or the officials who wrote the FCA implementation?

    2. jeffdyer

      Re: Not sure FCA rules say what you think

      The article states "all FCA regulated firms". This basically includes anyone giving financial advice to a member of the public, so likely yes, it would include most IFAs, unless they are cowboys.

      1. jhth

        Re: Not sure FCA rules say what you think

        IFA's can take full and contemporaneous written notes of phone calls however all other electronic communications musty be captured.

        "(1) a telephone conversation that would be subject to SYSC 10A.1.6R must be recorded instead using a written minute or note; and

        (2) the minute or note must include all relevant, and at least the following, information:

        (a) date and time of the conversation;

        (b) identity of the individual participants in the conversation;

        (c) initiator of the conversation; and

        (d) relevant information about the client order, including the price, volume, type of order and when it will be transmitted or executed.

      2. John Stirling

        Re: Not sure FCA rules say what you think

        Small IFA firms can be mifid exempt. Many of the rules still apply, but call recording is replaced with 'detailed notes of relevant conversations'.

  16. RB_

    The rules

    "Reasonable steps" here is about the protection of the firm against the actions of individuals. If a firm can demonstrate that it has policies, training, records of this etc it would be unreasonable of the regulator to fine a company because an individual, depsite all the training and obligations still went on to break the law.

    There is a lot of ethics and integrity training these days, not that it is visible to the wider world outside banking, and it frustrates us in IT when some ass clown in the front office has done something stupid again costing the bank millions of fines - it's our bonus up in smoke. Mind you I still think some of the regs make it easier to bash somebody that tried then slipped up, rather than someone taking the piss in the first place..

  17. philtodd

    Not that big a face plant is it?

    Surely the key words here are "RELEVANT telephone conversation", which would be reasonable to argue means between traders, sales people senior management etc. (recieving a lunch order in the canteen of X-Bank would certainly not be relevant as far as the regulator is concerned).

    The second set of key words are "UNABLE TO record or copy". If my company provided SIM card has phone calls and text messages recorded at the carrier level, then it wouldn't matter much if I'm using a company provided blackberry or a personally purchased iPhone as both would be recorded. Having a company policy forbidding other means of communication (whatsapp comes to mind) for business related communication closes the loop doesn't it?

    1. Mark 65

      Re: Not that big a face plant is it?

      Surely the key words here are "RELEVANT telephone conversation", which would be reasonable to argue means between traders, sales people senior management etc. (recieving a lunch order in the canteen of X-Bank would certainly not be relevant as far as the regulator is concerned).

      I work as a developer on desk X. I hear some really juicy price sensitive information that I then use to encourage trading by a 3rd party. That is clearly a relevant telephone conversation and not covered by your writing.

      Recording at the carrier level for a company provided SIM card is irrelevant if I have my own SIM card and phone.

      The regulation seems generally unenforceable especially given the need to cover any and all communication devices and methods a user could have access to.

  18. Anonymous Coward
    Anonymous Coward

    "EU Member States have large discretion when implementing EC directives – "gold-plating" means going above and beyond what a directive intends rather than contradicting it."

    I have an impression that some of the "EU" things that Brexiteers objected to - were actually Westminster "gold-plating".

    1. SkippyBing

      'I have an impression that some of the "EU" things that Brexiteers objected to - were actually Westminster "gold-plating".'

      I think you're probably right, although that does rather throw the fault for Brexit back at Westminster which is slightly ironic considering how pro-EU most of Westminster seems to be.

      What I find worrying is if the clowns in charge can't copy other people's legislation properly, how are they going to manage when they have to write it all themselves?!

      1. Anonymous Coward
        Anonymous Coward

        "[...] how are they going to manage when they have to write it all themselves?!"

        The next BREXIT issue vote in Parliament concerns non-EU trade agreements. It has been reported that Theresa May wants the power to amend any incorporated EU law - if a putative trading partner demands the change.

        Effectively it would be another unfettered "Henry VIII" power to degrade things like human rights and food safety provisions.

  19. Zippy's Sausage Factory
    Paris Hilton

    Yes, but...

    Isn't recording someone's phone calls without consent illegal under data protection legislation? So if you record any employee's private conversation without their consent, someone submits a data subject access request and they're not flagged as part of that conversation, then you now have two problems. Which will come back to bite you if they find out, and report you to the data protection people, of course...

    Now if it only has to be capable of recording every conversation, but only record work-related ones, how do you tell which is which?

    I see lawyers. Rich lawyers, walking around. They don't know they're about to get rich, yet...

    (Paris Hilton because I'm totally confused about this and I suspect she would be too.)

    1. RealBigAl

      Re: Yes, but...

      pretty much ever contract of employment I've seen in recent years requires consent to recording employee phone calls or accessing employee emails as a condition of employment.

  20. Nano nano

    Gold-plated foot-dragging

    The UK also has a reputation for foot-dragging in most environmental and rights legislation ...!

  21. Anonymous Coward
    Anonymous Coward

    So as well as incorporating assorted web/phone blocking technologies.....

    .....does this mean, I have to black out all the office windows as well to prevent someone sending morse code using the on phone flash?

    Just askin'

  22. Anonymous Coward
    Anonymous Coward

    Wouldn't this ban owning a personal phone entirely, rather than BYOD?

    Whether my personal phone is considered BYOD by the company or it is my own phone they don't know about, what stops me from using it to make a call or send a text message to a customer that then can't be recorded?

    Before you say "the company has a policy that you can't do that" well then the company could equally have a policy that you can only contact someone using company owned equipment or in ways that can be recorded. You'd be able to use a BYOD phone or personal phone to send/receive email via the company's corporate email because that can have records preserved. Even if you have a company owned phone, how exactly would it be recording all calls or saving all SMS messages? The calls would have to go through some sort of forwarding service that does the recording, and you'd either need some type of SMS proxy or just tell people "you can't use SMS for customer communication".

    BYOD is not the problem here.

  23. JamesJFoley

    Tut tut....

    Far be it from me to suggest that El Reg would seek to sensationalise anything, but I think this may be a case of not letting truth get in the way of a good story.

    Rather than 'effectively banning' BYOD from the financial services sector, the FCA are simply stating that if personal devices are used for business then the firm must be able to record business calls made or received on these devices.

    There are many solutions on the market for enabling call recording on personal mobile phones in a way that while business calls are recorded, personal calls remain private. BT, Daisy Group and many Vodafone resellers sell as service known as 'smartnumbers' as a way to securely record business calls made on personal devices. And solutions like smartnumbers don't require MDM/MAM or any other three-letter acronym to make work.

    Indeed, the FCA is simply reflecting the forthcoming GDPR regulations that expressly ban the recording of personal calls, whether these are made on company-provided or BYOD devices.

    So, to be clear, the FCA are not banning BYOD - they're simply saying that if personal devices are used then any business calls on these devices need to be recorded. And to comply with GDPR, firms also need to consider the corollary to this which is that no matter which type of device is used, businesses can ONLY record business calls, never personal calls. Which is a poke in the eye to the many firm who today provide call recording on corporate devices but which permit staff to also use these for personal use.

    Taking FCA and GDPR together this means that that, far from this regulation banning BYOD, they could be seen as advocates of BYOD as this is often the simplest and most cost-effective way to achieve both MiFID II and GDPR compliance.

  24. cortland

    Still allowed:

    http://www.londontypewriters.co.uk/wp-content/uploads/2015/04/Brother_Vintage_Manual_Typewriter-1.jpg

  25. Anonymous Coward
    Anonymous Coward

    No it doesn't...

    "The UK's Financial Conduct Authority has quietly transposed an EU rule without including a crucial bit of detail, thus effectively banning BYOD policies in all financial services organisations across Blighty"

    I'm afraid not. Read SYSC 10A.1.1, which sets out which firms the rules within that section apply to. They're only investment type/related firms.

  26. Ripper38
    Pirate

    ...what you're looking for is plausible deniability,

    I can just see a certain Simon T sharpening his pencil for a BYOD special.

  27. markinton

    Misinterpretation of the Rules

    I'm afraid this is a misreading of the FCA Handbook. Perhaps not "afraid" because I should be able to reassure everyone that this is not a massive blunder that no one in the financial services industry has spotted.

    The Rule quoted in the article (SYSC10A.1.7), along with the other rules applying the EU directive, can't be read in isolation. The handbook also includes an Application Rule, SYSC10A.1.1, which specifies the types of firms to which rules in that chapter of the handbook apply. This is typical of most chapters of the handbook.

    Its more complicated than just MiFID firms, but it does just apply to investment firms.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon