Regular readers of my column will know I have serious misgivings about the island’s financial sector regulator. I do not consider it regulates in the correct way. My view is that it is too keen on registered entities producing handbooks, procedure sheets and checklists, while being weak on actual preventative measures. I have never been convinced about the methodology adopted by the regulator to measure compliance.  

My readers may also be aware that I have represented numerous financial bodies in disputes with the regulator with successful outcomes. The outcomes have been successful because the Royal Court has viewed the approach by the regulator in the same way in which I assessed the approach, and has, in the past, delivered public judgments stating the regulator had acted unreasonably.   

Pictured: The JFSC confirmed that the vulnerability in the system dates back to 2021 when the registry was implemented.

The finance industry would benefit from a large-scale dispute with the regulator to be heard by the Royal Court again to properly air the problems which I think exist and have the court issue a decision which could pave the way to better regulation practices. To be clear, it is not just me that considers there are serious issues because a lot of my clients in the finance industry complain to me about the JFSC, but are simply too scared to publicly criticise the regulator. The fact that that fear exists is also concerning. 

However, back to the JFSC’s data failing.  

In my view, an independent review needs to be carried out of the regulator and its own policies and procedures as well as the regulators checks and balances to test and check its policies and procedures. When the JFSC is concerned about an entity and its compliance ability, it often requires the entity to instruct and pay for an independent firm to carry out a review of the entity's procedures and then produce a report for the JFSC. The entity has to pay for that work to be carried out.Further, the JFSC now has the ability to fine entities for non-compliance.  

But, who fines the JFSC as a result of this very serious data breach? Who will pay for the independent body to supervise, investigate and report on the regulator’s procedures? Clearly the JFSC will pay, but will that cost simply be passed to the industry members? 

My view is that an urgent investigation needs to take place. Furthermore, the regulator must find a way of funding that without it having any effect on the members and the large fees they pay to the regulator each year for registration. In other words, the JFSC must find the money from its own budget and make appropriate cuts if there is insufficient in the kitty. 

It is important to lead from the top and a serious data breach must be urgently remedied by the regulator, with strong policies and procedures in place to ensure it does not happen again, and any costs occasioned by possible failures must not be passed onto the entities it regulates. 

This article first appeared in Connect Magazine – read the digital edition for FREE by clicking here.

READ MORE...

Data watchdog investigating JFSC breach of 67k people's private info

Nearly 67k individuals' private data breached due to JFSC system flaw