On 17 July 2019 the General Inspector of Financial Information (GIIF) published Poland’s first AML/CFT National Risk Assessment. This document of nearly 450 pages was prepared pursuant to the new Anti Money Laundering and Counter Financing of Terrorism Act, which introduced regulations requiring GIIF to prepare a national assessment and update it periodically.
Cybersecurity Protocol for International Arbitration: Three international organisations—ICCA, the New York City Bar Association and CPR—are introducing best practice in protecting against cyber threats.
Cybersecurity is a particularly important element of the legal sector, including international arbitration. Digital exchange of information in arbitration proceedings involves, among other things, sensitive data of the participants in the proceedings, including the parties, arbitrators and arbitration institutions.
Failure to protect the exchange of information in cyberspace may result in leaking of sensitive information and abuse of confidential data by third parties. This can result in economic loss, damage to the reputation of the participants, as well as violation of the principle of fairness of the proceedings and the independence of arbitrators.
The EU reform of the payment services sector is now entering the last straightaway. One of the key changes launched by adoption of the revised Payment Services Directive (PSD2) was introduction of new types of payment services which require access to the user’s payment account using a type of interface defined in the regulations. The duties connected with such access rest on the providers operating the accounts, which have a choice between creating a dedicated “application programming interface” (API) or upgrading their existing user interface system. Both solutions are to a certain extent linked with the earlier known and controversial method of screen scraping.
What is screen scraping?
Screen scraping is automated harvesting by a computer program of data presented in visual form, usually not adapted for machine reading. The data obtained in this way may derive from various sources, such as websites displayed by a browser, computer programs, or mobile applications.
When hackers exploited vulnerability due to software not being updated at a US credit agency, important data of millions of customers in the US, Canada, and the UK were leaked. The US federal authorities have launched an investigation that could lead to millions in fines. Bosses at the firm were questioned in a congressional hearing and the agency is facing the largest class action in US history. This sounds like the plot of a financial thriller, but the Equifax case did in fact happen and is a lesson for the future.
Apart from disrupting business activity, causing financial losses, and damaging a firm’s image, hacking can also lead to severe fines for failing to comply with personal data protection or cybersecurity regulations. Businesses which are victims of cybercrime might also be liable towards customers and employees for loss or leaking of important data. Compensatory liability is also possible under Polish law in cases of this kind, and may affect anyone. Cybersecurity reports show that approximately three quarters of businesses have experienced a cybersecurity incident of some kind, and these statistics are unlikely to fall in the near future. Former FBI director Robert Mueller summed up this situation well, saying “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again”.
The Global Legal Hackathon last weekend (23–25 February 2018) offered an excellent opportunity to grasp the potential that can be released from cooperation between lawyers and IT specialists. Legal Tech solutions are more than just technological novelties. They are solutions that can protect our legal system against a serious crisis.
The City of London Corporation announced in October 2017 that it would establish a new court in London for dealing with cybercrimes. This will reaffirm London’s status as a world financial centre and the best place to run businesses and solve disputes. Other states are also considering establishing such courts. In our view, Poland should not fall behind and should set one up too.
Our firm has seen an increase in cybercrime litigation cases, particularly over the last two years. Examples are: manipulating e-mail correspondence in order to change the details of transfers of funds, phishing, security breaches in servers and theft of confidential data, attacks on devices connected to the internet, malware, thefts of cryptocurrencies on deposit with cryptocurrency exchanges and public wallets, and fraudulent operations of algorithms on various websites.