The last decade has seen nearly constant change in compliance requirements. 2020 was no different, despite a global pandemic and a federal election. As we dive into 2021, we’ll see a continued focus on regulatory compliance, with new data privacy laws, financial regulations and deadlines on the horizon.
Businesses that step up to meet these standards will help restore customer trust and uncover new opportunities. Those that don’t will face steep penalties for non-compliance.
What should your organization do in 2021 to stay compliant? It starts with taking a hard look at your privacy policies and third party contracts.
We’ve written a guide exploring the top financial and data privacy compliance standards affecting US-based businesses this year and the changes they need to make in contracting processes to stay compliant. Below, we’ll give you a sneak peak of the top data privacy regulations and financial regulations to be aware of — read the full guide to determine what legislation applies to you and your contracts.
EU-US Privacy Shield
On July 16, 2020, the Court of Justice of the European Union (CJEU) struck out the Privacy Shield agreement that outlined data sharing between the EU and the US, a decision which made all data transfers based on this framework illegal.
The judgment, published in relation to a case known as Shrems II, declared that the Privacy Shield did not provide adequate surveillance protections to EU citizens. Just five years earlier, the Safe Harbor agreement between the EU and US was declared invalid on similar concerns around data protection laws (Schrems I), to be followed by the now invalidated EU-US Privacy Shield.
This new data protection ruling has left organizations scrambling to update their contracts to remove reference to the Privacy Shield and replace them with Standard Contractual Clauses (SCC) or Binding Corporate Rules (BCRs), if not already present. More than 5,000 US organizations were enrolled in the Privacy Shield, so many organizations are still working to amend data transfer practices and contracts.
The UK officially exited the European Union (EU) on January 31, 2020. Brexit has immediate implications for data transfers between the US and UK, as the GDPR will no longer apply to the UK. The current status of transfers is what some are calling a “three-way pileup,” with conflicts between the EU, the US, and the UK on how to handle data transfers.
How organizations react to Brexit will depend, in part, on the regulatory frameworks being developed between these countries. In some cases, sector specific frameworks are being instituted to provide clarity, such as the Markets in Financial Instruments Directive (MiFID) financial regulation in the UK.
2021 marks the end of an era for LIBOR (the London Interbank Offered Rate), a longtime lending benchmark that serves as the reference point for interest rates and other financial terms. The USD LIBOR is referenced in more than $200 trillion worth of contracts worldwide.
In December 2020, the ICE Benchmark Administration (IBA) threw a lifeline to US banks. The most frequently used index values for commercial and consumer lending transactions are now set to expire in June 2023: an 18-month reprieve from the original termination date of December 31, 2021. While the extension allows for a smoother transition, U.S. regulators are still urging financial institutions to discontinue entering into new contracts that use USD LIBOR before December 31, 2021 to avoid market disruption.
It is estimated that 100 million contracts comprising over $400 trillion in value reference this financial regulation.
The U.S. Treasury Department’s Financial Stability Oversight Council warned in its 2019 annual report that “[t]he failure of market participants to adequately analyze their exposure to LIBOR and transition ahead of LIBOR’s anticipated cessation or degradation could expose market participants to significant legal, operational, and economic risks that could adversely impact U.S. financial markets.”
In other words: update your contracts or else.
Federal Data Privacy
Federal laws to watch in 2021 includes the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act and the Consumer Online Privacy Rights Act (COPRA) as well as two bills introduced to safeguard data being collected to track and process data related to COVID-19: the COVID-19 Consumer Data Protection Act of 2020 and The Public Health Emergency Privacy Act.
Take Control Of Contract Compliance
Evisort was created to streamline how companies are tracking, searching, and updating third-party contracts. Evisort’s Document Analyzer allows users to search for specific vendors; specific types of agreements; specific clauses and/or provisions; key terms within a contract as a whole; and/or a combination of all of these.
Trained on +10M contracts, Evisort can read over 230 types and is the first authentic AI to identify non-standard third-party clauses. With the Document Analyzer, a user can search for clauses that “do not contain” specific information, helpful for identifying clauses that differ from standard wording or finding contracts that need to be updated.
The platform can also quickly search data privacy policies to build summary reports. Legal teams can use the Document Analyzer to sift through privacy policies and find where language is not compliant with new or upcoming data privacy legislation.
To learn more about how to stay on top of upcoming compliance requirements, download Contract Compliance Challenges in 2021.