Home   News   Features   Interviews   Magazine Archive   Symposium   Industry Awards  
Subscribe
Securites Lending Times logo
Leading the Way

Global Securities Finance News and Commentary
≔ Menu
Securites Lending Times logo
Leading the Way

Global Securities Finance News and Commentary
News by section
Subscribe
⨂ Close
  1. Home
  2. Industry news
  3. Instant Actions addresses data risks related to SRD II
Industry news

Instant Actions addresses data risks related to SRD II


11 September 2020 London
Reporter: Maddie Saghir

Generic business image for news article
Image: New Africa/Adobe Stock
Instant Actions has released a ready-to-implement solution to address the data risks created by the Shareholder Rights Directive II (SRD II).

SRD II, which came into force on 3 September, requires firms providing share custody to disclose client identities and positions when requested to do so by issuers.

James Zorab, CEO of Instant Actions, explained that the new legislation does not sufficiently address the issues of confidentiality, secure communication or the control of data.

Instant Actions’ new service is set to provide globally verifiable company announcement information to the markets.

The service will also protect intermediaries and shareholders from the risk of unauthorised phishing of their data by authenticating both the validity and identity of the requestor.

Additionally, Zorab highlighted that the General Data Protection Regulation (GDPR) complicates the risk. He said: “How will firms simultaneously satisfy their obligations to disclose data under SRD II and seek customer consent to keep data private under GDPR? If they get it wrong, they face fines of up to €5 million for SRD II and up to €400 million or 4 percent of turnover for GDPR.”

According to Zorab, Instant Actions will take in and authenticate identity disclosure requests in any form, including the new ISO standardiSed messages Seev 45-49 developed by
SWIFT.

SWIFT messages are “perfectly secure for point to point communications and adequately prove the source of origin, but they do nothing to prove whether the reply address has been changed, as would be the case in a phishing attack, if these messages are forwarded on to the next intermediary in the chain,” Zorab says.

This obligation to forward requests onwards through the chain is a specific requirement set out clearly in the directive with which intermediaries are obliged to comply.

Zorab comments: “There is a very real risk of bad actors masquerading as issuers and obtaining highly sensitive shareholder data. The financial consequences of this could be
very significant but the reputational impact could be crippling for businesses. We were shocked to learn that some intermediaries were planning on communicating this highly sensitive data un-encrypted and by email. Our solution provides a secure, auditable way of locking out those bad actors.”
← Previous industry article

RMA to host virtual Latin American conference
NO FEE, NO RISK
100% ON RETURNS If you invest in only one securities finance news source this year, make sure it is your free subscription to Securities Finance Times
Advertisement
Subscribe today
Knowledge base

Explore our extensive directory to find all the essential contacts you need

Visit our directory →

Discover definitions, explanations and related news articles in our glossary

Visit our glossary →