Government and Regulatory Affairs

Introduction

Welcome to this webpage dedicated to the Government and Regulatory Affairs (GRA) portfolio of the ISACA London Chapter (ILC).   The London GRA informs its Members of regulatory and legal developments related to IT, governance, audit, information/cyber security, and privacy, among topics of ISACA certifications and certificates. The GRA Team provides a summary of such information as published in:

  • the GRA section of London Chapter Newsletters (1-2 issues per month),
  • submissions made by ISACA / ILC to public consultations.

Public consultations have a wealth of background policy and research papers – these are hidden gems of bodies of knowledge that the GRA Team also draws attention to in ILC Newsletters. This means Members can see policy and law-making in real-time while also having resources to draw upon as needed for work or study.

The GRA Team is interested in your comments and suggestions – please contact admin@isaca-london.org.

GRA features in ILC Newsletters

The following are selected features published in recent ILC Newsletters, with back issues below Repository_of_GRA_features_in_ILC_Newsletters_2021.pdf.  More information on below among other topics can be found in newsletters January - May 2022.

  1. The UK Department for Digital, Culture, Media & Sport (DCMS) consulted from 1 March-10 May 2022 on proposed regulations to the Telecommunications (Security) Act 2021, requiring stronger legal duties of public telecom providers to defend their networks from cyber threats. Developed with the National Cyber Security Centre (NCSC), the consultation's proposed measures, along with a draft code of practice, aim to embed security practices in providers’ investment decisions and daily operations. Ofcom is to monitor and assess providers' security. Visit the DCMS site in due course for the outcome of the consultation.

  2. The UK Cyber Security Council (CSC) held its London Cyber Skills Symposium, 10 March 2022, to foster skills partnerships between Financial Services/FinTech sector employers and the CSC among others in supporting London as a global hub of secure online services. Co-partnered with City, University of London and the WCIT, the event programme included industry, trade, and government entities, as well as ISACA and other CSC co-founders.  To facilitate FS/F employers and others continuing to learn more about the CSC's work and partnerships, a report on the event and video recording is to be available in due course on CSC's YouTube channel.

  3. Cyber Essentials (CE) Revisions – New technical control requirements of the UK government's CE scheme on cyber security are introduced on 24 January 2022. The National Cyber Security Center's delivery partner IASME also has a Counter Fraud Fundamentals (CFF) scheme.

  4. The UK National Cyber Strategy 2022, published 15 December 2021, calls on all parts of society to strengthen the UK's position as a global cyber power (https://www.gov.uk/ government/news/new-blueprint-to- protect-uk-from-cyber-threats) with major initiatives on improving cyber skills and resilience, and funded expansion of existing government and commercial cyber research and capabilities.

  5. The UK Treasury Committee published on 2 February 2022, its report Economic Crime. The report urges legislation including
    against online fraudulent adverts, and for reimbursement to victims of authorised push payment (APP) fraud.  The 22
    September 2021 fraud report of UK Finance, the trade body of 300 banking and finance industry firms, reveals that APP fraud
    in the UK now exceeds card fraud. The UK Office for National Statistics' Crime Survey for England and Wales 2021 reported fraud carried out between October 2020-September 2021 rose massively by more than one-third to 5.1m cases.

  6. The U.S. Securities and Exchange Commission (SEC) fined JP Morgan Securities $125million for not preserving records as  required by federal securities laws (https://www.sec.gov/news/press-release/2021-262).

  7. The World Economic Forum launched on 22 January 2022 its first annual Global Cybersecurity Outlook 2022 to highlight     
     trends and progression as organisations shift from a cyber-defensive posture to a stronger cyber-resilience position.



Legislation for national chapter governance

ISACA chapters are created on the basis of regulations in their respective countries, for example, based on whether they are an association, society, private limited company, or other basis under  Attorney General Office guidance.  In the case of the London Chapter, it was created as an association and then in November 2004, it was incorporated as a private company limited by guarantee (https://find-and-update.company-information.service.gov.uk/company/05291214/filing-history). This means it is a non-profit company, compared to a private limited company limited by shares which is for profit.   

In the UK, private limited companies have a status different from associations and charities: the London Chapter is bound by obligations to UK Companies House (https://www.gov.uk/government/organisations/companies-house ), and its Chapter leaders being UK directors under Companies House comply with director responsibilities (https://companieshouse.blog.gov.uk/2019/02/21/7-duties-of-a-company-director)under the UK Companies Act 2006 (https://www.legislation.gov.uk/ukpga/2006/46/contents).  Additionally, for most all types of entities in the UK, there are data privacy regulations under the UK Data Protection Act 2018  and the UK General Data Protection Regulation (GDPR) derived from the European Union's GDPR – see the UK Information Commissioner's Office, the independent supervisory body regarding UK data protection legislation (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr).

Public consultations: ISACA / ILC submissions

London Chapter members contributed to submissions by ISACA to the following public consultations from UK and international governmental entities. These align with ISACA Global's advocacy and government relations

2021 Restoring trust in audit and corporate governance:
proposals on reforms by UK Business, Energy and Industrial Strategy (BEIS)

Consultation (outcomes awaited)

2019-2020 Review of local authority financial reporting and external audit (aka Redmond Review)

by UK Ministry of Housing, Communities & Local Government (renamed 2 Feb 2022 to Dept for Levelling Up, Housing and Communities)    Government Response Policy Paper

Independent report (consultation outcome)

(Annex 8 refers to ISACA submission)

Original Consultation

2017-19 Report on AI in the UK

by UK House of Lords Select Committee on Artificial Intelligence

Report and Government response

List of Witnesses and Evidence

ILC Written evidence (AIC0193) pp.734-745

2018 Cyber Lexicon

by Financial Stability Board

Publication of Lexicon

Public Responses