- NEWSLETTER,U.A.E
- March 25, 2024
As we approach the Economic Substance Regulations (ESR) compliance deadline on March 31st, 2024, for businesses and companies, we want to ensure that all our partners and clients are well-prepared and informed about their responsibilities under these regulations.
What is ESR Compliance and Who Does it Apply to?
- Insurance Businesses
- Banking Businesses
- Investment Fund Management Businesses
- Headquarters Businesses
- Lease-Finance Businesses
- Holding Company Businesses
- Shipping Businesses
- Intellectual Property Businesses
- Distribution and Service Centre Businesses
- Issue an ESR Notification within 6 months from the conclusion of the financial year
- Undertake an ESR evaluation and present the report to the relevant authority within 12 months from the conclusion of the financial year
Financial year ending | Due date of notification | Return due date |
---|---|---|
September 30, 2023 | March 31, 2024 | September 30, 2024 |
March 31, 2023 | September 30, 2023 | March 31, 2024 |
Non-Compliance | Penalty (Amended amount in AED) |
---|---|
Not submitting a notification | 20,000 |
Not submitting an economic substance report | 50,000 |
Furnishing wrong information | 50,000 |
Failure to clear the first year’s ET Test | 50,000 |
Failure to clear the consecutive year’s ET Test | 400,000 |
Have a Consultation Today
Don’t wait until the last minute. Reach out to us today to ensure your ESR Compliance is on track and avoid potential penalties or disruptions to your business operations. Our professionals will carry out an assessment and help you file the ESR Report within the stipulated timeframe.
Thank you for trusting IMC Group as your reliable partner amidst the dynamic regulatory landscape.
- NEWSLETTER, GLOBAL
- March 20, 2024
Startups and small enterprises are increasingly adopting flexible work arrangements. A recent study noticed that 78% of startups founded in the past three years operate on a remote or hybrid basis. Furthermore, the trend towards remote work is anticipated to accelerate in 2024 expecting an uptick in virtual assignments over the coming year.
As remote work becomes more common, leaders of small and expanding businesses may find their organizations at risk of facing global mobility tax and regulatory compliance challenges.
- Be cautious of excessive data accumulation
- Global Mobility Tax authorities are intensifying their focus on ensuring adherence to tax laws
- Recent changes in tax legislation
- Handle the risks associated with the company and its employees
- Ensure your workforce's well-being
- Communication Regarding International Relocations
- Tax authorities are leveraging AI and Automation
- New regulations for remote taxation are emerging
Essential Global Mobility Trends for Small and Expanding Businesses to Monitor in 2024
1. Be cautious of excessive data accumulation
Obscured Vision
Privacy Risk
The second major concern revolves around privacy risks. The introduction of stringent data security laws by authorities, notably within the European Union (EU), has significantly raised the stakes for data protection and privacy. Enhancing these laws aims to protect individual rights, but it presents a formidable challenge for companies, especially those operating across EU and UK jurisdictions.
The issues of obscured vision and privacy risks underscore the critical need for a strategic approach to data management. Companies must navigate the fine line between collecting necessary data for operational and legal purposes and ensuring that this data is managed in a way that is both efficient and compliant with increasingly stringent privacy laws. The key lies in implementing robust data analysis and management tools and developing clear policies prioritizing data minimization and privacy protection. By doing so, organizations can mitigate the risks associated with data overload and privacy breaches, ensuring a more secure and efficient operation that aligns with business objectives and regulatory requirements.
2. Global Mobility Tax authorities are intensifying their focus on ensuring adherence to tax laws
Around the world, regulatory bodies are leveraging technology to monitor remote workers and implement tax regulations more effectively. In the U.S., the Inflation Reduction Act is leading the charge towards using automation for more accurate audit processes. This trend is not limited to the U.S.; similar initiatives are underway globally, such as in India, where there are reports of tax officials planning to utilize artificial intelligence to spot mistakes in tax filings.
This increase in regulatory scrutiny could significantly impact the leaders of small businesses. The complexity of managing employees who work in various countries or states could lead to corporate and payroll tax responsibilities in new jurisdictions or result in tax fines for both the business and its employees. Thus, Global Mobility Services supports the international tax needs of global companies, startups, and their globally mobile workforce.
3. Recent changes in tax legislation
4. Handle the risks associated with the company and its employees
The presence of remote workers and employees who travel for business can pose tax risks to the organization and its employees. Without a well-defined plan and procedure for communication, comprehending and preparing for these risks might be challenging. Specifically, uncovering and addressing concealed payroll tax obligations becomes increasingly complex without precise data regarding employees’ residential and work locations.
Grasping the nature of these risks is crucial yet addressing them can be challenging without consistent dialogue with your team. Prompt communication aids your organization in:
- Monitoring the growing number of remote workers and business travellers, including those in new locations
- Instructing staff on procedures, policies, and expectations, thus alleviating pressure on internal resources and reducing the frequency of repeated inquiries
- Handling organizational risk and fulfilling responsibilities towards employee welfare
- Developing new guidelines to meet evolving business and talent management requirements
- Informing mobile workers about potential tax pitfalls and guiding them on tax planning strategies
Recognizing these risks and challenges is the first step. Following this, it’s vital to set up a system to keep tabs on your employees’ work locations and to communicate their duties in overseeing this system. It is essential to provide explicit instructions to managers and employees to ensure uniform application across your workforce. Mobile workers should be made aware of their obligations and the extent of support that the policy does or does not offer.
Consistent communication is important to ensure that employees comprehend their compliance responsibilities. Frequent interaction guarantees that employees are aware of their responsibilities regarding compliance.
5. Ensure your workforce's well-being
After developing suitable guidelines and policies, it’s essential to effectively communicate them to your employees and establish processes for reviewing and approving new instances. Without adhering to these policies, your organization will fail to fulfill its responsibilities and will not uphold the necessary standards of care for your employees. Global employee benefits solutions can be beneficial in supporting employees around the world.
When determining the level of support for their employees, employers must consider their responsibility for care. This can involve various aspects, such as:
- Adhering to local health and safety regulations
- Providing workers' compensation insurance
- Ensuring compliance with other personal regulations, like immigration and tax laws
In the past, employers typically offered more significant support to employees travelling for business than those travelling for personal reasons but working during their trip. However, the evolution of remote work has blurred the boundaries between professional and personal time, necessitating employers to reconsider their care obligations to their employees.
The concept of duty of care is broad, and interpretations regarding the support extended to employees may vary across different organizations. As an employer, you must maintain a standard of care for your employees and be aware of and comply with any tax and legal requirements for the company.
6. Communication Regarding International Relocations
It’s widely believed that permanent relocations (employees moving to a new country permanently for work) do not present as many challenges as those faced by tax-equalized expatriates (temporarily moving for work). Yet, issues such as trailing financial obligations in the original country, mainly concerning bonuses and equity compensation, can lead to significant financial complications for those moving permanently. It’s common for compensation related to bonuses or equity from previous years to be taxed entirely in the new country of work, potentially leading to insufficient tax withholding in the original country.
The global mobility, payroll, and stock administration teams ensure these financial obligations are accurately accounted for in the origin and destination countries.
To mitigate these issues, it is recommended that the global relocation service company and the global mobility team actively communicate with employees about relocating permanently. They should be informed about the need for continued global mobility tax withholding in their original country, allowing them to anticipate and address any concerns proactively. Additionally, arranging tax counselling sessions with a specialized tax firm in the countries of origin and destination can help transferees understand their tax obligations and explore potential planning strategies. Global Mobility Tax support for the first year can also facilitate compliance with departure regulations and ensure a smooth transition for the employee in their new country.
Adhering to these best practices in communication can reduce tax-related issues and confusion for your mobile and remote workforce, ensuring that you deliver the outstanding employee experience your team anticipates and merits.
7. Tax authorities are leveraging AI and Automation
Previously, companies might have been able to adopt more relaxed policies regarding remote work and business travel, permitting employees to work from any location without much oversight. However, this flexibility is becoming a thing of the past. This change is due to tax and regulatory bodies utilizing AI and automation to tighten regulation enforcement.
Technological advancements in India: India has embraced AI and machine learning to detect tax infractions. Recent reports indicate that India is developing AI algorithms to spot inaccuracies or anomalies in tax filings. For companies employing remote workers or those sending employees on business trips to India, this means an increased responsibility for ensuring tax compliance within the country.
8. New regulations for remote taxation are emerging
New developments are emerging in tax regulations for remote work as these laws gradually adapt to the evolving nature of work arrangements. Despite the existence of tax laws designed to simplify the tax situation for individuals working temporarily outside their home country, the original drafting of these laws falls short of adequately covering contemporary work patterns.
For instance, remote employees who work from locations outside their home country and tax jurisdiction might find themselves liable for social security taxes in their temporary work location. While numerous countries have social security agreements to mitigate such issues, these pacts often fail to comprehensively cover remote working arrangements, potentially leading to a loss of social security contributions in their home country and imposing new contribution requirements in the temporary work location for employers and employees.
The approach to social security taxes varies significantly from one country to another. In summary, companies not actively managing tax issues associated with remote work and business travel might encounter new tax liabilities for the corporation and its employees, face the dangers of inaccurate tax filings, or trigger tax audits.
Keep ahead of 2024 trends in Global Mobility Tax
- Revise their approach to data management
- Take an anticipatory stance on reporting requirements
- Inform employees about tax responsibilities
- Publications
- March 14, 2024
- NEWSLETTER, INDIA
- March 13, 2024
For entities operating beyond the borders, it’s imperative to understand evolving corporate law in international business avenues. In the corporate business landscape in India, there’s a visible shift from CSR (Corporate Social Responsibilities) to ESG (Environmental, Social, and Governance) in recent years. This shift in paradigm redefines the way businesses operate in the country, besides reshaping regulatory frameworks and standards of accountability.
In this edition, let’s have a comprehensive look into the relationship between corporate law and the sustainability revolution in the country. Foreign companies investing in India presently find themselves at a crossroads as the focus shifts to ESG globally. To make room for new norms, corporate law in India is undergoing a profound transformation. This explains why companies need to fulfil their reporting obligations amidst the growing influence of shareholder activism.
Why is ESG a Cornerstone of Corporate Responsibility?
ESG has proven to be a key progression in corporate sustainability. These standards serve as a parameter to evaluate the commitment of a company to stakeholder engagement, protecting the environment, and effective governance. ESG standards ensure compliance with ethical business practices and enable investors to evaluate companies before investing in them.
Foreign companies operating in India need to understand that establishing and maintaining a comprehensive ESG framework involves certain initial costs. However, this returns a substantial benefit in the long run. Experts recommend against neglecting ESG factors since they can prove detrimental to the finances, reputation, and legal standing of firms expanding to India.
The Shift from CSR to ESG for Better Corporate Accountability
ESG practices in India define a departure from the traditional shareholder-centric approach that CSR initiatives carry. Unlike CSR, ESG comes up with a more holistic focus on all stakeholders. This marks a significant shift in corporate strategies.
Let’s understand this transition based on three key aspects.
1. Evidence-based Accountability
2. Integrated Approach to Management
3. Strategic Importance
Best Practices for Corporate Compliance with ESG Regulations
Establishing ESG Committees
Evaluating ESG Risks
Engaging Stakeholders
Compliance Requirements and Best Practices
1. Mandatory CSR Spending
2. ESG Reporting
3. Adhering to Global Frameworks
It’s time to Pioneer Sustainable Corporate Practices
International brands striving to integrate themselves into the thriving corporate environment in India should adhere to the best ESG practices, respecting the standard regulations in the respective industries. This approach not only streamlines their path to contribute to a more sustainable future but also positions themselves for long-term success and gains the trust of stakeholders.
The IMC Group continues to be one of the most trusted global ESG Consulting firms. The professionals have been collaborating with foreign corporate firms expanding to India over the years, offering comprehensive assistance to ensure ESG compliance.
- NEWSLETTER,U.A.E
- March 13, 2024
Merger and acquisition (M&A) transactions often turn out to be too complex, which justifies the need for due diligence. In this edition of our newsletter, we will explore why due diligence proves to be the cornerstone to mitigate business risks. Successful entities seek professional Mergers & Acquisitions Advisory in the UAE, discovering opportunities and fostering transparency between sellers and buyers.
Let’s find out how the transformative potential of due diligence can shape the trajectory of your M&A efforts.
What Makes Due Diligence Indispensible?
The Scope of Due Diligence during M&A Activities
1. Corporate
2. Related Party Contracts
3. Finance
4. Commercial
5. Intellectual Property (IP)
6. Litigation
7. Employment
8. Property
9. Regulatory
Professional Due Diligence Services in the UAE
A robust legal counsel can significantly help business entities simplify the challenges during M&A transactions. Partnering with the IMC Group, known for its transaction advisory services in Dubai, brings professionalism and expertise to the table. This team of experts has a proven track record of facilitating cross-border and domestic corporate transactions.
- NEWSLETTER,U.A.E
- March 13, 2024
The UAE has set benchmarks in the global business environment, attracting global brands over the years. In the past, the absence of personal and corporate tax in the UAE made it a lucrative choice for investors. However, the Federal Tax Authority of the UAE has introduced Corporate Tax (CT) through Federal Decree-Law No. 47 of 2022, following which businesses and corporations need to shell out tax. This justifies why forward-thinking businesses are seeking professional support to understand 2024 UAE corporate tax guidelines and ensure compliance.
In this newsletter, let’s explore the prime aspects of the newly introduced corporate tax in the UAE and how it will affect Holding Companies.
What is a Holding Company?
Tax Implications for Holding Companies
Benefitting from Free Zones
Strategic Compliance with Participation Exemptions
Enhancing Economic Substance
Transfer Pricing Best Practices for Holding Companies
Strategic Planning for Long-Term Success
The introduction of Corporate Tax in the UAE presents both challenges and opportunities for Holding Companies. With professional corporate tax advisory in Dubai from experienced teams, Holding Companies can position themselves for long-term success.
The IMC Group continues to be a trusted partner, specializing in corporate tax advisory. Foreign corporates and investors venturing into the UAE can seek personalized assistance and strategic advice tailored to their interests from this proficient group of experts.
- NEWSLETTER, INDIA, Singapore
- March 12, 2024
Singapore continues to be one of the sought-after international business destinations, attracting investments from all around the globe. In this edition, let’s take a look into the recent stride towards fostering robust trade ties and investments between the Indian government and Singapore.
Led by the Secretary of the Department for Promotion of Industry and Internal Trade (DPIIT), Rajesh Kumar Singh, the delegation was involved in a series of discussions and strategic engagements to strengthen bilateral cooperation.
The visit, which commenced on Monday, witnessed key government officials from India engaging in high-level dialogues with their Singaporean counterparts. This established the groundwork for better collaboration and investment inflows. The delegation was actively involved in investor roundtables, showcasing the vibrant economic landscape of India along with investment avenues across various industry verticals.
India-Singapore Trade Roundtable was one of the noteworthy events, focussing on the Food and Machinery Sector. It was jointly organized by the High Commission of India in Singapore and the Federation of Indian Chambers of Commerce & Industry (FICCI) in collaboration with the Singapore Business Federation. Besides facilitating dialogue, the involved parties discussed scopes of joint ventures, strategic partnerships between businesses in India and Singapore, and the transfer of technologies.
The primary objective of the delegation was to cordially invite investors and motivate them to explore the extensive investment potential in India. This is likely to mature into stronger trade relations between the two nations.
Discussions between Rajesh Kumar Singh and Beh Swan Gim, Singapore’s Trade and Industry Ministry Permanent Secretary revealed the mutual commitment to deepen cooperation across different sectors, thereby demonstrating the importance of bilateral ties.
The delegation also actively participated in Investors roundtable discussions focusing on Renewable Energy and Electronics and Semiconductors that were organized by Enterprise Singapore and Invest India. A session of constructive dialogues followed between the leaders representing both countries as they explored viable avenues to intensify investment collaborations. Thus, the potential for strategic ventures between Singapore and India is on the cards.
Currently, Singapore stands in the 8th position among the largest trade partners of India. In 2022-23, bilateral trade between these two countries reached a mammoth $35.59 billion. This marked a commendable growth of 18% over the previous fiscal year, as pointed out by the Indian High Commission in Singapore. The positive growth trajectory highlights the strong potential for further expansion and deepening of economic engagements between the two Asian countries.
With these developments, Singaporean entities would be looking for company formation in India and capitalize on the opportunities. The IMC Group continues to be a trusted partner for company formation for global businesses expanding across borders, offering professional counselling and assistance.
- NEWSLETTER,U.A.E
- March 12, 2024
The UAE has set benchmarks in the global business environment, being a preferred hub for investors. With a business-friendly regulatory framework, strategic location, progressive business strategies, and a thriving economy, the country attracts global investors. According to recent data, the UAE is placed in the third position among attractive emerging global economies. This speaks tons about its robust economic performance as the country recovered from post-pandemic challenges. Currently, hundreds of companies are seeking professional support for company formation in Dubai for foreign investors from established teams.
With a remarkable growth rate of 7.6% in 2022, the UAE stands out with its agility and resilience. This establishes its status as a dynamic economic hub in the Middle East. With a world-class infrastructure, including ports and airports, the country seamlessly facilitates business on a global scale.
The UAE revamped its company laws in 2020 as a strategic move to attract foreign investment. In most business sectors, the country allows 100% foreign ownership, although a few exceptions exist. These strategic reforms eliminated existing barriers for international investors, serving as a catalyst for market entry. The competitive business environment in the UAE now witnesses healthy competition between different sectors that were previously dominated by local entities.
Bilateral Trade Agreements to Foster Economic Diplomacy
The UAE has embraced a proactive stance towards global economic integration. It is carrying out a series of bilateral trade agreements with key partners worldwide. With these strategic partnerships, the country seeks to strengthen its investment inflow and trade volume. Eventually, this approach is laying the foundation for sustained economic collaboration.
Among noteworthy countries with which the UAE entered agreements are South Africa, Israel, India, and Turkey. Besides, it is participating in the CPTPP (Comprehensive and Progressive Agreement for Trans-Pacific Partnership), which marks its commitment to fostering mutually beneficial relationships on the international stage.
For instance, the Comprehensive Economic Partnership Agreement with India recorded a remarkable surge of 27.5% in bilateral trade within a year of its implementation. Besides, trade volume in the UAE soared to $599 billion (2.2 trillion dirhams) in 2022. This marks a robust 17% annual growth, spearheaded by strategic bilateral trade agreements across different sectors.
Economic Diversification and Technological Innovation
Exploring Compliance Requirements and Regulatory in the UAE
While the UAE looks promising from a business perspective, organizations need to understand its regulatory norms for compliance. The dynamic regulatory landscape poses a challenge for investors as it undergoes legislative updates frequently. Particularly, SMEs with limited resources find themselves struggling due to the complex legal framework. In the end, every business aims to comply with the established norms to ensure transparency, and accountability, and to protect its stakeholders.
Particularly, the UAE has stringent norms under its Combating Financing of Terrorism (CFT) and Anti-Money Laundering (AML) laws. Therefore, foreign businesses expanding to the UAE need to adhere to mandates like meticulous record-keeping, comprehensive customer due diligence, and prompt reporting of suspicious transactions.
Empowering Labor Rights and Regulatory Oversight
Balancing Innovation and Compliance to Attract Investors
As the UAE transforms into a focal point of innovation and entrepreneurship, businesses look forward to capitalizing on their growth opportunities. For foreign businesses expanding to the UAE, embracing a futuristic economic model is the need of the hour.
Thus, companies need to gain a comprehensive understanding of regulatory norms in the UAE and seek professional guidance to navigate the complex norms. Investing in local expertise is crucial along with strategic planning and execution of compliance strategies.
The IMC Group continues to be one of the leading business setup consultants in Dubai UAE. As businesses cruise along their path to growth and expansion, this team of experts remains steadfast in its commitment to empowering enterprises with strategic insights and tailored solutions.
- NEWSLETTER,U.A.E
- March 12, 2024
Do you know why forward-thinking businesses in the UAE seek professional due diligence services during mergers and acquisitions? Beyond a formal procedure, due diligence continues to be a vital step that determines the integrity of the merged business entity. This explains why successful businesses seek professional due diligence support, revealing the strengths and downsides of the company under consideration.
A stringent due diligence process points out the opportunities and risks, thereby facilitating negotiations for the best terms and pricing. Eventually, it fosters confidence and trust, both of which are vital for the involved parties. It creates a positive business environment that strengthens the bottom line of the company.
How To Identify Red Flags in The Due Diligence Process?
1. Financial Inconsistencies
Discrepancies between financial records or incomplete documentation may indicate poor accounting practices or even potential fraud. Unless addressed on time, it can jeopardise the accuracy of financial records. Professional due diligence service providers stringently scrutinize missing invoices, tax returns, and receipts. They might also detect inconsistencies between unaudited and audited accounts. All these point to poor accounting practices, misinterpretation, or fraud.
For instance, target companies tend to inflate their revenue or refrain from disclosing all their expenses. They might also hide debts and or portray themselves as more solvent or profitable than they really are.
2. Legal Issues
3. Operational Challenges
4. Quality of Earnings
5. Unstable Markets
6. Dependency Issues
7. Stability of Management
8. Cultural Issues
Professional Due Diligence Services for Successful Deals
1. Thorough Examination
2. Transparent Communication
3. Alignment of Interests
4. Preparing for the Integration
Finally, professionals can guide you through the post-deal integration process. This allows the firms to consolidate their resources, processes, and cultures.
The IMC Group continues to be a trusted partner, offering professional vendor due diligence services. Having a competent team of experts on your side can streamline your M&A process significantly.
- NEWSLETTER, GLOBAL
- March 7, 2024
According to Thomson Reuters, in 2022, there were over 230 daily alerts for regulatory updates. This figure is unsurprising given the increasing regulatory focus on Operational Resilience, Artificial Intelligence (AI), Cyber Security, Data Privacy, and Environmental, Social, and Governance (ESG) criteria.
In 2023, significant cyber security and digital operational resilience policies took shape in the U.S. and the European Union, establishing a benchmark for other areas. This trend of regulatory development observed in 2023 is expected to persist and intensify in 2024.
What can we anticipate for 2024, and what preparations are necessary? Below are ten critical regulations and areas of emphasis on our radar.
- Regulatory Attention on AI
- SEC Cyber Security Regulations
- Cyber Security Maturity Model Certification (CMMC)
- NIST Cyber Security Framework (NIST CSF)
- Cyber Security Mandates for the Financial Industry
- Data Protection
- Focus on Operational Resilience
- The Gramm-Leach-Bliley Act
- Payment Card Industry Data Security Standard (PCI DSS) Compliance
- Equity and Environmental Sustainability
1. Regulatory Attention on AI
The recent increased regulatory analysis on artificial intelligence (AI) is understandable, given the rapid expansion of AI and generative AI (GenAI) use across multiple sectors. This focus is anticipated to persist into 2024 and onwards.
In January 2023, the National Institute of Standards and Technology (NIST) unveiled the NIST AI Risk Management Framework (AI RMF 1.0). Its goal is to enhance the integration of trustworthiness in the design, development, deployment, and assessment of AI products, services, and systems. Furthermore, a significant move by the White House involved issuing an Executive Order to ensure the safe and trustworthy creation and application of AI.
The European Union is actively working towards AI regulation as well. In December 2023, EU representatives agreed provisionally on extensive rules for the secure and reliable application of AI. A BBC report indicates that the EU Parliament is slated to vote on these AI Act proposals within the year, with the laws expected to be implemented by 2025. Other countries, including China, Canada, Brazil, South Korea, Singapore, the UK, and the UAE, are at different stages of implementing AI-specific regulations, poised for adoption shortly.
As AI technology advances and finds new applications within the Governance, Risk Management, and Compliance (GRC) sector, these regulations are also anticipated to advance and adapt with technological progress.
2. SEC Cyber Security Regulations
In today’s digital age, cyber threats pose one of the most significant risks to organizations, with the advent of AI technology further escalating the potential for cybercrimes through its availability for executing large-scale attacks. Regulatory bodies are diligently working to ensure that companies adopt adequate security measures to safeguard their assets and the interests of stakeholders.
In July 2023, the U.S. Securities and Exchange Commission (SEC) introduced the Cyber Security Risk Management, Strategy, Governance, and Incident Disclosure rules for public companies. These regulations mandate that:
Companies establish a comprehensive incident response mechanism, including immediate reporting to the SEC. Companies regularly disclose the cyber security expertise of their board members and senior management and the cyber security risk management practices they have adopted. For risk management, strategy, and governance disclosures, public companies must start including this information in their annual reports for fiscal years ending after December 15, 2023.
3. Cyber Security Maturity Model Certification (CMMC)
The Cyber Security Maturity Model Certification (CMMC), created by the U.S. Department of Defense, represents another significant cyber security standard and certification framework. It aims to ensure the secure handling of sensitive, yet unclassified information shared between the Department and its contractors and subcontractors.
This year, anticipation grows for the final rule of CMMC. In 2023, the proposed revision, CMMC 2.0, was forwarded to the Office of Information and Regulatory Affairs (OIRA) at the White House for evaluation. This updated version offers a robust scheme to safeguard the defense industrial base’s (DIB) critical unclassified data against sophisticated cyber threats. Expected modifications in the final rule are set to streamline the compliance process, lower the costs associated with assessments, and boost accountability, among other improvements.
4. NIST Cyber Security Framework (NIST CSF)
Beyond regulatory mandates, standard-setting entities also provide guidelines and frameworks to aid organizations in effectively managing cyber security threats. The NIST Cyber Security Framework stands out as a tool that organizations highly adopt. Initially released in 2014, this framework offers “a framework that can be utilized by organizations, regulatory authorities, and customers to establish, guide, evaluate, or enhance comprehensive cyber security strategies.”
The National Institute of Standards and Technology (NIST) unveiled a revised version of the framework for public feedback in the second half of 2023. This updated draft, or Framework 2.0, is designed to “mirror the evolving cyber security environment and streamline the application of the CSF across various organizations.” The NIST has announced that the definitive edition of CSF 2.0 is slated for release in early 2024.
5. Cyber Security Mandates for the Financial Industry
The financial industry, a prime target for cyber threats due to its significant data and monetary assets, is under increased regulatory scrutiny.
The New York Department of Financial Services (NYDFS) has updated its pioneering Cyber Security Regulation as of November 2023, initially established in 2017. This regulation mandates that entities under its jurisdiction, such as banks, insurance firms, and various financial services providers, implement robust cyber risk management and governance practices. This includes establishing a comprehensive cyber security program to safeguard consumer data, drafting detailed policies, appointing a Chief Information Security Officer (CISO) for data and system security, and enforcing strong controls.
The revised regulations introduce stricter governance protocols, more frequent risk evaluations, enhanced safeguards against unauthorized system access, improved incident reporting procedures, and more. These changes underscore the importance for organizations to closely monitor the evolving NYDFS Cyber Security Regulation, which is likely to influence similar standards across other regions.
Entities governed by these regulations must ensure compliance by April 29, 2024.
6. Data Protection
The safeguarding of Personally Identifiable Information (PII) remains a critical concern for regulatory bodies around the globe.
In the United States, the implementation of the new California Consumer Privacy Act (CCPA) regulations has been postponed to March 29, 2024. The California Privacy Rights Act (CPRA), approved by California voters in 2020, has revised the CCPA, introducing enhanced privacy measures. It sets new benchmarks for collecting, storing, and utilising consumer data and introduces “additional responsibilities for handling personal information, including enabling consumers to opt out of their data being shared.”
The CPRA also led to the formation of the California Privacy Protection Agency (CPPA), tasked with the law’s implementation and enforcement starting July 1, 2022. However, enforcement was scheduled to begin on July 1, 2023. Nevertheless, the agency only finalized its initial regulations under the CPRA by March 29, 2023.
Following this delay, a California court extended the deadline for enforcing these new rules by a year. However, legislative amendments under the CCPA were activated on January 1, 2023, and are currently effective.
In November 2023, the CPPA proposed a novel regulatory scheme for “automated decision-making technology” (ADMT), establishing necessary safeguards for how businesses employ these technologies. Additionally, the agency has released updated draft regulations concerning risk assessments and cyber security audits.
7. Focus on Operational Resilience
The attention and measures regarding operational resilience in the financial industry continue to escalate. In the United Kingdom, the Bank of England, the Financial Conduct Authority, and the Prudential Regulation Authority have collaboratively issued a consultation document titled “Operational resilience: Critical third parties to the UK financial sector (PRA CP26/23 and FCA CP23/30)” in the previous month. The final date for submitting feedback is set for March 15, 2024. Furthermore, these regulatory bodies plan to propose a joint policy statement on applying their enforcement powers on essential third-party service providers.
In the EU, the Digital Operational Resilience Act (DORA) is designed to bolster the management of information and communications technology (ICT) and digital risks, especially regarding third-party involvements, thereby enhancing digital operational resilience within the region’s financial sector. It mandates a comprehensive set of requirements covering areas such as a risk management framework, handling and reporting incidents, and implementing a digital operational resilience testing program, among other aspects. Passed by the European Parliament in November 2022, the act sets a compliance deadline of January 17, 2025, for regulated bodies. This initiates a critical one-year period for financial sector entities to align with DORA’s stipulations.
As operational resilience becomes increasingly crucial across various sectors, DORA is a pivotal regulation, signalling a potential trend for similar initiatives to be adopted by other sectoral and federal regulatory bodies. In September 2023, the UK’s Department for Science, Innovation and Technology issued a legal document to modify the term ‘fundamental rights and freedoms’ in the data protection laws. This revision aims to align the language with rights acknowledged by UK legislation, moving away from the rights preserved under EU law. Should the UK Parliament endorse this change, it is anticipated to be enacted at the beginning of 2024.
8. The Gramm-Leach-Bliley Act
The Gramm-Leach-Bliley Act (GLBA) is a crucial regulation aimed at safeguarding consumer financial privacy by mandating that financial institutions disclose their practices regarding information sharing with their customers and protect sensitive information.
In a significant update in October 2023, two decades following the initial implementation of the GLBA Safeguards Rule, the Federal Trade Commission (FTC) revised this rule. The revision stipulates that non-bank financial companies must inform the FTC about data breaches impacting at least 500 consumers. These notifications must be made to the agency as swiftly as possible, 30 days after the breach is discovered.
This updated regulation is scheduled to be enforced 180 days following its announcement in the Federal Register, with expectations pointing towards a 2024 enactment.
9. Payment Card Industry Data Security Standard (PCI DSS) Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a crucial benchmark for safeguarding cardholder information. This internationally acknowledged framework is essential for entities that handle, process, or transmit cardholder information, offering detailed technical and procedural guidelines to ensure data protection.
The newest iteration, PCI DSS version 4.0, is set to be enforced starting March 31, 2024. This version, released by the PCI Security Standards Council in March 2022, provides a two-year window for organizations to adapt to and incorporate the revisions.
As stated in the official announcement, the update to version 4.0 from 3.2.1 is designed to counteract evolving security threats and leverage new technologies for enhanced threat mitigation.
Discover the journey with Corporater to achieve and maintain PCI DSS compliance.
10. Equity and Environmental Sustainability
The commitment to diversity, equity, inclusion (DEI), and environmental sustainability is becoming increasingly critical for businesses and regulatory bodies worldwide. Notably, 22 states adjusted their minimum wage rates in the United States at the start of 2024. Moreover, anticipated in April is the Department of Labor’s (DOL) finalisation of amendments to regulations concerning exemptions from the Fair Labor Standards Act’s (FLSA) overtime and minimum wage mandates for certain salaried employees.
Additionally, a new DOL rule came into effect at the beginning of 2024, mandating businesses with 100 or more workers in specific high-risk sectors to electronically report incidents of injury and illness to the Occupational Safety and Health Administration (OSHA).
In Europe, the European Parliament endorsed the Corporate Sustainability Reporting Directive (CSRD) in November 2022. This directive mandates member states to adopt enhanced sustainability reporting standards within 18 months, aiming to improve transparency and decision-making regarding sustainability for investors and stakeholders. This directive emphasizes the need for large corporations and publicly traded small and medium-sized enterprises (SMEs) to disclose information on various sustainability aspects, including environmental, social, human rights, and governance issues, as noted by the European Council.
The directive’s enforcement will be phased in from 2024 to 2028, starting with entities already under the non-financial reporting directive (NFRD) reporting in 2025 for the 2024 fiscal year.
Here are a few important rules businesses should keep an eye on this year. Companies need a simple, smart, and tech-based way to handle compliance to keep up with the quick changes in rules and regulations. This method helps them stay updated with new regulations, cut down costs, and have a clearer view of their compliance situation. IMC Compliance Management makes it easier for companies to start and stick to their compliance plans, making sure they follow the necessary rules and standards.
Thus, IMC, an implementation partner of Corporater, helps assist in GRC solutions. Corporater is a global software company that enables medium and large organizations worldwide to manage their business with integrated solutions for GRC built on a single platform. Find out how IMC can make your compliance efforts better – book a demo tailored just for you today!
A Member Firm of Andersen Global
- 170+ Countries
- 390+ Locations
- 13,000+ Professionals
- 1800 + Global Partners
- 170+ Countries
- 390+ Locations
- 13,000+ Professionals
- 1800 + Global Partners
- 170+ Countries
- 390+ Locations
- 13,000+ Professionals
- 1800 + Global Partners