Cybersecurity, Data and Tech Archives

In AML & Financial Services Regulatory

United States: Digital asset/blockchain industry implications of the One Big, Beautiful Bill Act (OBBBA) and other emerging federal legislation

July 23, 2025 by Amir Kia Waxman and Reza Nader 7 Mins Read

On July 4, 2025, the One Big, Beautiful Bill Act was signed into law, making important changes to the Internal Revenue Code. The Act has implications for US and non-US companies and their domestic and international transactions, capital investment, and research and development activities, amongst other areas, which carry significant weight for the cryptocurrency/digital asset industry. From cryptocurrency exchanges, payment processors, asset managers and cryptocurrency funds to mining companies, token issuers, custodians, and centralized or decentralized lending platforms, the Act’s provisions reshape the tax landscape in ways that demand close attention.

In Cybersecurity, Data and Tech

Fraud in the Modern Era and a Proactive Approach to Anti-Fraud Practices

July 2, 2025 by María Miguel, Alicia Franch and Veronica Garcia Acedo 4 Mins Read

Fraud poses significant legal, financial, and reputational risks for organizations. The FBI’s 2025 Internet Crime Report highlights over $16 billion in losses due to internet-related crimes, including phishing, extortion, and personal data breaches. ISO 37003, published in May 2025, provides guidelines for managing fraud risks through prevention, detection, response, and evaluation. Effective fraud control systems help organizations comply with legal standards and mitigate liability. ISO 37003 can integrate with other ISO standards to create a comprehensive Governance, Risk, and Compliance framework, aiding organizations in safeguarding against both internal and external fraud.

In Cybersecurity, Data and Tech

Singapore: Vendors may need to obtain cybersecurity certifications before they can be licensed or bid for certain government contracts

June 5, 2025 by Andy Leck, Ren Jun Lim, Ken Chia, Sanil Khatri and Daryl Seetoh 4 Mins Read

In a joint response to a public forum letter, the Monetary Authority of Singapore (MAS) and the Cyber Security Agency of Singapore (CSA) announced that they are considering requiring vendors to obtain national cybersecurity certifications, namely the Cyber Essentials or Cyber Trust mark, before they can be licensed or bid for government contracts involving access to sensitive data or systems.
This move follows a recent data breach involving a third-party vendor and underscores the growing regulatory focus on third-party cybersecurity risks.

In Cybersecurity, Data and Tech

United States: The time is now for U.S. companies to examine their cross-border data transfers

May 28, 2025 by Alexandre (Alex) Lamy, Mackenzie Martin and Jonathan Tam 9 Mins Read

In an era of intensifying geopolitical tensions, companies with operations in the U.S. must navigate an increasingly fragmented and national security-driven regulatory landscape governing cross-border transfers of many different types of data, including personal data and technical information used in R&D and patent filings. The US Department of Justice’s new Data Security Program (DSP) essentially prohibits US persons from making certain volumes of Americans’ personal data available to entities headquartered or residing in China (including Hong Kong and Macau), Russia, Venezuela, Iran, Cuba, or North Korea, or their subsidiaries in other countries, unless an exception applies.

In AML & Financial Services Regulatory

South Africa: Coin vs. Capital – Cryptocurrency is not subject to exchange control

May 28, 2025 by Ashlin Perumall and Gabriel Rybko 7 Mins Read

In a landmark ruling, the Pretoria High Court in Standard Bank v South African Reserve Bank ruled that cryptocurrencies do not constitute “capital” under South Africa’s Exchange Control Regulations. This means crypto assets are not subject to the country’s strict exchange control regime, offering long-awaited clarity for the crypto industry. While this judgment removes the need for SARB approval to export crypto, the relief may be temporary, as future legislative amendments could reassert regulatory oversight. For now, the decision marks a significant shift in how digital assets are treated under South African financial law.

In Cybersecurity, Data and Tech

Indonesia: Regulation on online child safety issued! New obligations to protect the younger generation

May 19, 2025 by Daniel RPC Pardede, Daru Lukiantono, Harry Kuswara, Adhika Wiyoso and Bratara Damanik 6 Mins Read

The Indonesian government has just issued a much-anticipated regulations that is closely connected with two important elements in society: children and technology. This new regulation introduces new obligations and prohibitions for electronic system operators in relation to the access and use of electronic systems by children.

In Cybersecurity, Data and Tech

South Africa: Amendments to the POPIA regulations – Key changes you need to know

May 19, 2025 by Ashlin Perumall and Refentse Chuene 7 Mins Read

In April, the Information Regulator published amendments to the Protection of Personal Information Act (POPIA) Regulations, significantly enhancing privacy protections for South Africans. These changes simplify the processes for objecting to data processing, requesting corrections or deletions, and obtaining consent for direct marketing. They also introduce new responsibilities for information officers and allow for administrative fines to be paid in installments.

In Cybersecurity, Data and Tech

Malaysia: Cross Border Personal Data Transfer Guideline

May 19, 2025 by Kherk Ying Chew and Serene Kan 1 Min Read

Following the public consultation in 2024, the Personal Data Protection Commissioner has now issued the Personal Data Protection Guideline on Cross Border Personal Data Transfer (Guideline).
The Guideline provides guidance on the operationalization of section 129 of the Personal Data Protection Act 2010 and sets out specific responsibilities of data controllers when transferring personal data to any place outside Malaysia.