"Phishing" is a kind of cyber criminality aiming to obtain, by sending fraudulent emails which look like to those sent by legitimate organisms, recipient's personal information in order to impersonate or steal him or her. As it is difficult to find the authors of "phishing" and to prove their intentionality in order to punish them directly, on mean to fight against "phishing" could be to entitle banks to secure their information network and, to accompany this obligation with a strong incentive, to convict them to reimburse the victims in case of robbery of their personal data.
In 2015, a client victime of this kind of fraud asked to his bank, the Crédit Mutuel, to reimburse him the amount stole, what the bank refused to do on the grounds that the client committed a fault, transferring its confidential information without checking the email, however grossly counterfeit. The Court of first instance gave reason to the client because although he committed this fault, he was in good faith. This judgment was broken by the Chambre commerciale de la Cour de cassation (French Judicial Supreme Court) by a decision of 1st of July 2020 which states that this serious negligence, exclusive of any consideration of good faith, justifies the absence of reimbursement by the bank.
___
From this particular case, we can draw three lessons:
The Cour de Cassation states that good faith is not a salient criterion and that, as the bank must react when a banking account is objectively abnormal, the client must react face to an obviously abnormal email.
The Cour de Cassation describes the repartition of proof burden. Proof obligations are alternatively distributed between the bank and its client. First, the bank must secure its information network but, secondly, the client must take every reasonable measure to preserve its safety. It results from this that, if the email seems normal, phishing damages must be supported by the bank, and more generally of by the firm, while if the email is obviously abnormal, they must be supported by the client, but the burden to prove the abnormality of the email must be supported by the firm and not by the client.
Such a proof system shows that Compliance Law includes a pedagogic mission by educating each client in order to he or she would be able to distinguish among his or her emails, those which are normal and those which are obviously suspect. This pedagogic dimension, with the legal consequences associated to it, will not stop to spread.
This manifestation took place on Zoom on 17th of May 2021.
Registrations: anouk.leguillou@mafr.fr
Assistance to this event may be validated as part of the continuing education of lawyers.
In addition, scientific videos will be extracted and disseminated later.
Presentation of the topic: In the overall problematic of "Monumental goals", this conference retains a particular case: that of the crisis and the emergency situation that it generates.
First of all, in general, does the importance of public norms in the emergency context engendered by a crisis situation imply a marginalization of Compliance? Don't private actors also have their place in these circumstances, at the service of the "monumental goals" that the public authorities want to maintain, or even which appear specifically?
Secondly, more concretely, we have been living for many months in a health crisis. By taking it as a framework and, within it from particular cases, how public and private actors react, act, adjust? and how do the courts assess these movements?
Going from the most general to the most specific, this conference aims to identify criteria, limits, of what could be specific rules when the emergency of a crisis meets Compliance, and will examine specific situations.
Working method: The conference is therefore built on a general issue, which was the subject of a "working paper", written by Antoine Oumedjkane, Adrien Tehrani and Pascale Idoux, on which the speakers will have thought in advance and from which they are intended to study the question from their particular perspective.
The conference, which is essentially interactive, therefore begins with an outline of the main lines of this general work. It is followed by the examination of concrete practical cases.
They are as follows:
1️⃣ hydro-alcoholic gel, its manufacture, price, availability,
2️⃣ information and regulation on all media in Covid period
3️⃣ the use of the bicycle during the state of health emergency
A first conclusion, thematically limited, will relate to Revealed by the crisis situation, the place of private initiative in Compliance Law.
A second, more general, undoubtedly open-ended conclusion is drawn from this confrontation between general reflection and concrete cases which must be resolved in a particular crisis.
🎤 Marie-Anne Frison-Roche, agrégée des Facultés de droit, Professor of Regulation and Compliance Law at Sciences Po (Paris) and Director of the Journal of Regulation & Compliance (JoRC)
🎤 Pascale Idoux, Professor at Montpellier University
🎤 Pascale Léglise, adjointe au directeur des libertés publiques et des affaires juridiques (Deputy Director of Civil Liberties and Legal Affairs) of the Ministère de l'intérieur (Home Ministry)
🎤 Michèle Léridon, Member of the Conseil supérieur de l'audiovisuel (French Media Regulator), President of the working group Pluralisme, déontologie, supervision des plateformes en ligne (Pluralism, Deontology, Supervision of Online Platforms)
🎤 Antoine Oumedjkane, Researcher of the Centre de recherche et d'études administratives (Research and Administrative Studies Center) of Montpellier University
🎤 Nelly Sudres, Maître de conférences at Montpellier University and member of the Centre de Recherches et d'Etudes Administratives (Research and Administrative Studies Center) of Montpellier University
🎤 Adrien Tehrani, Professor at Montpellier University and member of the Centre du Droit de l'Entreprise (Company Law Center)
There was a time when the key was in the rule. Today is essentially in the effectiveness of the rule. What the English and Americans call: Enforcement.
When operators are very powerful and regulators have little information, when the rule is complex, when situations are always changing and diverse, most of the regulatory art focuses on enforcement.
It shows a little more the continuum between Ex ante and ex post, moreover the circularity between them.Not only sanction is necessary ex post to the regulatory body for the rules that it asked ex ante have an effectiveness, but conversely, if we want that breaches the rule that powerful operators are committed could be sanctioned, it is through the Ex ante they must be punished.
Thus, when a financial operator wants to raise funds in the US financial market, he must request authorization from the Regulator to do so or at least to declare beforehand. It is therefore an Ex Ante mechanism. But if the operator is trustworthy, then it can be a kind of privilege that allows him to raise funds without submitting to the heavy and lengthy procedure. It takes but just whether trusted opérator.
However, Reuters reported the next development by the SEC guidelines for applying its power to withdraw the exemption to operators which had broken the law, civil or criminal.
While this may be explained by the fact that these operators have shown they don't deserve the confidence that justified access to the status of "well-known seasoned issuer" (WKSI) offering this "privilege" exempting regulation.
This is especially a new crackdown. The withdrawal of that relief proceedings valuable to the operator who regularly raises funds on the market, making him reach the common lot of borrowers, making carrying a disadvantage compared to operators who respect the law and shall remain holders of "bureaucratic privilege".
In a regulation in which repression becomes the central arrow in the quiver, here is an acute .
It begs the question: claiming that it is within the Ex Ante, can the regulator be dispensed to apply the rights of the defense?
The Directive innovates and improves the UCITS’ single market in three ways: first by recasting the 1985 Directive on UCITS in order to implement a simpler and harmonized regulatory framework (therefore improving UCITS’ marketing and investors’ protection) ; second, by providing for more cooperation between national and supranational regulators in order to secure and supervise UCITS’ single market ; third, by integrating the Directive into the Lamfalussy process as to ensure that its provisions be well-conceived, concurrently implemented by Member States and efficiently controlled by regulators.
FRENCH
La directive innove et améliore le marché interne des OPCV de trois façons : tout d’abord en réformant la Directive de 1985 sur les OPCVM de manière à instaurer un système de régulation plus simple et harmonisé (améliorant ainsi l’activité des OPCVM et la protection des investisseurs) ; en second lieu, elle met en place un meilleure coopération entre régulateurs nationaux et supranationaux de façon à sécuriser et mieux superviser le marché des OPCVM ; enfin, elle intègre la Directive dans le processus Lamfalussy afin de s’assurer de la qualité de ses dispositions, de sa transposition simultanée par les Etats Membres et de son contrôle effectif par les régulateurs européens.
GERMAN
Dank der OGAW Richtlinie von July 2009 richtet sich der Europäische Aktionsplan für Finanzdienstleistungen schritterweise nach mehr Liberalisierung sowie Regulierung der Binnenmarkt.
Die OGAW Richtline führt drei Reformen ein: Erstens wird die vorherige Richtlinie von 1985 verbessert, damit die Regulierung von OGAW leichter und harmonischer wird (und infolgedessen, damit der OGAW Betrieb und der Investorensschutz besser funktionnieren). Zweitens wird die Zusammenarbeit zwischen nationale- und europäische Regulierungsbehörde gefördert, um den OGAW-Markt sicherer zu machen. Und letztens wird die Richtlinie im Lamfalussy- Verfahren integriert. So werden die Qualität der Anordnungen der Richtlinie, ihre gleichzeitige Umsetzung der Richtlinie von Mitgliedstaaten und ihre tatsächtliche Überwachung auf der EU-Ebene gewährleistet.
SPANISH
Una Directiva visionaria sobre los OICVM: un nuevo paso hacia un mercado interno liberal, pero regulado en el sector de servicios financieros
La Directiva innova y mejora el mercado interno de los OICVM de tres formas: la primera, al relanzar la Directiva de OICVM de 1985 para poder implementar un marco regulatorio mas simple y harmonizado (lo cual mejora las acciones de los OICVM y la protección de los inversores); la segunda, al proveer más cooperación entre los reguladores nacionales y supranacionales para asegurar y supervisar el mercado de los OICVM; y la tercera, al integrar la Directiva en el proceso Lamfalussy para asegurar la calidad de sus disposiciones, su transposición simultanea para los Estados Miembros y su control eficaz por los reguladores europeos.
to be published in the Series Regulations & Compliance , co-published par the Journal of Regulation & Compliance (JoRC) and Dalloz.
