Compliance Policy

Finsight actively monitors global regulations to ensure compliance.
GDPR CertificateMiFID II CertificateData Privacy Framework CertificateAICPA SOC 2 Certificate
GDPR Compliant

Finsight is committed to ongoing GDPR compliance. Finsight will execute a Data Processing Agreement (DPA) with clients, which pertains to how Finsight uses and protects Personal Data acting in the Processor Role. For more information, please contact privacy@finsight.com.

MiFID II Compliant

Under MiFID II, the European Securities & Markets Authority (ESMA) requires firms to have systems in place to accurately track all interactions such that a “national competent authority” can readily access and reconstitute each stage of the transaction process (and identify any corrections or amendments). Corporates are largely exempt from MiFID II unless they actively engage in derivatives (outside of hedging) or other broad capital market activities within the EU.

Finsight complies with EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We also ensure MiFID II compliance by providing:

  • Instant, seamless and immutable record retention of all information shared with investors including logins, document shared/downloaded and location of access
  • Free and unlimited access to historical data for unlimited authorized internal & external stakeholders
  • Ability to self-generate analytical reports
  • Minimum 7 year data retention

Privacy Practices (Data Privacy Framework)

Finsight complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Finsight has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Finsight has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Standard Contractual Clauses

Since July of 2020, the Court of Justice of the European Union (CJEU) has upheld the validity of Standard Contractual Clauses (SCCs) as an adequate data transfer mechanism, including for transfers to the US, provided additional safeguards are met. In light of this, Finsight is making its Standard Contractual Clauses Addendum generally available. The execution of the SCCs combined with Finsight's existing data protection policies, such as encrypting data in transit and scrutinizing government requests for information, provide the additional protection required to transfer personal data from the EU to the US in compliance with GDPR. Finsight abides by the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

Rule 433 Compliant

Since January of 2013, Finsight has worked with the Staff of the Division of Trading and Markets of the Securities and Exchange Commission (“SEC”) to ensure that our products and services adhere to Rule 433 of the Securities Offering Reform of 2005 with respect to the transmission of electronic road shows in connection with public and private offerings of securities.

In May of 2013, the SEC informed Deal Roadshow that a “no-action” letter would not be necessary in light of the clarifications provided by the 2005 Securities Offering Reform as well as the similarities of our products and services with other market participants for which no-action letters have already been issued. The SEC’s conclusion that the Deal Roadshow products and services are covered by the 2005 Securities Offering Reform and other no-action letters affirmatively resolves the issue of whether or not our electronic roadshow solution and related products and services complies with the provisions of Rule 433.

Relevant links:

SOC 2 Certified

Finsight completes a SOC 2 Type II certification annually. The SOC 2 Type II report provides assurance to our clients that we have designed effective security controls as defined by the SOC 2 standards set forth by the American Institute of Certified Public Accountants (AICPA). A copy of the report is available under NDA. Please reach out to security@finsight.com to request a copy.

Last Updated: January 20, 2024