-
The Treasury Department gave financial institutions a rare pat on the back in a recent analysis of anti-money-laundering safeguards, saying the system has significantly improved.
June 19 -
As the financial industry scrambles to monetize big data, it would be smart to remember that consumers' growing concerns about privacy issues might stanch the flow of personal information in coming years.
October 29 -
The Department of Justice is looking into whether the two dozen banks that facilitated bribes allegedly paid to FIFA officials knew they were doing so. The case is also a test of how much liability banks have over illegal payments they allow.
May 28
In the digital age, financial data is both a commercial tool and a means of detecting criminal activity. This leaves multinational financial institutions, especially those that operate in both the United States and the European Union, at risk for fines and litigation.
The dual nature of financial data means that it is simultaneously governed by two regimes: anti-money-laundering and counter-terrorism finance laws that seek to protect the financial system from fraud, crime, and political violence; and data protection and privacy laws that seek to protect an individual's identity and choices from government and private abuse.
Neither set of regulations adequately addresses financial data's dual role. This means that multinational banks can find it difficult to comply with one without violating the other particularly given that different countries incentivize banks to prioritize different regimes. It is time for the financial sector to take this opportunity to establish industry standards that turn client privacy into a business asset. This will mitigate the operational risks arising from sometimes-contradictory national AML and data protection requirements.
There is some harmony between U.S. and E.U. risk-based laws intended to root out money laundering and terrorist financing. Privacy is a different story.
The E.U.'s comprehensive rules-based system protects privacy as a human right. The law is meant to be applied with limited exceptions. Meanwhile, the U.S. protects privacy by sector and typically treats consumer data as property, with civil rights set by case law. Multinational banks find themselves balancing different demands on the data they collect from their clients, which causes problems in AML compliance.
The legal ambiguities have their greatest impact with cross-border data flows. This year, the E.U.'s fourth money-laundering directive legalized group-wide suspicious activity reports and supporting data and included data protection provisions that safeguard these transfers.
Couching data protection within AML operations provides a trail of accountability. But U.S. and E.U. multinationals still face obstacles since they do not, and cannot, allow unfettered
Conflicting Accountabilities
One thing that data protection and AML officials do share is an affinity for enforcing accountability with fines and litigation. In 2014, the U.S. levied
The inclusion of data protection in the Money-Laundering Directive closes many of the E.U.'s AML data loopholes. The requirement for group-wide data sharing makes it clear that AML processes and procedures must include privacy standards no matter where they operate. And soon, the E.U.'s
Yet given the current trend of holding AML compliance officials
An experienced AML officer made this point explicitly in May at the Association of Certified Anti-Money Laundering Specialists' 11th Annual AML and Financial Crime conference in London when a fellow panelist challenged him about using data that might violate data privacy and protection rules:
"But you might get a 5% global fine!"
"Yes, I know, but I am not putting myself in jeopardy."
Few compliance officers would disagree.
A Multidisciplinary Approach to Best Practices
It is in no one's best interest for AML and data privacy regulations to maintain their transatlantic collision course. To navigate this new environment, financial services officials need to change their attitudes about data privacy.
For many, it is understandably easier to view countering illicit finance and terrorism as a public good. The threat of state surveillance or corporate data misuse might seem benign in comparison.
But financial institutions must reevaluate their ethical responsibilities to client data. The political climate has shifted, and the public expects private corporations to consciously balance national security with individual rights.
Moreover, banks' entitled attitude toward client data and their attempts to
Ultimately, it is big banks' responsibility to establish data privacy best practices in the context of their AML duties. At the global and regional levels, some conflicts could be mitigated by establishing regular
The duality of data in finance cannot be eliminated. However, the risks among national security, privacy, and business can be improved with a concerted effort on the part of the industry.
Dr. Michelle Frasher is a consulting and research scholar affiliated with the E.U. Center at the University of Illinois at Urbana-Champagne. Her study on AML and data protection issues in the U.S. and E.U., sponsored by the
