Variations in US/EU law can lead to compliance challenges for multinational banking community
New academic research from the SWIFT Institute shows that conflicts between information sharing and data privacy can lead to information breakdowns across jurisdictions
Brussels, 9 August 2016 – The SWIFT Institute has released new research on the challenges of information statecraft for today’s global financial community. The report, ‘Multinational Banking and Conflicts among US-EU AML/CTF Compliance & Privacy Law: Operational & Political Views in Context,’ focuses on the duality between laws that seek to use data to protect the financial system and laws that seek to protect data privacy. It reveals the many compliance areas that will challenge multinational financial institutions as they integrate privacy into their anti-money laundering (AML) and counter-terrorism finance (CTF) operations over the next two years.
According to the study, the European Union’s Anti-Money Laundering Directive (4AMLD) requires enterprise-wide data protection within AML/CTF operations across a multinational financial institution (MFI), while US law does not, which creates regulatory risk. In the US, data is typically the property of the entity that possesses it, for example a bank, whilst in the EU’s rule-based privacy regime data ownership belongs to the individual as a human right, this can conflict with AML/CTF regulations.
The study’s author, Dr. Michelle Frasher, says, “The US and EU subscribe to Financial Action Task Force (FATF) recommendations, but there are notable differences in implementation. The EU is setting the terms of data protection in AML/CTF compliance, and there are few people with the knowledge and skillsets to communicate across these disciplines. As the EU Member States establish technological and organizational safeguards for AML/CTF data protection within the next two years, officials should engage in cooperative and collaborative dialogues with the financial services to create workable solutions.”
Frasher’s research found that both US and EU law mandates MFIs’ cooperation with national authorities, but EU firms with operations in the US may be at greater risk for data requests from US authorities, which may run afoul of EU privacy expectations as data is shared across the group. MFIs must consider the location of their servers to determine their risk exposures to foreign authority access as well as data breaches.
Furthermore, the US Patriot Act’s mandatory data searches for subjects “reasonably suspected” of money laundering or terrorist financing challenges European data collection, retention, deletion, purpose limitation, or access requirements. Even so, EU Member States and national security intelligence agencies are not covered by EU data protection law.
“With this research, we aimed to present a comparative analysis of US federal and EU-level AML/CTF and data protection laws,” adds Frasher. “Challenges notwithstanding, data privacy programs benefit AML/CTF compliance because they create accountability trails, help financial institutions produce better data to authorities, and lend reputational currency. Despite the regulatory conflicts, the financial services industry has an opportunity to contribute to data privacy/AML/CTF solutions that fit their operations.”
The report concludes that firms can address complex compliance challenges by creating integrated AML/CTF, information technology, and privacy teams, or encourage employees to seek cross-functional training to break down information and education stovepipes inherent in MFI organizational structures.
For more information, and to view the full report.
The views and opinions expressed in this paper are those of the authors. SWIFT and the SWIFT Institute have not made any editorial review of this paper, therefore the views and opinions do not necessarily reflect those of either SWIFT or the SWIFT Institute.
About SWIFT Institute
Launched in April 2012, the SWIFT Institute fosters independent research to extend the understanding of current practices and future needs across the financial industry. Managed by SWIFT, and working in close collaboration with academics from top international universities, the SWIFT Institute brings the financial industry and academia together to explore ideas and share knowledge on topics of global importance.
The research covers various aspects of transaction banking, including the following areas: Payments, Clearing / Settlement, Cash Management, Trade Finance, Trust and Securities.
SWIFT is a global member-owned cooperative and the world’s leading provider of secure financial messaging services.
We provide our community with a platform for messaging and standards for communicating, and we offer products and services to facilitate access and integration, identification, analysis and financial crime compliance.
Our messaging platform, products and services connect more than 11,000 banking and securities organisations, market infrastructures and corporate customers in more than 200 countries and territories, enabling them to communicate securely and exchange standardised financial messages in a reliable way. As their trusted provider, we facilitate global and local financial flows, support trade and commerce all around the world; we relentlessly pursue operational excellence and continually seek ways to lower costs, reduce risks and eliminate operational inefficiencies.
Headquartered in Belgium, SWIFT’s international governance and oversight reinforces the neutral, global character of its cooperative structure. SWIFT’s global office network ensures an active presence in all the major financial centres.
+44 (0)20 7426 9400