Research from the SWIFT Institute underlines some of the challenges faced by financial institutions (FIs) in terms of data privacy laws and anti-money laundering (AML) and counter-terrorism finance (CTF).
The report – Multinational Banking and Conflicts among US-EU AML/CTF Compliance & Privacy Law: Operational & Political Views in Context – shows there is a conflict between information sharing and data privacy legislation in the US and the EU, suggesting that global FIs will face this compliance conundrum when trying to integrate the two areas of law in the next two years.
Notable legal differences
“The US and EU subscribe to Financial Action Task Force (FATF) recommendations, but there are notable differences in implementation,” said the author of the study, Dr. Michelle Frasher.
Some of the legal differences that can conflict with AML/CTF regulations arise from the following points:
- the European Union’s Anti-Money Laundering Directive requires enterprise-wide data protection within AML/CTF operations across a multinational financial institution (MFI), while US law does not, which creates regulatory risk; and
- in the US, data is typically the property of the entity that possesses it, for example a bank, while in the EU’s rule-based privacy regime data ownership belongs to the individual as a human right.
Banks urged to consider location of servers
The report advises global banks to consider the location of their servers to determine their risk exposures to foreign authority access as well as data breaches.
It also analyses 19 compliance areas of US federal and EU-level AML/CTF and data privacy legislation, evaluating the strengths, weaknesses and risks of both regimes. The chart below, published by the SWIFT Institute in the report, shows the results of this analysis with each bar filled with varying degrees of black to indicate the “severity of MFI risk due to conflicts between data privacy and AML/CTF legislation, or where there are noticeable gaps in either US or EU AML or privacy requirements”. It also indicates issues with US law and EU legislation, with icons on the left and right of each 'compliance bar'.
Compliance isn’t working: can war games help prevent financial crime?
Despite huge investment in compliance, levels of economic crime are growing. New thinking is needed. Could war game simulations help companies prepare for and respond to crime more effectively?
KYC services expand to include due diligence across all regulations and regions
kyc.com’s KYC and due diligence service gains traction with more member banks and more corporate users
10 ways the EU data protection regulation could impact your company
Did you know that the EU data protection regulation could mean a €2.3bn boost for business? Here are 10 ways the GDPR will change things for businesses that process customer data in the EU.