Treasury News Network

Learn & Share the latest News & Analysis in Corporate Treasury

  1. Home
  2. Operations
  3. Control & Compliance in Operations

US/EU legal differences on data privacy and AML cause conflict for bank compliance

Research from the SWIFT Institute underlines some of the challenges faced by financial institutions (FIs) in terms of data privacy laws and anti-money laundering (AML) and counter-terrorism finance (CTF).

The report – Multinational Banking and Conflicts among US-EU AML/CTF Compliance & Privacy Law: Operational & Political Views in Context  – shows there is a conflict between information sharing and data privacy legislation in the US and the EU, suggesting that global FIs will face this compliance conundrum when trying to integrate the two areas of law in the next two years.

Notable legal differences

“The US and EU subscribe to Financial Action Task Force (FATF) recommendations, but there are notable differences in implementation,” said the author of the study, Dr. Michelle Frasher.

Some of the legal differences that can conflict with AML/CTF regulations arise from the following points:

  1. the European Union’s Anti-Money Laundering Directive requires enterprise-wide data protection within AML/CTF operations across a multinational financial institution (MFI), while US law does not, which creates regulatory risk; and
  2. in the US, data is typically the property of the entity that possesses it, for example a bank, while in the EU’s rule-based privacy regime data ownership belongs to the individual as a human right.

Banks urged to consider location of servers

The report advises global banks to consider the location of their servers to determine their risk exposures to foreign authority access as well as data breaches.

It also analyses 19 compliance areas of US federal and EU-level AML/CTF and data privacy legislation, evaluating the strengths, weaknesses and risks of both regimes. The chart below, published by the SWIFT Institute in the report, shows the results of this analysis with each bar filled with varying degrees of black to indicate the “severity of MFI risk due to conflicts between data privacy and AML/CTF legislation, or where there are noticeable gaps in either US or EU AML or privacy requirements”. It also indicates issues with US law and EU legislation, with icons on the left and right of each 'compliance bar'.

Like this item? Get our Weekly Update newsletter. Subscribe today

Also see

Add a comment

New comment submissions are moderated.