ACAMS Connection, AFC Challenges, September – November 2023

Deterring Financial Crimes While Respecting Data Sovereignty

Sep. 13, 2023

Deterring Financial Crimes While Respecting Data Sovereignty

Financial crimes such as money laundering, fraud and terrorist financing continue to pose significant risks to the stability and integrity of the global financial system. Governments and regulatory bodies have responded by implementing strict measures to detect, prevent and report such activities. However, as countries pursue the protection of their citizens’ data and assert country sovereignty, conflicts between anti-financial crimes (AFC) compliance and data sovereignty have emerged.

AFC compliance involves a comprehensive framework of laws, regulations and procedures designed to ensure the integrity of financial systems. This includes know your customer (KYC) procedures, anti-money laundering (AML) measures and the reporting of suspicious activities. Compliance obligations at a high level are similar (think about the pillars), but obligations do differ across jurisdictions, creating challenges for financial institutions (FIs) operating in multiple countries.

Data sovereignty refers to the concept that data is subject to the laws and regulations of the country in which it originated. It is driven by concerns over privacy, security and national interests. Countries are enacting legislation to assert control over data generated within their borders. These range from requiring organizations to store and process data locally to requiring organizations to satisfy stringent conditions before data can be transferred offshore. This approach can and often does conflict with cross-border financial transactions and compliance efforts to prevent money laundering.

The Conflicts and Challenges

The conflicts between financial crimes compliance and data sovereignty have a significant impact on global FIs. These organizations face an increasing burden in navigating complex and conflicting compliance requirements, investing in localized infrastructure and managing legal risks associated with data access and storage.

  • Data localization requirements: Some countries impose data localization requirements, mandating that data generated within their borders be stored locally. This conflicts with the cross-border nature of financial transactions and the need for centralized compliance efforts, making it challenging for global FIs to comply with both data sovereignty and AFC obligations. In certain instances, an organization may end up duplicating roles and systems to meet individual jurisdictional requirements, creating additional expense and risk.
  • Data access and jurisdictional issues: Data sovereignty can also create challenges in accessing data for compliance purposes. Governments may limit access to data stored within their jurisdiction, hindering the ability to detect and investigate financial crimes effectively. As an example, an AML or sanctions reporting obligation in one country may conflict with another country’s data sovereignty laws, putting FIs in difficult positions.

The Need for Collaboration and Harmonization

Collaboration and harmonization between governments, regulatory bodies and FIs can address the complexity and conflicts of financial crime. These include:

  • International cooperation: Encouraging dialogue and cooperation among governments and regulatory bodies to develop common frameworks and standards for AFC compliance, taking into account data sovereignty concerns.
  • Public-private partnerships (PPPs): Governments and regulatory bodies must actively engage with the private sector, fostering partnerships that promote information sharing and collaborative efforts in combating financial crimes while respecting data privacy. By working together, public and private entities can leverage their respective strengths, expertise and resources to develop innovative solutions that address compliance challenges while respecting data sovereignty.
  • Technology as a catalyst: Technology advancements offer significant potential in mitigating the conflicts between financial crimes compliance and data sovereignty. Blockchain technology, for example, enables secure and transparent transactions while maintaining data integrity. Public and private stakeholders should explore and invest in technologies that enable efficient and compliant data management, storage and analysis. This includes leveraging artificial intelligence and machine learning algorithms to enhance the detection and prevention of financial crimes while ensuring privacy and data protection.
  • Data anonymization and encryption: Implementing robust data anonymization and encryption techniques can help strike a balance between compliance obligations and data sovereignty. By anonymizing sensitive information, FIs can uphold privacy requirements while still leveraging the necessary data for compliance purposes. Encryption techniques can safeguard data during cross-border transfers, ensuring compliance with data sovereignty regulations without compromising security.
  • Legal and regulatory reforms: Governments and regulatory bodies can review and update existing laws and regulations to accommodate the challenges posed by data sovereignty while ensuring effective financial crimes compliance. This likely should include refining international financial crimes compliance standards and frameworks to streamline obligations across jurisdictions. In addition, flexibility and adaptability in regulatory approaches are essential for keeping pace with technological advancements and emerging financial crime trends.
  • Education and training: Given the constantly evolving nature of financial crimes and data sovereignty issues, continuous education and training programs are crucial. Both governments and FIs must invest in the knowledge and skills-building of professionals involved in compliance efforts. This includes staying informed on emerging technologies, regulatory developments and best practices for addressing financial crimes compliance and data sovereignty.

Conclusion

Addressing the complexity and conflicts arising from AFC and data sovereignty requires a multifaceted and coordinated approach that first recognizes the shared interest between all stakeholders in preventing the occurrence of financial crimes while still ensuring the protection of individuals’ right to privacy.

By working together, public and private entities can leverage their respective strengths, expertise and resources to develop innovative solutions that address compliance challenges while respecting data sovereignty

To achieve an effective and balanced solution, dialogue and collaboration between governments, regulatory bodies and FIs will be essential. Dialogue and collaboration are needed because we are stronger together in this fight against criminals (who are already collaborating and sharing tools among themselves).

The establishment of strong public-public partnerships and PPPs, improving legal and regulatory certainty for cross-border data sharing for AFC purposes, and the adoption of enabling technology innovations are also essential. Through collaboration, leveraging technology and promoting legal and regulatory reforms, all stakeholders will be able to achieve an effective balance between compliance obligations and data sovereignty concerns. Together, we can foster a secure and resilient global financial ecosystem that deters financial crimes while respecting the sovereignty of data.

Howard R. Fields, chief compliance officer, Mastercard,

You might also like
NPOs: Risk for Suspicious Activity
AFC Challenges, Exclusive

NPOs: Risk for Suspicious Activity

Europe’s PEP List Debate
AFC Challenges, Europe Express, World Digest

Europe’s PEP List Debate

Russian Sanctions: Hitting the Target or Missing the Mark?
ACAMS Connection, Europe Express, Featured Column

Russian Sanctions: Hitting the Target or Missing the Mark?

The Missing Pieces in Financial Crime Investigations
ACAMS Connection, Back to the Basics

The Missing Pieces in Financial Crime Investigations

Leave a Reply