Out-Law / Your Daily Need-To-Know

Banks warned about clash between AML and data privacy rules

31 Aug 2015, 10:27 am

Banks could be exposed to heavy fines for breaking data protection laws if anti-money laundering (AML) compliance officers use data they should not to meet their duties under AML regulations, a US academic has warned.

Dr Michelle Frasher, finance, data and privacy research scholar on the Fulbright-Schuman program, highlighted the discord that can exist between compliance with US and EU AML rules and the EU's data protection regime in an article published by American Banker.

"The dual nature of financial data means that it is simultaneously governed by two regimes: anti-money-laundering and counter-terrorism finance laws that seek to protect the financial system from fraud, crime, and political violence; and data protection and privacy laws that seek to protect an individual's identity and choices from government and private abuse," Dr. Michelle wrote. "Neither set of regulations adequately addresses financial data's dual role. This means that multinational banks can find it difficult to comply with one without violating the other — particularly given that different countries incentivize banks to prioritize different regimes."

"It is time for the financial sector to take this opportunity to establish industry standards that turn client privacy into a business asset. This will mitigate the operational risks arising from sometimes-contradictory national AML and data protection requirements," she said.

The academic said that compliance with AML rules is likely to be prioritised over data law compliance because of the increasing accountability being placed on individuals within banks for ensuring AML rules are adhered to.

She said "an experienced AML officer" had admitted at a conference in London earlier this year that they would risk their employer being fined up to 5% of their global turnover, as is proposed under new EU data protection rules being negotiated, by "using data that might violate data privacy and protection rules" to meet their AML responsibilities. He said he would do that so as not to put themselves "in jeopardy", Dr Michelle said. The academic said most other AML officers would also adopt that view.

"Given the current trend of holding AML compliance officials personally accountable for violations as well as the broader regulatory effort to instil a culture of ethical responsibility into business, it's likely that AML priorities will remain many banks' top priority," Dr Michelle said. "The AML/privacy dichotomy will prompt many compliance officials to weigh their own welfare against that of their firms."