Regulators needs to look again at how GDPR functions

The General Data Protection Regulation (GDPR) needs to be reviewed to allow legitimate data tracking and sharing to tackle financial crime, say industry experts.Regulation is one of the biggest barriers to effectively deal with financial crime, according to several industry professionals speaking at the Financial Crime 360 conference (FC360) – held on 22 November at the Royal Lancaster Hotel in London. Other issues include a lack of understanding of what tools, systems and procedures each company uses to analyse and address financial crime, as well as an absence of general coordination and communication. Simon Miller, director of policy and communications at Stop Scams UK, believes there is “a really good legitimate reason for governments and other policymakers to look again at how GDPR functions”, focusing on the facts of data protection, digital information and when and where firms can share data. Olivier Morlet, regional head of financial crime at HSBC, agreed that although regulation is good for data protection and protecting us, it needs the flexibility to share more information in appropriate circumstances. “The goal now is to = somehow revisit the regulation,” he says.

What the consumer looks like

There are three main factors where data sharing is the most important, according to Matthew Wilson, director of sales at Ekata. The first is personal identifiable information, but that comes with a lot of risks and requires consumer protections. However, if the right provisions were in place it could work. The second is biometrics and the capability of devices now available in the market. Finally, payment instruments, such as online transactions, which involves providing payment information very regularly. Being able to properly use a combination of all three, as well as digital identity, can offer a strong picture of what a consumer could look like. However, there is agreement among many that ID verification is not enough and there needs to be a better understanding of how a consumer conducts activities to verify them. Many believe that allowing this information to be effectively tracked and shared is important. Wilson believes the financial services sector is in a unique position where better data sharing rules could work well because it is a highly regulated sector and there is due diligence and legitimate interest to tackle fraud and financial crime. “A lot of data can be shared. But of course, with the kind of provisions that need to be in place to protect that data,” he says.

Complex undertaking

Although data sharing sounds simple if the right regulation was in place, there are multiple complications to address. For example, data sharing has to happen across public and private entities. “Public bodies need to be better at sharing data with private enterprise to enable them to take action,” says Miller. “That in itself will help on changing the wider environment about what can be shared, how things can be shared and collaboration more generally.” This would allow companies to work better through public-private partnerships and enhance the mechanisms for sharing data. However, the success of any approach is likely to be confined to national or regional borders. “This is another barrier because financial crime is global,” says Morlet. The other problem is around defining what collaboration is and what form this takes. In terms of regulatory oversight, there is a risk of there being several bodies responsible for overseeing data sharing, collaboration, etc. If that happens, it has to be done in a way that isn’t slow, which could potentially allow fraudsters more of an opportunity to get away with their crimes. “I think one of the key things around collaboration is knowing what it is that we’re actually talking about and understanding what is often missing is knowledge around the systems and data that others have and what they can do,” says Miller. He describes the task of collaboration as “putting together a jigsaw puzzle”, which requires everyone to be cognisant that they only hold one or two pieces and therefore and the whole ecosystem around tackling financial crime needs to work towards understanding the jigsaw pieces that are held by others, when and where they can deploy them, and on what basis. If regulators reassessed GDPR and the whole ecosystem came together as pieces to the puzzle, the shield against financial crime would be significantly strengthened. Thank you to everyone who sponsored, spoke and attended. If you missed out, here’s a snapshot of what you missed. To see more, click here.