Page 160 - Cyber Defense eMagazine January 2023
P. 160
An evolving data collaboration regulatory framework
Collaboration between firms is crucial and regulation has gone some way to encouraging this. The USA
Patriot Act, specifically Section 314(b), allows financial institutions to share information with one another
so they can identify and report to the federal government activities that may involve money laundering or
terrorist financing activity, including predicate offenses.
Other governments and regulators around the world have joined the cause. The Financial Action Task
Force (FATF), Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Financial
Conduct Authority (FCA), Monetary Authority of Singapore (MAS), and of course Financial Crimes
Enforcement Network (FinCEN), have continued calling for more information sharing and collaboration
among regulated entities to better fight financial crimes and terrorism. However, while Section 314(b) has
been well-received, it remains underutilized and, therefore, still far from reaching its full potential.
Existing approaches
The problem is that firms can only share appropriate data if they can preserve privacy, confidentiality,
and regulatory compliance. Too much transparency would fuel competitive concerns, as revealing details
of a key account, for example, could expose valuable information to the market. Firms must also respect
their country’s privacy laws, which in some cases outside the US prohibits them from declaring they have
a business relationship with a specific party.
Many existing approaches cannot offer privacy guarantees. In financial crime, previous efforts have
included the creation of utilities and consortia but, typically, these have leant on manual approaches and
the sharing of strategies rather than actual data, which only goes so far.
Other efforts have lacked automation and proven to be inefficient. Often, participants don’t share all the
available data due to privacy issues and protections around that information, and the manual nature of
these efforts are difficult to scale. The processes required to share data on a one-to-one basis don’t work
when it comes to sharing data with an entire network.
A third approach, which is used across the industry, is implementing transaction monitoring systems.
These go a long way to helping understand risk and suspicion, but the challenge with these systems is
that they rely on data that the firm or jurisdiction already has, so they don’t actually address the data
sharing and collaboration problem.
More recent approaches to tackle financial crime are based on blockchain or hashing. With blockchain,
however, the problem is that its key benefit is also its downfall – transparency. Even in a closed network,
any participant can see the data being shared, which compromises privacy and security, and reveals
information about competitors’ customers and transactions.
As a result, firms are often reluctant to join blockchain initiatives or avoid contributing their most valuable
data, making the solution incomplete and ineffective. Essentially, blockchain does not adequately
address these regulatory and competitive concerns, which hampers how effective these solutions can
be.
Cyber Defense eMagazine – January 2023 Edition 160
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.