Financial firms, ranging from banks to cryptocurrency exchanges, are urged by a U.S. body that battles financial fraud to share consumer data to catch wrongdoers.
A fact sheet was released Thursday by the Financial Crimes Enforcement Network (FinCEN), a Treasury Department office, spelling out that the 2001 Patriot Act gives organizations broad discretion about what kind of information they are required to exchange.
Overall, the sheet removes the barriers to further exchange of sensitive customer information between banks, the threshold of what counts as “suspicious behavior, and whether financial institutions even ought to be the ones sharing customer information.
The fact sheet clarifies, among other items, that Section 314(b) of the Act, and the legislation carrying it into effect, “impose no restrictions on the sharing of personal identifiable information.” The sheet added that the protection and secrecy of this data must be secured by organizations and used strictly for the reasons set out in the nearly 20-year-old statute, passed a month after the 9/10 Act.
Nevertheless, the advice is likely to disrupt privacy activists inside and outside the crypto world who are still nervous about the honeypot of personal data that has become the suspicious activity report (SAR) archive of FinCEN. Overall, the more information is exchanged in places, the more ways that data can be misused or robbed.
“It seems that in the spirit of ‘protecting our communities and preventing crimes and bad acts,’ FinCEN’s guidance is dramatically expanding its expectation of banks to share data, at the expense of individuals’ privacy, while potentially exposing them to genuine cyber risks, when it is not clear that such a move is necessary,” said Nizan Geslevich Packin, associate law professor, New York City University.
FinCEN Director Kenneth Blanco framed interbank data sharing as a public safety initiative in a speech Thursday.
“Information sharing among financial institutions through 314(b) is critical to identifying, reporting and preventing crime and bad acts,” In prepared remarks for a simulated assembly of bankers and lawyers, he added. “It is an important part of how we protect our national security.”
Nevertheless, he suggested organizations were hesitant to take part.
“Many have been calling for clarity in this area for a long time,” so the agency saw fit “to clarify in greater detail the circumstances where 314(b) applies, with the hope of enhancing participation,” said Blanco
Blanco said that the information that can be exchanged is not limited to actions accused of containing proceeds from a specified criminal activity (SUA).
Angela Angelovska-Wilson, a co-founder of DLx Law, former chief legal and regulatory officer of Digital Asset, a blockchain tech corporation, agreed that various financial institutions’ management of confidential data could generate additional vulnerabilities, it could eventually be a positive one.
If banks would exchange details on what could be questionable to each other, she concluded, it might deter many organizations from behaving with blinders. e.g., if someone engages in a particular account in one form of operation and then behaves differently in another, all banks may appear suspicious. So if they talk with this data before reporting a SAR, it might help the consumer as a more holistic image of their financial activity could show that they’re not doing something suspicious.
Moreso, Financial organizations are barred from reporting a SAR. However, that happens even though the study has been sent jointly with another organization.
While crypto exchanges are not explicitly listed, money management providers and brokers of shares are. Cryptocurrency firms fill all categories.
Compliance vendors and financial institution organizations, including unincorporated vendors regulated by a contract between participants, are also allowed to engage in information exchange, added FinCEN.
There has been a step towards so-called protective filing over the years, meaning that if anything is questionable, banks are advised to file a SAR if there is an issue.
This lead to what one enforcement officer referred to as an “avalanche of data” because financial institutions were gradually filing FinCEN.
Image Courtesy of Pexels