Skip to main content Skip to navigation

FATF Issues New Report on Data Protection, Technology, and Private Sector Information Sharing

Regulators & Key Institutions Latest News

The Financial Action Task Force (FATF) has released a report highlighting how financial institutions (FIs) can responsibly implement information-sharing initiatives among private sector entities. These initiatives are becoming a key frontier in helping regulators and financial institutions better understand and mitigate money laundering and terrorist financing risks more effectively. 

Based on lessons learned by members of the FATF and its Global Network, the report finds that private sector information-sharing measures can be achieved in compliance with data protection and privacy (DPP) rules, subject to key tests and requirements.

The report aligns with the FATF’s wider priority of countering illicit finance related to cyber-enabled crime through data analytics and industry partnerships, as highlighted by its new Singapore Presidency in early July. 

COSMIC platform case study 

The report includes eight case studies where entities have endeavored to balance anti-money laundering, combatting the financing of terrorism, and counter-proliferation financing (AML/CFT/CPF) requirements with DPP rules. Singapore’s COSMIC platform, which will enable banks to share and analyze information on customers and transactions, features as a use case. 

Set to launch in the first half of 2023, COSMIC is owned and operated by the Monetary Authority of Singapore (MAS). Through the platform, FIs will be able to securely share information when “material risk thresholds” are breached, resulting in transactions being “red flagged” to enable easier tracking and faster responses to criminal behavior.

While the Personal Data Protection Act (PDPA) is Singapore’s principal data protection regulation, the PDPA provides a legislative route for “other written law” to prevail over the Act’s requirements. In light of this, MAS is making legislative amendments to the Financial Services and Markets Act to create a regulatory framework for COSMIC that accommodates the sharing of risk information between FIs for AML/CFT/CPF purposes. 

To further ensure the security of the data collected and shared by FIs, COSMIC features a user-authentication mechanism, data encryption, entity resolution, and network-linked analysis.

Recommendations for responsible collaboration

The FATF has also developed recommendations for the public and private sectors to help entities avoid common pitfalls when undertaking information exchange.

For the private sector, the FATF recommends using privacy-enhancing technologies, pursuing data protection at the outset, establishing early and ongoing engagement with data protection authorities, and identifying appropriate metrics to measure success. Its suggestions include:

For the public sector, the FATF recommends actively facilitating regular dialogue between data protection and AML/CFT/CPF authorities, including:

  • Highlighting particular typologies or key data types that would most benefit from information sharing
  • Using regulatory sandboxes and pilot programs to test information-sharing initiatives, understand the policy implications, and build trust
  • Holding regular forums between AML/CFT/CPF authorities, data protection authorities, and private sector institutions to share experiences, discuss challenges, and develop relationships

Key takeaways

Compliance teams looking to enhance their information exchange procedures should consider the additional resources provided by the FATF, some of which include:

As the launch date for COSMIC draws closer, compliance staff from all FIs operating in Singapore should ensure they understand how the platform will be used, especially as the initiative is likely to expand to other sectors and focus areas.

 

A Spotlight on Financial Crime

Stay on top of regional trends and novel criminal techniques so you can protect your business from financial crime.

Download now

Originally published 29 July 2022, updated 22 August 2024

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).