

Knowledgebase
The California Consumer Privacy Act (CCPA) was signed into law on June 28, 2018, by the California State Legislature and introduces sweeping new privacy laws to protect the personal data of California’s residents. Also known as the California Privacy Act, the new legislation modernizes California’s data privacy regime in an era of increasing digital threats. Much like the EU’s General Data Protection Regulation, it also gives residents greater control over what businesses do with their personal information.
The California Privacy Act will come into legal effect on January 1, 2020. Since it involves the regulation of personal data, the act has significant implications for the way banks, fintechs and financial services businesses manage their AML/CFT responsibilities. In order to continue to deliver AML compliance, those firms must understand how the CCPA applies to them.
The CCPA is designed to provide California residents with the right to:
The CCPA applies to every entity (domestic or international) that does business in the state of California and that generates over $25 million per year. The CCPA is also applicable to companies that either:
Or
Firms found to be in violation of the CCPA face fines of up to $7,500 (in the case of intentional violations) per individual breach.
Under the California Privacy Act, firms take on a number of responsibilities to protect the personal data that they collect. In more detail, firms must:
The California Privacy Act’s focus on protecting personal data conflicts with many of the AML measures that banks and financial services firms use to prevent money laundering and the financing of terrorism. By complying with the CCPA, firms could potentially allow money launderers to avoid submitting the sensitive personal information required by a range of important AML/CFT controls.
Fintechs in particular may have significant new data privacy conflicts under the CCPA because their services often necessitate the acquisition of personal data via IP addresses, browsing and search histories, or geolocations.
In order to preserve the regulatory necessity and effectiveness of US AML/CFT laws, the CCPA includes an exemption for identity verification and fraud-detection purposes. More specifically, if a firm must obtain personal information that is necessary to comply with federal or state legislation, such as AML or KYC laws, the Patriot Act or the Bank Secrecy Act, the data protection regulations mandated by the California Privacy Act do not apply.
Where possible, financial services firms must comply with CCPA regulations, which means conducting a review of their AML identity verification and KYC processes and the information about their customers that they retain. If third-party verification services are being used, firms must ensure these providers operate in compliance with the CCPA.
Related articles:
To make sure you get a great experience on our website, we use cookies. If you continue to use this website or you click "Accept" below then you are consenting to this. Read more about our Cookie Policy
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.
Comments
Share your thoughts and start a conversation.