In July 2019, the UK’s Financial Conduct Authority (FCA) held a week-long Global Anti-Money Laundering and Financial Crime TechSprint (FCA TechSprint) event. The FCA TechSprint looked at ways to effectively combat financial crime and money laundering within the financial services industry. On 16 October 2019, the Information Commissioner’s Office (ICO) released a blog that focuses on the lessons learnt from the FCA TechSprint.

Background

The FCA TechSprint brought together teams from all over the world to explore how encryption techniques known as privacy enhancing technologies (PETs) can facilitate data and knowledge sharing among financial institutions, regulators and law enforcement agencies to detect and prevent money laundering and financial crime, while remaining compliant with data protection and privacy laws.

The teams worked towards developing solutions to the following use cases:

  • how can a network of market participants use PETs and data analytics to interrogate financial transactions stored in databases within institutions to identify credible suspicions without compromising data privacy legislation?
  • how can market participants efficiently and effectively codify topologies of crime which can be shared and readily implemented by others in their crime controls?
  • how can a market participant check that the company or individual they are performing due diligence on has not raised flags or concerns within another market participant, and/or verify that the data elements they have for the company or individual match those held by another market participant?
  • how can technology be used to assist in identifying an ultimate beneficiary owner across a network of market participants and a national register?

ICO’s Regulators’ Business Innovation Privacy Hub was present at the FCA TechSprint to offer guidance on the data protection implications of implementing PETs.

ICO identified three key takeaways for the FCA TechSprint teams:

  1. data protection is a core building block of design and not a bolt-on. Data privacy laws should not be made to fit the PETs solution, instead privacy laws should be thought of at the outset;
  2. PETs will not facilitate the solution to all GDPR compliance issues. It is important to think carefully about what data protection issues are raised by the proposed PETs solution; and
  3. collaboration is key between people from different sectors and backgrounds for successful development in this area.

Comment

Data protection and privacy laws are often seen as a threat to innovation. The FCA TechSprint proves that this is unfounded and that, on the contrary, collaboration between different regulators can assist businesses involved in innovation programmes to work towards successful solutions that do not compromise innovation or data privacy. We look forward to future forms of regulatory collaborations. Keep an eye on this blog for further updates.