Some may well think the title of this blog is a little controversial, but these are not my words. I’ve shamelessly lifted this title from a press release that the UK Information Commissioner (ICO) issued in support of International Fraud Awareness Week.
As the ICO points out, “Fraud is the most frequently experienced crime in the UK, accounting for 39% of all reported crime in England and Wales.” Consequently, the Sunak government labelled fraud a threat to national security, a label that seems unlikely to disappear anytime soon.
“The volume of fraud, its capacity to undermine public confidence in the rule of law, and its potential negative effect on the UK’s financial reputation, means it should be considered a national security threat.” - Fraud Strategy: stopping scams and protecting the public
The UK’s ICO is not unique in seeking to highlight the scope for private organisations to share data to prevent financial crime. The US Treasury’s FinCEN has also sought to highlight that provisions within Section 314(b) of the USA PATRIOT Act enable financial institutions or associations of financial institutions to share information with each other
FinCEN also sought the address one of the potential blockers to voluntary sharing by making it clear that Section 314(b) provides organisations with protection from liability. However, this expanded guidance has still done little to move the needle for financial institutions to voluntarily share information. A recent guide published by the Knoble, Financial Crime and 314(b): A Practical Guide to Navigating Information Sharing Obstacles, explores in greater detail why financial institutions remain hesitant.
Breaking down the barriers
a well-known UK consumer advocacy group, has also sought to debunk the perception that data protection can be used as a justification not to engage in the proportionate and lawful sharing of data.
In their extensive engagement with business, they identified three common blockers to sharing:
- Data Protection: Which? found that businesses perceived that sharing would give rise to legal risk.
- Cost: Their engagement identified that businesses face a range of legal, technical and administrative costs to participating in data sharing schemes.
- Competition: Businesses are concerned that participating in data sharing schemes may help their competitors. Principally by damage to their reputation or the inadvertent loss of intellectual property.
Which? also put forward a series of practical suggestions to address these barriers and called on Government to take a leading role in their pursuit. These suggestions included:
- Establish duties to prevent fraud in key sectors: The report called upon Government to ensure that key sectors were provided with financial incentives to participate in sharing. This would address the inevitable necessity for organisations to make a business case to underpin their investment.
- Increase legal certainty: Which? called on the Government to work with the ICO to create new guidance that provides additional clarity on when and how businesses can share data to prevent fraud while still complying with data protection legislation.
- Set standards to facilitate data sharing hubs and Open Government data. Mindful of the potential for Government to be seen as telling businesses to do as it says, rather than as it does.
Which? also sensibly called for it to set the standard for sharing, leveraging data it holds and demonstrating the use of measures such as anonymisation to ensure sharing is proportionate and legal.
Adopting a positive risk stance
Albert Einstein once said, “In the middle of every difficulty lies opportunity.”
The perspective on information sharing between banks needs to shift from being a conversation about risks to one about rewards. Positive risks are better known as opportunities!
BioCatch Trust™ is a great example of this mindset, providing bank customers in participating financial institutions with protection from against financial crime, scams, and fraud. This real-time data sharing solution enables a customer’s bank to determine the trustworthiness of the accounts to which they direct their transfers and payments. If the network deems a receiving account untrustworthy, it shares this intelligence with the sending bank in real time, allowing the sending institution to suspend and investigate the transaction before any money leaves the sender’s account.
BioCatch Trust™ was recently launched in Australia with participation from the four largest banks in the country as the first inter-bank, behaviour- and device-based fraud and scams intelligence-sharing network. This innovative approach to countering scams and fraud by looking at payment risk from both the sending and receiving side demonstrates that it is possible to overcome the sort of blockers identified by Which?.
I can’t put it better than Stephen Almond, Executive Director for Regulatory Risk at the ICO.
“From emotional distress to financial damage, scams and fraud have serious consequences. We strongly support responsible and effective data sharing between organisations, which is key to staying one step ahead of criminals and preventing scams before they cause harm.
“Protecting people must be the priority - I am warning organisations today that data protection law is not an excuse, and it does not stop you sharing data that may assist with tackling fraud. Organisations acting responsibly can be reassured that we will take this into account if something goes wrong and we need to consider a regulatory response.”
More information on the ICO’s position on data sharing can be found here.