High Level Roundtable for Data Pooling, Analysis and Data Protection, 10-11 March 2021

This high-level gathering discussed how private sector data sharing is critical for combatting money laundering (ML), terrorist financing (TF) and the financing of proliferation (PF). Multinational ML/TF/PF schemes do not respect national boundaries, nor do criminals exploit only one institution to launder their ill-gotten gains. Oftentimes, illicit activity only becomes apparent when institutions and authorities can examine aggregated activity of an actor across different borders and platforms. Representatives of financial institutions stressed that data sharing can improve the overall quality of AML/CFT effectiveness. In this context, data sharing and collaborative analytics was acknowledged as important to improve the quality of suspicious transaction reporting and reduce the number of false positives and defensive reporting.

Technology developers summarised the various privacy enhancing technologies in implementation or being considered for private sector data sharing initiatives. Examples included homomorphic encryption technologies, secure multi-party computation, and differential processing. Participants noted that new and emerging privacy-enhancing technologies offer promising ways to protect information in specific use cases and in line with national and international data protection and privacy frameworks. Privacy-enhancing technologies rely on a range of different cryptographic tools for enabling privacy in various applications. These tools are intended to enable multiple parties to interact meaningfully to achieve an application goal, without revealing underlying private information to one another or to third parties.

All participants noted that AML/CFT and data privacy and protection are both significant public interests that serve important objectives, which are neither in opposition nor inherently mutually exclusive. Therefore, technologies that exchange, pool, or analyse data must protect personal information in line with national and international legal frameworks. The need for data sharing thus requires careful analysis of both the AML/CFT and data privacy and protection implications.
A lack of data standardisation and poor data quality were identified as challenges for data sharing whilst lack of regulatory clarity around the use of privacy enhancing technologies, and what information may be shared and with whom, was also mentioned. Participants noted that AML/CFT data pooling (via both centralised and distributed models) should only take place if the parameters of such data sharing (types of data, circumstances for sharing, communication channels, etc.) are explicitly prescribed by legislation of the jurisdiction of their operation.

Overall, this high-level gathering agreed on the importance of engaging both AML/CFT supervisors and data protection authorities when considering such initiatives or developing and testing technologies to facilitate AML/CFT data sharing. Some participants also underscored the importance of input from law enforcement authorities and FIUs to train algorithms in order to improve typology development.