It is Canada’s dirty little secret.
This country struggles to foil financial criminals in part because banks can’t share information with each other about crooked clients who use their accounts to launder the proceeds of crime. As a result, illicit funds often flow from lender to lender even if some banks shutter accounts.
At the root of this particular problem is an outdated privacy law on the books in Ottawa. The Personal Information Protection and Electronic Documents Act, or PIPEDA, restricts how businesses, including banks, collect and use personal information about their customers.
These safeguards are meant to protect consumers from unreasonable privacy intrusions, but unfortunately they also allow suspected money launderers to switch banks without detection because financial institutions are prohibited from warning each other about suspicious activity.
It makes no sense because PIPEDA does allow information sharing in cases of fraud. But since there isn’t a similar exemption for money laundering, banks are left in the untenable position of playing whack-a-mole even though they spend heavily on compliance programs each year.
One would think the federal government – which plans to overhaul both PIPEDA and the Proceeds of Crime (Money Laundering) and Terrorist Financing Act – would be eager to finally fix this problem. After all, report after report, including the recent Cullen Commission of Inquiry into Money Laundering in British Columbia, has cited these information gaps as an impediment to fighting financial crime.
Ottawa, however, remains non-committal even though financial institutions have long pleaded for a legislative solution. Specifically, the industry has sought a “safe harbour” provision that shields them from legal liability if they participate in data-sharing partnerships to catch money launderers.
The government’s reticence is odd.
U.S. banks have benefited from such protections for more than 20 years. What’s more, other countries are taking various actions to illuminate these blind spots for banks.
A new report by the Future of Financial Intelligence Sharing program – which is part of the Royal United Services Institute, a British-based defence and security think tank – compares 15 information-sharing platforms for banks in countries including the United States, Britain, Singapore, the Netherlands, Switzerland, Estonia and Australia.
“Professional money launderers are known to open and manage multiple accounts, across multiple financial institutions,” the study states.
“However, the traditional approach to identifying financial crime through national anti-money laundering reporting systems is based on individual financial institutions observing their own business data in isolation from other financial institutions. As such, analysis to identify suspicious activity is taking place on fragmented financial data, with only partial visibility of potential criminal networks.”
Of course, each of the 15 information-sharing platforms highlighted in the report has its own strengths and weaknesses.
But one project worth noting is Transactie Monitoring Nederland, which is a joint venture between five of the largest banks in the Netherlands that is designed to detect money laundering and terrorist financing. TMNL, as it is known for short, has a limited focus on business clients and involves both transaction monitoring and multi-bank alerts, the report said, adding the initiative uses encryption and other privacy preserving techniques.
“TMNL has delivered alert generation that banks cannot generate individually, based on the respective data scope,” the study states.
Why should this analysis matter to Canadian legislators?
Well, for starters, the study’s author, Nick Maxwell, is one of the world’s top experts in information-sharing partnerships. He was also a key witness at the Cullen Commission and his testimony provided a reality check.
The truth is, in order to overcome problems with PIPEDA, regulated businesses in Canada, including banks, send a massive amount of data to the Financial Transactions and Reports Analysis Centre of Canada (FinTRAC), the federal anti-money laundering watchdog, each year.
In fact, as Mr. Maxwell told the Cullen Commission, on a per capita basis, the volume of reporting in Canada is actually 12.5 times that of the United States and 96 times that of Britain.
That’s an awful lot of transaction data being sent to a federal entity. How exactly is this a privacy-first approach?
Worse still, this massive volume of reporting isn’t leading to a substantial number of money-laundering convictions in Canada.
So, isn’t it time the government finally provide banks with a safe harbour provision for information sharing about money laundering as part of its current privacy law reform?
“Customers are increasingly using multiple institutions for banking, instead of banking with a single financial institution with a large market share. This means that data about individual customers is becoming increasingly dispersed across a wide array of financial institutions,” reads a separate report by the Financial Action Task Force, an intergovernmental body.
“If multiple financial institutions share data and apply advanced analytics, it can reveal trends or potentially suspicious activities that could otherwise go undetected by a sole institution.”
That’s why Ottawa should finally allow banks to communicate with each other about suspicious activity involving their customers. PIPEDA shouldn’t be giving money launderers cover when it could help stop them in their tracks.
Your time is valuable. Have the Top Business Headlines newsletter conveniently delivered to your inbox in the morning or evening. Sign up today.