Regulators needs to look again at how GDPR functions

by Anjana Haines

Share this post

The General Data Protection Regulation (GDPR) needs to be reviewed to allow legitimate data tracking and sharing to tackle financial crime, say industry experts.

Regulation is one of the biggest barriers to effectively deal with financial crime, according to several industry professionals speaking at the Financial Crime 360 conference (FC360) – held on 22 November at the Royal Lancaster Hotel in London. Other issues include a lack of understanding of what tools, systems and procedures each company uses to analyse and address financial crime, as well as an absence of general coordination and communication.

Simon Miller, director of policy and communications at Stop Scams UK, believes there is “a really good legitimate reason for governments and other policymakers to look again at how GDPR functions”, focusing on the facts of data protection, digital information and when and where firms can share data.

Olivier Morlet, regional head of financial crime at HSBC, agreed that although regulation is good for data protection and protecting us, it needs the flexibility to share more information in appropriate circumstances. “The goal now is to = somehow revisit the regulation,” he says.

What the consumer looks like

There are three main factors where data sharing is the most important, according to Matthew Wilson, director of sales at Ekata. The first is personal identifiable information, but that comes with a lot of risks and requires consumer protections. However, if the right provisions were in place it could work. The second is biometrics and the capability of devices now available in the market. Finally, payment instruments, such as online transactions, which involves providing payment information very regularly.

Being able to properly use a combination of all three, as well as digital identity, can offer a strong picture of what a consumer could look like. However, there is agreement among many that ID verification is not enough and there needs to be a better understanding of how a consumer conducts activities to verify them. Many believe that allowing this information to be effectively tracked and shared is important.

Wilson believes the financial services sector is in a unique position where better data sharing rules could work well because it is a highly regulated sector and there is due diligence and legitimate interest to tackle fraud and financial crime. “A lot of data can be shared. But of course, with the kind of provisions that need to be in place to protect that data,” he says.

fc360 images

Complex undertaking

Although data sharing sounds simple if the right regulation was in place, there are multiple complications to address. For example, data sharing has to happen across public and private entities.

“Public bodies need to be better at sharing data with private enterprise to enable them to take action,” says Miller. “That in itself will help on changing the wider environment about what can be shared, how things can be shared and collaboration more generally.”

This would allow companies to work better through public-private partnerships and enhance the mechanisms for sharing data. However, the success of any approach is likely to be confined to national or regional borders. “This is another barrier because financial crime is global,” says Morlet.

The other problem is around defining what collaboration is and what form this takes. In terms of regulatory oversight, there is a risk of there being several bodies responsible for overseeing data sharing, collaboration, etc. If that happens, it has to be done in a way that isn’t slow, which could potentially allow fraudsters more of an opportunity to get away with their crimes.

“I think one of the key things around collaboration is knowing what it is that we’re actually talking about and understanding what is often missing is knowledge around the systems and data that others have and what they can do,” says Miller.

He describes the task of collaboration as “putting together a jigsaw puzzle”, which requires everyone to be cognisant that they only hold one or two pieces and therefore and the whole ecosystem around tackling financial crime needs to work towards understanding the jigsaw pieces that are held by others, when and where they can deploy them, and on what basis.

If regulators reassessed GDPR and the whole ecosystem came together as pieces to the puzzle, the shield against financial crime would be significantly strengthened.

Thank you to everyone who sponsored, spoke and attended. If you missed out, here’s a snapshot of what you missed. To see more, click here.


More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?