The issue of cross-border banking is one of the major topics of discussion in the European Union at the same level of Privacy. But are the two issues contaminated? Or do they at least present some overlaps?
Let me recap some definitions. Oversimplifying, all those issues relating to the reconciliation and mutual adoption of regulatory practices and regulations in areas under different control models, can generally be traced back to the issue of cross border. In particular, remaining within the EU, the issue acquires special value in the face of international agreements that commit the financial institutions operating in countries with different regulations to adopt control models that are at least comparable with respect to the activities involving citizens or legal entities maintaining a mutual reciprocity (Switzerland undertakes to provide fiscal control on the banking accounts of Italian citizens in line with the Italian or European legislation on tax or money laundering).
And Privacy: In this area, again oversimplifying, in fact the regulation sets a sort of “limitation” of national control in the management of personal information in order to facilitate the harmonization of national regulations in a wider scoreboard.
But in this way, the similarities seem superficial and more methodological than about topics.
Instead, their complete application has many more points of contact than it may appear.
Let’s consider the issue of accountabilities: both models require strong models of accountability, especially in the business management of data and information, in an explicit way in privacy rules, implicitly in the cross border transfer (how do I ensure the application of trans border regulations if not by identifying the specific roles that are really accountable?).
But is accountability really possible without models of data and information governance? From my point of view no. The control processes powered by data and accountability are not sustainable without checking the data.
But here we are yet to approach. And in this regard?
The kinds of banking data impacted by the cross border issues, such as money laundering or tax regulations, the information flows that need to be brought under control to allow the actual allocation of responsibility; are they not related to sensitive data, and so also falling within privacy policies?
I’m going to the end with a question: the two issues have levels of maturity, attention and even of public knowledge that are quite different, but is it really impossible to qualify and enable them mutually? We’ll discuss this in greater depth again later…
In fact, the issue of “overlapping” among different regulations issued by a variety of Authorities is a key point for effectivenss of the actions taken by each company and, at the same time, for the associated costs.
And this appears even more true, considering that the technologies and the methodologies required to comply are often the same, even when the scope is different.
It is an open issue and probably it will remain as such until the compliance costs or the non-compliance costs are not sustainable anymore.