‘Data storage rule may undercut AML’ | Economic Times

Mumbai: Leading foreign banks in the country have appealed to the Reserve Bank of India (RBI) for allowing them to store certain transaction data overseas for spotting money-laundering deals and sanctions screening.The financial regulator is in the midst of discussions with foreign banks to put in place a regulation that would require banks and other service providers to ensure that all data relating to payment systems operated by them are stored only in India.Foreign banks, which largely operate as branches in India, house their anti-money laundering (AML) software engines (which generate suspicious transaction alerts) in offshore locations. About ten days ago, the industry body on behalf of these banks, told RBI that it was important to have a global pool of information for tracking money-laundering transactions as money-flow trails could be lost by fragmenting information, two persons aware of the communication to the regulator told ET.“The foreign bank branches in India are governed by the host country as well as home country regulations. Now, while cross-border transaction information can be stored overseas, dubious local transactions too need to be processed through the main AML system for a complete picture. Besides, there is real-time sanctions screening,” said a banker.Sanctions screening, in banking parlance, refers to verification of names (or, alias of those), on sanction lists involved in financial transactions. Multiple sanction lists are compared as payment flows are processed and messages are screened in real-time.“Even if payment data from India crosses the border, the regulator wants the information to be deleted from overseas servers within 24 hours, with copies of them being stored onshore. But for AML purposes, we have requested RBI to permit us to store certain data fields offshore. Else, there is a risk that AML and sanctions screening could turn less effective,” said another bank official.Any transaction generates multiple data — bank details, identifiers for the beneficiary and remitter, merchant details etc. “We want some of the information to be warehoused abroad. We don’t know what the regulator will finally decide,” he said.The banks, in their joint letter to RBI, have also impressed upon the regulator the importance that several multinational corporations place on the visibility of regional and global transaction statements. “For instance, the CFO of an MNC client of a bank would typically like to see the data across countries to reconcile information and manage operations more effectively,” said another person. 85749367If all payments data have to be mandatorily stored in India, foreign banks are also unclear of the protocol they would have to follow in future when a foreign regulator, such as the US Office of the Comptroller of Currency, or UK’s Financial Conduct Authority, or the European Banking Authority, asks for information lying with Indian branches of MNC banks.In its April 2018 circular to banks, RBI had said that the payments data to be stored in India “should include the full end-to-end transaction details / information collected / carried / processed as part of the message / payment instruction.” For the foreign leg of the transaction, if any, the data can also be stored outside the country. “It’s difficult for a systems auditor to give a certificate that a particular MNC bank in India has not stored any data overseas,” said an industry source.