Data privacy regs abroad put even finest digital tools to the test

Digitally enabled trade continues to expand, with some estimates valuing the global market as large as $1.5 trillion, pushing society into a new phase of globalization and transformation.

While this new technology presents vast opportunities for the future of commerce and payments, it simultaneously exposes considerable security and privacy risks.

These new opportunities have also brought new challenges related to disparate privacy and cybersecurity regulations across international borders. In response to ongoing calls for intervention, more than 100 countries across the globe have passed legislation to protect consumer data. Unlike regional policies that affect entire groups of countries, these laws are often country-specific and have varied requirements.

Some countries have enacted legislation to target payments and finance data. These regulations require financial organizations to keep track of and remain compliant against a series of varied laws — ranging from what Basel III capital level banks need to meet in countries like Russia, to requiring written permission from the State Bank to transfer records and documents in Pakistan.

As a result of country-to-country inconsistencies, financial organizations have been particularly affected by regulations. In Europe, the finance sector has received more General Data Protection Regulation fines than other industries. With the risk of hefty fines like those charged to Equifax, financial organizations globally are asking: How to benefit from digital expansion while maintaining the integrity of domestic and international compliance in new regions?

The rapidly changing regulatory landscape has required financial institutions to invest both money and time into compliance solutions. Some businesses, like investment management company WH Ireland, have had to retrace their steps, reopening years’ worth of hard copy records to process requests. Others have relied on internal legal and compliance teams or turned to external apps to restore trust with customers.

In addition to these solutions, data localization has gained popularity in recent years. In practice, data localization works by restricting data flows and requiring data to be contained in its country of origin to ensure regulatory compliance.

There are several reasons financial organizations should prioritize data localization. Primarily, the process is required in some countries to achieve compliance.

In Turkey, for example, all electronic payments providers must store their records within the country for a minimum of 10 years. And banks in Indonesia must store customers’ records within borders as well.

Under the European Union's GDPR, businesses are prohibited from collecting personal data in the EU and transferring it outside the region unless the receiving country has an equivalent level of privacy protection.

Data locality additionally enables ease of access. Once records are digitized, organizational and governmental officials can maintain access to data to perform their regulatory obligations.

Understandably, many of these regulatory solutions are considered burdens for financial institutions. However, when implemented correctly, the process of achieving sustained compliance is hugely beneficial for business development.

With the successful control and protection of data, companies gain the freedom to explore digital transformation plans without concerns of local compliance issues.

There are also new startups in the cloud solutions space that help relieve the costly investment and time required for data localization, therefore enabling financial firms to prioritize global expansion and digitization.

The financial ecosystem in the Middle East, for example, is evolving rapidly when it comes to deploying solutions as well.

With continued technological development, executives, compliance officers and IT departments must stay conscious of the challenges in today's global society.

As global regulatory policies continue to shift, these challenges will depend largely on where the firm conducts business, and where its clients and prospects reside.