Home Banking & Finance Information sharing for fraud probes allowed by privacy law

Information sharing for fraud probes allowed by privacy law

FINANCIAL INSTITUTIONS can share their clients’ information to help fraud investigations. — RUPIXEN.COM/UNSPLASH

INFORMATION SHARING by financial institutions for fraud investigations does not violate the country’s privacy law, the Bangko Sentral ng Pilipinas (BSP) said.

Memorandum No. M-2021-059 signed by BSP Deputy Governor Chuchi G. Fonacier told financial institutions to cooperate and share relevant information to third parties in aid of fraud investigation. The directive covers financial institutions, payment gateway providers, third-party service providers and law enforcement agencies.

Based on the memorandum, information that can be shared among stakeholders in a fraud investigation include clients’ name, home or delivery address, e-mail address, mobile number and other contact details, bank and financial account information, and transaction details.

Ms. Fonacier said they sought clarification and advice from the National Privacy Commission (NPC) on whether these details can be freely shared without the consent of the subject.

Based on Advisory Opinion No. 2021-026 of the NPC’s Privacy Policy Office, these information fall under exceptions to the prohibition of sharing privileged data under Republic Act 10173 or the Data Privacy Act of 2012.

In particular, the NPC said Section 13 (f) of the law applies to fraud investigations as they are “necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings, or in the establishment, exercise of defense of legal claims, or when provided to government or public authority.”

“The same does not require an existing court proceeding, and thus, such processing will not necessarily require a court order,” the NPC said.

The agency said such investigations shall be strictly for the purpose of resolving previously committed frauds and preventing possible incidents from happening.

It added that only personal information relevant to the investigation can be processed.

As digital payments have increased during the pandemic, cybercriminals have had more chances to attack and exploit financial institutions, the central bank said.

BSP Governor Benjamin E. Diokno previously said they received about 20,000 complaints from financial consumers in 2020, most of which were related to fraud and unauthorized transactions.

“The BSP’s ongoing cyberthreat surveillance shows that the impact of cyberattacks and fraudulent schemes increasingly extend over two or more financial institutions simultaneously,” the memorandum said.

Mr. Diokno has said a major cyberattack could affect the stability of the financial system and vowed regulators will remain vigilant of emerging cyberthreat trends.

Fintech Alliance.ph Chairman Angelito M. Villanueva welcomed the new directive as it stressed the legal grounds of information sharing for fraud investigation among concerned financial institutions.

“It is only of utmost importance for regulators and industry leaders to continue collaborating to secure and protect consumer against digital fraud,” Mr. Villanueva said in a Viber message. — L.W.T. Noble