THE financial regulator has cautioned banks about storing customers' financial data overseas, as the sector eyes cost savings in a bid to bolster slowing profits.
Westpac, NAB and ANZ all carry out some of their back-office functions overseas, sparking concerns from unions and politicians over the privacy risk to consumers.
Now the Australian Prudential Regulation Authority has identified "offshoring" as a key area of weakness in banks' data management policies.
In a draft guide published on Tuesday, APRA said outsourcing data management increased the risk of sensitive information being mismanaged.
To ensure customers' information was properly looked after, the regulator said it expected banks to have a business case that justified the extra risks of holding data overseas, where Australian laws did not apply.
"APRA expects a regulated institution to apply a cautious and measured approach when considering retaining data outside the jurisdiction it pertains to," it said.
With banks facing slow revenue growth due to weak demand for credit, it is the latest warning from APRA over cost cutting that could have unintended consequences.
Finance Sector Union national secretary Leon Carter said the current regulation of data offshoring - which involved APRA, the Attorney-General's Department and the Australian Securities and Investments Commission - was inadequate.
Figures were not available on how much customer data was stored overseas, he said, but "a fair amount" would be needed in order for banks to carry out the administrative work that went on in cities such as Bangalore and Manila.
APRA's comments were pitched as "guidance", but Mr Carter said there should be regulations requiring customers to give approval before their data was sent overseas.