Regulator warns banks against storing data offshore
THE financial regulator has cautioned banks about storing customers' financial data overseas, as the sector eyes cost savings in a bid to bolster its slowing profits.
Westpac, NAB and ANZ all carry out some of their back-office functions overseas, sparking concerns from unions and politicians over the privacy risk to consumers.
Now the Australian Prudential Regulation Authority has identified "offshoring" as an area of weakness in banks' data management policies.
In a draft guide published on Tuesday, it said outsourcing data management responsibilities increased the risk of sensitive information being mismanaged.
Offshoring could magnify this risk, it said.
To ensure customers' information was properly looked after, the regulator said it expected banks to have a business case that justified the extra risks of holding data overseas, where Australian laws did not apply.
"APRA expects a regulated institution to apply a cautious and measured approach when considering retaining data outside the jurisdiction it pertains to," the regulator said.
The national secretary of the Finance Sector Union, Leon Carter, said the current regulation of data offshoring - which involved APRA, the Attorney-General's Department and the Australian Securities and Investments Commission - was inadequate.
Figures were not available on how much customer data was stored overseas, Mr Carter said, but "a fair amount" would be needed for banks to carry out the administrative work that occurred in cities such as Bangalore and Manila.
APRA's comments were pitched as "guidance" to management, but Mr Carter said there should be regulations requiring customers to give approval before their data was sent overseas.
"We would say the data should not go overseas without the express consent of the consumer," he said.