Bank customer data: The impact of dataveillance in support of national security

De Koker

Prior to the 1980s bank-customer relationships were confidential, private commercial relationships. Banks collected and retain customer information to the extent such information was operationally or commercially relevant. To combat serious crime and later also terrorism and other high profile crimes, the global community, via the Financial Action Task Force and the Basel Committee on Banking Supervision, adopted standards that turned banks into surveillance agents of the state. In this role they have to collect customer details, monitor customer behavior (so-called “dataveillance”), refuse relationships to customers posing an acceptably high risk of money laundering and terrorist financing risk and confidentially report suspicious transactions to national financial intelligence units. Analytical programs are therefore trawling through customer and transactional records of large institutions, reporting millions of transactions automatically to authorities and flagging others for closer inspection and potential reporting by compliance officers. Viewed through the lens of Shosana Zuboff’s concept of “surveillance capitalism” this appropriation of customer data, private relationships and surveillance labour for national security surveillance is ironic.

Risk assessment and risk mitigation lie at the heart of the current public/private bank-customer relationship. Innocent customers whose data profiles are incomplete and low volume businesses that are incorrectly assessed as posing a higher risk can find themselves excluded from the formal financial system. Such exclusion is causing concern and attracted the attention of the United Nations, G20 and World Bank and has led to changes in the international standards. Recognising the impact that a lack of reliable identity verification data may have on data poor customers, many developing countries are embracing new biometric national identification programs. In India this program is linked directly to accessing bank accounts and in Nigeria the national identify card is issued with Mastercard branding. Crime risk assessment models are however not well developed and simply generating, collecting and retaining more identity verification data on customers may solve fewer problems than they create, if risk modelling remains flawed.

This paper will reflect on the complexities surrounding the appropriation of an inherently private relationship and commercial data for the agency surveillance model that underpins the global anti-money laundering and counter-terrorist financing system. It will consider the impact of such a model on the nature of the banking system as a public good and investigate the effect of uneven data on low risk user groups (such as women) and high risk customers (such as money remitters). Against that backdrop the paper will consider whether digital financial services will provide solutions or more reason for concern. Some of these services are data-rich and lend themselves to Big Data analytics while others, such as crypto-currencies, provide alternative mechanisms for criminals and those who rebel against the pervasive financial dataveillance.