(13 December 2012 – Australia) The risk to customers’ financial data as banks “offshore” information is a key area of weakness that the Australian Prudential Regulation Authority (APRA) is keeping an eye on.As the banking sector carries out some of their back-office functions overseas to save costs and bolster slowing profits, outsourcing data management responsibilities by major banks such as Westpac, National Australia Bank (NAB) and ANZ is becoming more common.
In a draft guide published on Wednesday about the issue, it was shown offshoring could magnify the risk of sensitive information being mismanaged.
APRA said it expects banks to have a business case that justified the extra risks of holding data overseas, where Australian laws did not apply.
‘‘APRA expects a regulated institution to apply a cautious and measured approach when considering retaining data outside the jurisdiction it pertains to,’’ the regulator said.
The national secretary of the Finance Sector Union, Leon Carter, argued the current regulation of data offshoring – which involves APRA, the Attorney General and the Australian Securities and Investments Commission – was inadequate.
Figures were not available on how much customer data was stored overseas, he said, but ‘‘a fair amount’’ would be needed in order for banks to carry out the administrative work that occurs in cities such as Bangalore and Manila.