New sandbox reports on data sharing

Increased data sharing can help combat economic crime more effectively. However, while current regulations set clear boundaries, they also provide scope that is not always fully leveraged. This is the conclusion of four new final reports from joint sandbox projects organised by the Norwegian Data Protection Authority and the Financial Supervisory Authority of Norway.

Illustration: banknotes on a clothesline

In autumn 2024, together with Finanstilsynet, the Financial Supervisory Authority of Norway, we invited financial institutions to participate in sandbox projects. The aim was to explore how data sharing can be used to combat economic crime within the framework of the current regulations. These projects have now delivered four final reports.

- The collaboration between the Data Protection Authority and Finanstilsynet made it possible to examine multiple aspects of the issue and quickly determine whether the industry’s data-sharing challenges stemmed from perceived barriers or actual legal constraints. This provides a much better basis for clarifying the scope for increased data sharing, says Line Coll, Director General of the Data Protection Authority.

Over the past year, the participants have received joint guidance from the Data Protection Authority and Finanstilsynet. The work has helped both to clarify where the regulations set clear boundaries and to identify where there is greater scope for action within the current regulatory framework.

- Our impression is that participating in the regulatory sandbox project has been valuable for everyone involved. Relevant issues were quickly identified and examined, the working method is effective and the projects produced useful results, says Per Mathis Kongsrud, Director General of Finanstilsynet.

Four reports highlighting current issues

The four final reports examine various forms of data sharing in efforts to combat economic crime. The reports also contain the legal assessments made by the participants. The following organisations have participated in the sandbox. Links are also provided here to summary articles and final reports:

DNB, the Norwegian Computing Center, SpareBank 1, Nordea and Eika have assessed the legal frameworks for information sharing between banks, particularly in relation to combating payment fraud.
Stø has analysed the legal issues related to the expanded collection, sharing and processing of data from BankID.
Finans Norge Forsikringsdrift has investigated the possibility of setting up a reporting channel to expose and prevent insurance fraud.
Eika Gruppen and KPMG have assessed legal issues related to the centralisation of anti-money laundering work in the banks in Eika Gruppen.

Joint guidance on a major societal problem

Economic crime is a serious problem for society. Considerable resources are invested in preventing and combating this type of crime. At the same time, there has long been a need for closer collaboration between public and private actors in the industry, as well as to clarify the limitations and possibilities within the regulatory framework and to improve existing systems for data sharing.

The Data Protection Authority and Finanstilsynet have separate regulatory sandboxes. In these projects, the supervisory authorities have worked together to provide joint guidance to the participants, clarifying how financial and data protection regulations interact in practice.