Transcending data localization barriers – the future of cross-border payments depends on It
The growing prevalence of data localization requirements, and the lack of harmonization across data frameworks more generally, represents a serious and rapidly growing threat to the important goal of enabling more efficient, accessible, and speedy cross-border payments. These requirements and conflicting frameworks increase the costs, transaction times, complexity, and risks associated with processing cross-border flows. Yet, governments across the globe continue to introduce new measures that restrict the free flow of data – often motivated by a desire to protect the privacy of their citizens and to ensure the highest levels of security around sensitive user information.
That’s why the mission of the G20’s Roadmap for Enhancing Cross-border Payments, and particularly its focus on resolving conflicting data frameworks and operational practices, is so important. Unfortunately, further action is needed despite notable efforts to reconcile the need for cross-border data flows with underlying concerns driving the deployment of data localization frameworks. We believe that unlocking the next generation of cross-border payments depends on the establishment of a new global data standard setting body. Such a body must be capable of convening the many stakeholders – including law enforcement, financial regulators, data regulators, and intelligence agencies – to forge consensus on the policy principles and specific standards that shape national and regional approaches to data frameworks.
Data barriers are on the rise
The value of cross-border payments is expected to reach over $250 trillion by 2027. Further, two-thirds of adults worldwide now make or receive digital payments, according to the World Bank's Global Findex 2021 database. In developing economies, this number grew from 35% in 2014 to 57% in 2021. As the cross-border payments market grows and the number of online transactions increases, so too do the challenges consumers and businesses face in making payments across national borders – often due to the rise of data localization requirements and the lack of harmonization across data frameworks. Of note, a report by the Organization for Economic Cooperation and Development found that in 2021 92 measures across 39 countries mandated data be stored or processed domestically. Further, over half of these measures were implemented in the five years prior.
Privacy and data security concerns are often behind the increase in data localization requirements. Governments and policymakers rightly feel a responsibility to protect the privacy of their citizens and to ensure high levels of security around sensitive user data. Further, data localization requirements may help ensure law enforcement authorities can access data necessary for investigations.
However, there is an efficiency to operating at a global scale that breaks down as processes become more localized or when jurisdictions have conflicting data frameworks. This is particularly true for smaller countries and emerging economies. In reinventing these processes, payment system participants find that data localization and conflicting data frameworks increase the operational and compliance costs and transaction times of cross-border payments. For example, incompatible rules can reduce the rate of straight-through processing for cross-border transactions by requiring manual intervention to address discrepancies. This localized perspective of data also increases vulnerability to financial fraud and cybercrime by leaving nations blind to global patterns of fraud, as each country is only able to identify local patterns of illicit activity. Additionally, data localization results in the deployment of data centers beyond the needs dictated by the market and limits choices for the location of planned data centers. All of this adds to the operating expenses associated with cross-border payments.
Today’s safe data frameworks provide a model
There is evidence that well-designed data frameworks can achieve data security without negatively impacting cross-border payment flows. The European Union’s (EU) General Data Protection Regulation (GDPR), for example, does not require businesses to store data on local servers. Instead, GDPR acknowledges that the EU market depends on the free flow of data within and outside of the EU, so long as appropriate safeguards are in place. APEC’s Cross-Border Privacy Rules (CBPR) System attempts to bridge differences in privacy laws of participating economies by establishing a data privacy certification standard. Companies can sign up to this standard to demonstrate compliance with internationally recognized data privacy protections. Trade agreements also provide a framework for navigating a country’s appetite to both enable data flows and ensure data sovereignty by: prohibiting unjustified or blanket restrictions; and establishing fair and binding rules to facilitate data flows across borders.
At the global level, the Financial Stability Board (FSB) recently identified cross-border data exchange and message standards as a priority theme for the next phase of implementation for the G20 Roadmap. Under this theme, the FSB, the Committee on Payments and Market Infrastructures, and other relevant authorities are seeking to: 1) promote alignment and interoperability across data frameworks; 2) finalize harmonization requirements for the ISO 20022 messaging standard; 3) improve API harmonization for cross-border payments use; and 4) consider enhanced use of the legal entity identifier in cross-border payments. Additionally, under Japan’s Presidency, the G7 is focusing its attention on operationalizing Data Free Flow with Trust. Efforts are concentrated on the interoperability of different data privacy regimes and usage limitations, and the possible creation of an institutional mechanism for data governance.
Despite progress made, leaving these efforts uncoordinated could lead to fragmented approaches that prohibit the interoperability of data frameworks and, ultimately, threaten the achievement of the G20 Roadmap’s targets.
Enabling global interoperability and coordination
There may not need to be a choice between the efficiency of cross-border payments and the privacy and safety of citizen’s data. Policymakers can manage these two conflicting and important policy goals, but it will require coordination and collaboration across jurisdictions. A multilateral effort is needed to forge consensus on the policy principles and specific standards that shape national and regional approaches to data frameworks. To achieve this outcome, we believe the establishment of a new global data standard setter is required to promote interoperability of data frameworks and to coordinate across the various global and national initiatives underway.
Breaking down the barriers erected by data localization requirements, and a lack of harmonization across data frameworks, requires governments and policymakers across the globe to work together to drive progress. Achievement of the G20 Roadmap’s targets is depending on it.