TMNL only uses those data that are strictly essential for monitoring potentially unusual transactions. TMNL applies pseudonymisation of sensitive personal data, in order that data cannot be traced back to individual customers. Naturally, TMNL processes personal data in accordance with the General Data Protection Regulation(GDPR). At the moment, TMNL only monitors transactions by business clients.
Which data does TMNL receive and use for monitoring purposes?
TMNL receives only the data that are absolutely necessary for monitoring purposes from the banks. Privacy-sensitive data, such as Chamber of Commerce numbers, IBAN and company names, are made pseudonymous by the banks before they are provided to TMNL, so they cannot be linked to individual customers. TMNL also uses transaction data, such as the time, destination and amount of transactions to detect unusual transaction patterns. At the moment, TMNL only monitors transactions by business clients.
Banks have been monitoring transactions for many years. What is TMNL doing differently?
Banks are required by law to monitor all of their customers’ payment transactions. To do that, banks use transaction and customer data to detect potential signals of money laundering or terrorism financing. But there are limits to what individual banks can see, because money laundering networks are often spread among multiple banks. TMNL brings together transaction data from individual banks to facilitate joint monitoring. That makes TMNL able to identify potential criminal cash flows that aren’t visible for individual banks.
How does TMNL respect privacy?
Banks trust TMNL with data to tackle money laundering and terrorism financing more effectively. TMNL treats individuals’ privacy with the utmost care, as stipulated by the General Data Protection Regulation, or GDPR. TMNL only uses the data that are absolutely necessary for monitoring potentially unusual transactions.
The privacy-sensitive data that TMNL receives are made pseudonymous by the banks. What does that entail?
Privacy-sensitive information in the banking and transaction data sent to TMNL are made pseudonymous before they are sent by the bank. Pseudonymous data cannot be linked to a specific customer, and are meaningless without the bank’s encryption key. TMNL uses these non-personalised data throughout the entire transaction monitoring process. When TMNL sends the bank an alert about a potentially unusual transaction, only the bank is able to link the transaction to the original data.
The five participating banks share data with TMNL. Are the data also shared among the banks themselves?
The participating banks only share their (pseudonymised) transaction and customer data with TMNL, and not with one another. When TMNL identifies a potentially unusual transaction pattern, it sends data relevant only to that specific transaction pattern to the banks with a relation to that pattern.