The Autoriteit Persoonsgegevens (AP) is licensing more than 160 financial institutions - under strict conditions - to record and share fraudsters' data in an incident alert system. This is because fraudsters are often active at multiple institutions. Banks and insurers can warn each other about this by exchanging fraud information.
The conditions for data exchange are contained in the new Protocol Incident Alert System for Financial Institutions (PIFI). This protocol contains rules that banks and insurers must comply with in order to keep and exchange information about incidents, such as identity fraud or bank helpdesk fraud (spoofing).
AP board member Katja Mur: 'Banks and insurers may only share this kind of data if they have a license to do so and comply with the PIFI. The AP can also revoke a license if it turns out that a company does not comply with this protocol.'
Financial institutions are allowed to keep their own records of incidents within their own organizations, including personal data. But they are not allowed to exchange data on a large scale. In PIFI there is a strict procedure for this. When an institution takes on a new customer, for example, it may ask other institutions whether that person is registered.
There will be no central database or blacklist in which to search for details about incidents. With each query, institutions must weigh whether it is necessary to provide or receive the data.
Banks and insurers manage data themselves and remain responsible. Customers of these financial institutions generally have the right to be told whether they are registered. They can also object if they believe their registration is unjustified.
'Fighting fraud and tracking down offenders are, of course, of great importance,' says Mur. 'But keeping and sharing criminal records must be done with great restraint and care. We have seen in the Benefits Affair that people can end up 'on the wrong list,' with terrible consequences. If you are listed as a fraudster, this can have major consequences. For example, that you cannot apply for insurance or a loan.'
The PIFI was created by the Dutch Banking Association, the Association of Insurers, the Mortgage Fraud Control Foundation, the Association of Finance Companies in the Netherlands and Health Insurers Netherlands.
More information about the PIFI, such as the decision, can be found in the Register of Permits.
Download the Protocol Incident Alert System Financial Institutions (PIFI).
Download the PIFI 2021 decision
