U.S. Banks Want Freer Flow of Data in Nafta Pact
by Vipal Monga & Telis Demos (feat. Eric Miller)
November 2, 2017
As talks on a new North American Free Trade Agreement heat up over auto parts and agriculture, U.S. financial firms are quietly pushing for another, less tangible change: the free movement of data across borders.
A proposal, presented by the U.S. at Nafta renegotiations in September, would keep any government in the new trade pact from demanding banks or insurers store customer data on local servers, say people familiar with the text.
It's a long-coveted goal for financial firms, who say this could potentially save them millions of dollars in technology-storage costs.
Firms such as Citigroup Inc., J.P. Morgan Chase & Co. and MetLife Inc. are among the companies behind the push. They say it's expensive to comply with data rules in countries where they operate because of requirements to maintain servers within each country's borders for privacy and other reasons.
They also worry about potential risks in countries where protection against hacking might be less robust, firms say.
"For the financial services industries, data flow commitments really are a must-have in Nafta," said Steve Simchak, director of international affairs for the American Insurance Association, a trade group that represents 320 U.S. insurers.
Getting free flow of data enshrined in the pact would not only affect data between the U.S., Canada and Mexico, it would create a template for future trade deals that could include more jurisdictions. The Trump administration has backed bilateral trade agreements with Asia-Pacific countries and with the U.K. when the country completes a planned separation from the European Union.
Banks and insurers today operate data centers in dozens of countries, and often must call on local offices even when deals are being negotiated in hubs such as New York, London and Singapore, slowing down transactions.
"These are global companies," said Peter Matheson, managing director at the U.S. Securities Industry and Financial Markets Association trade group. He said negotiators today need to consider technological advances that didn't exist when Nafta went into effect: "There were no such things as clouds in 1994."
For Citigroup, which already operates 20 regional data centers, guaranteeing free flow of cross-boarder data means the bank could avoid building more. Indonesia, for example, has sought to require banks to onshore both their data centers and backups, Citigroup said in a letter to the U.S. Trade Representative on a separate matter.
Citigroup Chief Executive Michael Corbat has been outspoken on data issues, and has in the past discussed localization requirements with Indonesian officials, people familiar with those talks said.
"The movement of data is no less important to the global economy than the movement of money," Mr. Corbat said in 2014 speech in Barcelona.
Banks say local data storage can cost them millions of dollars in hardware and software costs and the labor required for local offices, say people familiar with the industry.
J.P. Morgan said it has had to open a data center in Saudi Arabia to comply with that country's rules. The need to store customer information locally was among the factors that made opening operations there "far more expensive," said Daniel Pinto, head of the firm's investment banking unit, during a 2013 meeting with investors, according to a transcript.
Any new data rule in Nafta is contingent on the successful renegotiation of the broader pact. Canada, Mexico and the U.S. are facing deep divisions over issues like arbitration panels and auto parts. Talks will resume in mid-November.
While data is one of the least controversial Nafta issues, it is raising concerns among privacy advocates, especially in Canada.
Any discussion about data and privacy, especially in the wake of a massive data breach at Equifax Inc., could become a political hot potato, said Eric Miller, a president of the Rideau Potomac Strategy Group, a cross-border consulting firm. "Certainly, the Equifax situation will not help matters," said Mr. Miller.
Currently, the rules that govern privacy in each country diverge widely, causing confusion among some financial services firms.
Some parts of Canada's Bank Act, which regulates the industry, and guidelines issued by the Office of the Superintendent of Financial Institutions, could be interpreted to require firms to keep their books and records in the country.
Laws in some Mexican states say customers have the right to block access to data by third parties, which banks say can inhibit movement of information within organizations.
The push for free data flows goes back to the Trans-Pacific Partnership trade deal, negotiated by the Obama administration, which excluded financial services from a provision allowing U.S. companies to store their data anywhere they pleased.
Following an intense push by banking groups, Obama administration trade officials agreed to try to include banks in future agreements.
After President Donald Trump abandoned the TPP when he took office, administration officials, including Commerce Secretary Wilbur Ross, have told industry groups that they would continue the push for unrestricted data movement in its new trade negotiations.
Mr. Ross recently praised an arrangement the U.S. has with the European Union and Switzerland to ensure privacy but also allow the international flow of data.
"It's worked flawlessly; we don't have any big problems that have come up," Mr. Ross told the Economic Club of New York in late October.