Russian Banks to Be Allowed to Share Data on Drop Accounts
A new bill in Russia will allow banks to exchange information about fraudulent accounts, known as “drop accounts,” which cybercriminals use to launder stolen funds.
The State Duma of the Russian Federation has passed the bill in its first reading. If enacted, the law will permit banks to share information about accounts used for illegal money transfers and to close such accounts. According to the newspaper Kommersant, citing the Bank of Russia, the bill regulates the exchange of information between financial institutions about drop accounts—accounts belonging to individuals or legal entities through which stolen funds are moved.
This information exchange is proposed to take place through FinCERT, which will be responsible for creating a unified database of thefts or attempted thefts of funds and distributing this information to market participants.
Addressing the Drop Account Problem
If the bill is ultimately adopted, it will address the current challenges in combating drop accounts. Banking secrecy and the inability to refuse service to clients make it difficult for financial institutions to share information about fraudulent accounts and to block them. For example, if one bank manages to prevent the theft of funds from its client, but the money is transferred to an account at another bank, current restrictions prevent the first bank from alerting the second bank about the potential crime. Additionally, the receiving bank cannot refuse service to the client.
Industry Concerns Over Data Sharing
Industry representatives believe that exchanging drop account data through FinCERT may not be the best solution. Banks may be reluctant to provide such sensitive information to a government regulator. They suggest that it would be better to assign the task of collecting a database of drop accounts to an organization independent of the Bank of Russia.
About FinCERT
FinCERT is the Center for Monitoring and Responding to Computer Attacks in the Credit and Financial Sector. It is a structural division of the Main Directorate for Security and Information Protection of the Bank of Russia.