Financial institutions face an inherent tension between data protection obligations — which emphasise individual rights, data minimisation, and confidentiality — and anti-money laundering requirements, which demand extensive information surveillance, retention, and sharing. This study adopts a mixed-methods approach combining quantitative surveys of 180 compliance and data protection professionals across Europe, Asia, and other regions with qualitative interviews to examine how institutions manage these conflicting regulatory regimes. The research investigates the roles of governance strength, adoption of privacy-enhancing technologies such as pseudonymisation, tokenisation, and homomorphic encryption, and jurisdictional complexity in moderating perceived regulatory tension. Findings confirm that strong governance and controlled use of privacy-enhancing technologies reduce conflict, while legacy systems, regulatory ambiguity, and cross-border jurisdictional complexity remain significant obstacles. The paper proposes a layered reconciliation framework spanning legal, technical, and governance dimensions to help financial institutions, regulators, and technology developers align data protection and AML obligations in practice.
Amarjeet Singh (Wed,) studied this question.