77. Banks should oversee the coordination of information-sharing. Subsidiaries and branches should be required to proactively provide the head office with information concerning higher-risk customers and activities relevant to the global AML/CFT standards, and respond to requests for account information from the head office or parent bank in a timely manner. The bank's group-wide standards should include a description of the process to be followed in all locations for identifying, monitoring and investigating potential unusual circumstances and reporting suspicious activity.

78. The bank's group-wide policies and procedures should take into account issues and obligations related to local data protection and privacy laws and regulations. They should also take into account the different types of information that may be shared within a group and the requirements for storage, retrieval, sharing/distribution and disposal of this information.

79. The group's overall ML/FT risk management function should evaluate the potential risks posed by activity reported by its branches and subsidiaries and, where appropriate, assess the group-wide risks presented by a given customer or category of customers. It should have policies and procedures to ascertain if other branches or subsidiaries hold accounts for the same customer (including any related or affiliated parties). The bank should also have policies and procedures governing global account relationships that are deemed higher-risk or have been associated with potentially suspicious activity, including escalation procedures and guidance on restricting account activities, including the closing of accounts as appropriate.