2.6. Cross-border and cross-sectoral issues
While many financial authorities have formal or informal information-sharing arrangements with authorities outside their jurisdiction [Authorities may also have information-sharing arrangements with cyber security or data privacy agencies within the same jurisdiction.], there are differences in the scope, depth and form of such information-sharing across jurisdictions and sectors. Through the FSB survey, two themes emerged as impediments to information sharing across borders and sectors:
■ legal, whether the pre-requisite laws or agreements are in place to set out the terms by which incident information can be shared between parties; and
■ confidentiality, i.e. the treatment/handling of protected information between parties.
In the majority of cases, as long as agreements are in place, such as Memoranda of Understanding (MoUs) or legal gateways, and the information transferred does not breach the terms of what can be exchanged, then fewer impediments are observed.
Cross-border arrangements are 'appetite-driven', governed by individual authorities' desires to share with other parties and to what extent as well as historical experience. In most circumstances, financial authorities prefer to enter into bilateral agreements with one another, resulting in a patchwork of idiosyncratic engagements which, whilst perhaps not being the efficient outcome, reflect the nature/closeness of relationships. Although multilateral arrangements do exist, these tend to align to pre-defined circles of trust.