Data and Digital Identity

Data is a key ingredient in increasing effectiveness in fighting financial crime. However, with more data available than ever before, making informed decisions about what data is important, what should or can be collected, and for what purposes, is critical—not only to improve crime prevention but also to respect legitimate expectations around data protection and privacy.

GCFFC experts propose the development of FAQs that examine the types of data financial institutions (FIs) can use to fight financial crime more effectively while addressing potential limitations and ethical considerations. The FAQs will be structured around different classifications of data:

• First Party Data: Collected directly from the customer (e.g., identity documents, purpose of the account). These are considered minimal data requirements aligned with regulatory expectations.

• Second Party Data: Data from official, credible independent sources used to validate or challenge the first party data (e.g., national IDs, passport copies, corporate registries, sanctions lists).

• Third Party Data: Sourced from aggregators such as PEP databases or adverse media screenings, typically without direct endorsement or liability by the provider.

• Fourth Party Data: Derived from private sources and information-sharing partnerships (e.g., CIFAS), shared within trusted networks for the purpose of combating financial crime.

• Zero Party Data: Inferred from a person’s digital footprint. It includes information not directly submitted to the FI but accessible via digital behavior—IP address, geo-location, interaction history, and even publicly available social media content.

The FAQs will also evaluate the advancements in digital identity technology and its use in conjunction with these various data categories to improve financial crime prevention efforts.

Key Deliverable:

• Publication of a comprehensive FAQ guide addressing the use of First to Fourth & Zero Party Data in the context of Digital Identity.