Russian Government Orders Banks to Hand Over Biometric Data

The Russian government is now demanding that state-owned banks provide their customers’ biometric data to the state’s Unified Biometric System.

According to new reports, the government directive went out in May, reaching VTB, Promsvyazbank, Rosselkhozbank, and Russian National Commercial Bank. The four banks were all asked to arrange meetings of their boards within ten days to determine how they could transfer their customers’ biometric data to the Unified Biometric System, a government platform accessible to law enforcement and intelligence services.

A separate directive is reportedly being drawn up for Sberbank, the country’s largest lender. Speaking to the daily newspaper Kommersant, Deputy Prime Minister Dmitry Chernyshenko indicated that the order is being drafted and will be subject to approval from the Russian government, though it is not yet clear why Sberbank is getting its own specialized government order, distinct from the directives sent to the other state-owned banks.

Part of the answer may have to do with Sberbank’s unique status as a biometrics pioneer in Russia’s financial services industry. As far back as 2017, the bank was exploring the possibilities of establishing a mulitmodal biometric authentication platform in partnership with VisionLabs; and last year, Sberbank worked with Visa and Russia’s X5 Retail Group to trial face-based payments at a number of coffee shops, Perekrestok supermarkets, and Pyaterochka convenience stores.

A subsidiary of MTS, Russia’s biggest mobile network operator, announced that it had established a deal to acquire VisionLabs at the end of last year through a transaction valued at 7 billion roubles – another sign of the growing value of biometric technology among Russia’s major corporations.

The unexpected financial services directive from the Russian government appears to have thrown bank managers off-guard, with one anonymous individual affiliated with a large bank telling Kommersant that his institution considers the order “almost impossible to implement” due to the issue of obtaining consent from customers. 

Privacy and human rights advocates have warned about the Russian government’s increasing use of biometric information before. As The Moscow Times reports, even back in February Human Rights Watch had said that the “lack of transparency and independent oversight around storage, access to, and security of biometric data in Russia are longstanding concerns,” adding, “There is also no transparency around the circumstances under which, for example, the Interior Ministry or Federal Security Service can access the data.”

The Unified Biometric System was established in 2018 and is managed by Rostelecom, a Russian telecommunications company, under the supervision of the Communications Ministry and the Central Bank.

Sources: Kommersant, The Moscow Times

—

May 31, 2022 – by Alex Perala