It is time for banks to fight financial crime together

Financial crime has a tremendous impact on society. But, also on banks. The estimated costs of financial crime compliance is USD 200-300 billion per year. Individual banks are spending hundreds of millions in staff and IT costs and, potentially hundreds of millions in fines if they fail to comply.

In this article, Roseman Labs' Ian Wachters proposes that as Privacy-Enhancing Technologies are maturing, time has come for banks to step up collaboration in the fight against financial crime.

Why collaborate?

It is obvious that banks would benefit from collaboration on financial crime detection and prevention. However most collaboration today focusses on sharing best practices, methods and phenomena. Insights and data on individual clients, alerts or transactions are not shared. Such sharing has the potential to significantly improve the effectiveness and efficiency of financial crime detection:

  • Efficiency : rather than each bank performing investigations on an alert in a stand alone setting, connecting alert information would make investigations easier and more targeted.
  • Effectiveness: rather than each bank monitoring just their own transactions in isolation, looking at the broader network of transactions across multiple banks, will unravel patterns that could otherwise not be detected.

Apart from collaboration between banks, society could also benefit from a more intense collaboration between banks and law enforcement entities.

However, traditional data collaboration requires the disclosure of data to each other. GDPR, banking and anti-trust laws prohibit the exchange of such data between banks.

Changing the game with privacy technology

Privacy Enhancing Technologies (PETs) provide a game changer in this dilemma. With these cryptographic technologies it is possible to join and analyse data-sets, from multiple banks, without sharing this data. Only the insights resulting from the analysis become available to those that are eligible.

For example: banks could join transaction data to detect a pattern of cash inflows, which after several steps ends up in foreign accounts belonging to the same entity. On a stand-alone basis banks will not see this pattern. To overcome this, Banks would make their data available for analysis.

By using a Privacy Enhancing Technologies nobody will be able to see the data but it is possible to detect the suspicious patterns. The only information the banks get back is an overview of their transactions that are part of a suspicious pattern. With that, banks can either individually, together or in cooperation with the FIU investigate these transactions in more detail. The exact approach will depend on local regulation.

What should banks start doing today?

In several countries banks are exploring different models for data collaboration. We at Roseman Labs believe that these efforts can be accelerated significantly through the application of Privacy Enhancing Technologies (PETs). PETs not only overcome GDPR compliance and data security challenges, but also the lack of trust between parties. They enable a very controlled and proportional access to data, only for the purpose agreed between parties.

Having said that, as we see in other industry verticals such as healthcare and public sector, that are already actively using this technology, it takes time to understand and embed the technology in the right legal and governance framework.

We therefore encourage banks to start today. Although there are many different use cases for the application of this technology in financial crime, we suggest to focus on a use case which is feasible today, valuable even on limited scale, and scalable.

Let's take an example...

A concrete possible use case is the sharing of alert data: Banks run their own detection models and generate alerts on clients and transactions. Each of these alerts need to be investigated even though 95% are false positives. But, if bank A would know that an alert on client X is connected to one or more alerts on other clients at other banks, this information would be valuable in two ways:

1.  The fact that the alert is connected to other alerts at other clients in other banks is a signal that the alert is more likely to be a true positive.

2.  The information from the other alerts at other banks, will provide guidance to bank A on how to approach the investigation.

In this process banks do not learn anything from each other, they will only learn that some alerts are connected to other alerts at other banks. And, when there is a connection between alerts, the amount of information shared can be adjusted to what is possible within the local regulations. 

Ian Wachters

Chief Commercial Officer

Published on: 9 May 2023