How banks can turn the tide on money laundering
Despite pouring billions into Anti-Money Laundering (AML) programs each year, banks are still inadequately equipped to catch financial crime. On top of that, banks waste significant energy investigating transactions and clients that are flagged as unusual, yet which are in fact ‘false positives’—pulling precious resources away from investigating real offenses. But criminals continuing to evade detection isn’t simply a flaw in the system, it’s a strategic oversight.
Collaborating on AML is not new. Consider TMNL, the Dutch initiative to pool banks’ transaction data to spot criminal patterns. Despite good results, the collaboration was parked last year. It should have been a breakthrough, but the weight of conflicting regulations over GDPR and banking laws turned collaboration into a legal minefield.
But change is coming. Brussels has announced the new AML Directive 6, and within that, Article 75 is a game-changer. For the first time, there will be a legal basis for banks to share information.
The question isn’t whether banks should collaborate, it’s how they can do it – making their AML efforts more efficient and effective, and remain compliant.
The Dutch newspaper Financieele Dagblad (FD) recently reported that the Netherlands’ Finance Minister Eelco Heinen wants to break the gridlock between politicians, banks and regulators. He suggests trade-offs must be made between costs, AML efforts and privacy protection, adding, “somewhere we need to give in”.
But the arrival of encrypted computing, in combination with Article 75, offers a better route. With it, banks can jointly make AML more effective and efficient through information sharing, without exposing their sensitive client information.
Clients and risks can be assessed, patterns are uncovered and evaluated, but raw data stays protected. Banks no longer have to choose between costs, privacy and AML results.
Read more about Roseman Labs’ participation in the Central Bank of Ireland’s Sandbox programme.
Reimagining data collaboration
With encrypted computing banks can detect connected clients and risks, across institutions. They can then assess these connected clients, without sharing sensitive client data. This provides a number of potential benefits such as:
- Prioritization with precision: By identifying clients with connections to other high-risk entities, banks can allocate resources more effectively.
- Smarter investigations: Investigators can gain context from other banks on their own flagged clients, without breaching privacy boundaries.
- Higher quality Suspicious Activity Reports (SARs): Banks can detects which high risk clients are connected. When they intend to file a SAR, they can indicate to the FIU that the SARs are connected, without sharing between them the name of their clients.
- Feedback loop: FIU feedback data can unveil the degree to which SARs have lead to real-world action, enabling refinement of AML models without compromising sensitive information.
Use case: Strategic edge in action
Imagine Bank A identifies two clients with suspicious activity – Client 1 and Client 2. Using encrypted computing, Bank A discovers Client 1 is connected to three flagged clients at Bank B and C. Client 2, meanwhile, has no such links. This insight allows Bank A to prioritize Client 1 for investigation.
When Bank A starts to investigate Client 1, they can leverage information about the three connected clients: Have they been flagged for the same potential offense? Are the business activities potentially related to the potential offense? Do their transaction patterns confirm the suspected offense? Are they also connected to other high-risk clients? These are all possible to answer, without revealing the name or other personally identifiable information (PII) of respective clients.
If the three banks now decide to file a SAR, they can use a common indicator on these SARs, showing the FIU that these SARs are connected and should be treated as such. Again, banks can do this without disclosing the name of their clients to each other.
Learning without leaking data
Traditional AML approaches force banks to choose: share everything or share nothing. Encrypted computing breaks that binary. It enables banks to share insights, not data, leading to:
- Minimal data exposure: Banks reveal only insights derived from sensitive client data, never raw client information.
- Full control: Banks dictate the scope and purpose of data use, preserving compliance with GDPR principles.
- Accuracy: Banks can use much more detailed data for analyses, using data that would normally not be shared, but can now be analysed under encryption. More detailed data will lead to a more accurate understanding of what is happening.
The way forward
Article 75 is a big milestone, but its success depends on strategic execution. Banks must act now by piloting Article 75 based encrypted computing initiatives, working with regulators, and shaping best practices for cross-institutional collaboration.
AML is evolving. Banks that embrace the combination of Article 75 and Encrypted Computing will lead the industry tomorrow. At Roseman Labs, we’re ready to drive this transformation with an enterprise-ready solution today.
Blog
Generate new insights on sensitive data with Roseman Labs’ secure Multi-Party Computation technology. Want to find out how your organization can do that? Contact us using the form below.
