Financial crime is a globally pressing phenomena, generating vast amounts of wealth for criminals. But with increasing technological sophistication in the financial sector, banking institutions and criminals find themselves in an ongoing tug-of-war between the discovery and redress of (new) methods for fraud or money laundering.
Pressure from Governments and Legislators has pushed banks into taking stricter measures to weed out suspected criminals activity and enhance strategies to prevent financial crime. This has led to a surge in compliance requirements and standards. Banks that fail to comply with these rules face harsh penalties that become a painful liability. The estimated costs of financial crime compliance are USD 200-300 billion per year.
Financial crime operations involve moving money in an intricate system between different banks to evade detection from both financial institutions and the law. Yet banks are expected to determine in isolation which accounts have irregularities or potential criminal activity. What this misses is the overall picture of money be transferred between organizations and the pattern of accounts used to do so, as well as any repeated corresponding account owners.
However, financial data is considered sensitive, meaning banks can only investigate accounts within their own business and not others. GDPR, banking and anti-trust laws thus prohibit the exchange of such data between banks. Lacking these insights across multiple organizations and connected accounts means patterns and suspicious aggregate activity is missed. Without access to more comprehensive overviews, criminals continue to lurk in plain sight.
Traditional data collaboration requires the disclosure of data to each other, which as has been outlined, is not possible with financial information. Multi-Party Computation provides a game changer in this dilemma, making it possible to join and analyze encrypted data sets, from multiple banks, without sharing the underlying information with each other. Only the insights resulting from the analysis become available.
To overcome this, banks would make their data available for analysis and for example, join transaction data to detect a pattern of cash inflows. This would allow banks to detect whether after several steps, these cash flows end up in foreign accounts belonging to the same entity. On a stand-alone, basis banks would not see this pattern.
By using MPC, it is possible to connect and detect the suspicious patterns without making each bank’s data available to one another. The only information the banks get back is an overview of their transactions that are part of a suspicious pattern. With that, banks can either individually, together or in cooperation with the FIU, investigate these transactions in more detail.
It is evident that banks can benefit from collaboration on financial crime detection and prevention. However, most collaboration today focusses on sharing best practices, methods and phenomena. Insights and data on individual clients, alerts or transactions are not shared. And yet, sharing has the potential to significantly improve the effectiveness and efficiency of financial crime detection:
Aside from banks alone benefitting from collaboration, society as a whole can benefit from financial institutions, public bodies and law enforcement entities working more closely together to detect fraud and prevent criminals from abusing
In several countries banks are exploring different models for data collaboration. Roseman Labs believe that these efforts can be accelerated significantly through the application of Privacy Enhancing Technologies (PETs). PETs not only overcome GDPR compliance and data security challenges, but also the lack of trust between parties. They enable a very controlled and proportional access to data, only for the purpose agreed between parties.
It takes time to understand and embed new technology in the right legal and governance framework. We therefore encourage banks to start today. Although there are many different use cases for the application of this technology in financial crime, we suggest to focus on a use case which is feasible today, valuable even on limited scale, and scalable.
Generate new insights on sensitive data with Roseman Labs’ secure Multi-Party Computation technology. Want to find out how your organization can do that? Contact us using the form below.