Fraudsters never had an interoperability problem. They share what works, they move money between institutions in seconds, and they cross borders without asking anyone's permission. The institutions chasing them have spent years unable to do the same thing. That gap, not law and not science, has been the real obstacle. And it is the gap we have now closed with German banks, working alongside our partner spotixx.

I want to explain why I think interoperability, more than any other single word in this debate, is the one that should matter to a bank's board.

The conversation has moved on

For a long time, the honest answer to "why don't banks just collaborate against financial crime?" was that they were not allowed to. Privacy law sat on one side, anti-financial crime obligations on the other, and a bank that wanted to warn a peer about a mule account had no clean legal route to do it.

That excuse is disappearing. Article 75 of the EU's Anti-Money Laundering Regulation gives obliged entities a legal basis to share money-laundering and terrorist-financing intelligence within information-sharing partnerships. It is already in force and becomes fully applicable in July 2027. On the payments side, Article 83 of the Payment Services Regulation goes further still. It does not merely permit fraud-data sharing between payment service providers. It requires them to connect to shared infrastructure and exchange fraud intelligence with each other. With mandatory reimbursement arriving alongside it, fraud stops being an operational nuisance and becomes a direct balance sheet liability.

So, the legal question is being answered. The privacy question has a known answer, too, which I will come to. What remains is the part almost nobody has solved in practice.

The hard part is interoperability

Here is what I see happening across Europe. Consortia are forming. National platforms are launching, Pilots are being announced. All of it is welcome and now is also the time to look beyond these initiatives in isolation. We need to prevent these initiatives from becoming islands. A platform built for one group of banks in one country needs to be able to speak to a platform built for another group in another country. Beneficial-ownership registers exist in more than a hundred jurisdictions and still cannot be queried across borders. The IMF and the World Bank now describe interoperability not as a nice-to-have but as infrastructure, on the same footing as the payment rails themselves.

This is the trap. We could spend the next decade replacing one set of silos, the silos inside each bank, with a slightly larger set of silos, one per consortium. A bank would then face a choice no bank should have to make: join ten platforms and reconcile ten governance regimes or pick one and accept that its blind spots stay exactly where the criminals already operate.

Interoperability is the answer to that. By it I mean the ability for a bank to contribute to and draw from a shared picture of risk without rebuilding its systems for every partner, without moving its customer data outside its own control, and without caring which platform the bank on the other side happens to use. Fraud is a network. The defense has to be a network too, not a collection of disconnected hubs.

Why a bank's board should care

The reasons are not abstract.

Money in motion does not respect your perimeter. A mule network seldom touches one institution. It tests a transfer at one bank, routes it through a second, and cashes out at a third, often in another country. Any bank looking only at its own data is reading one page of a much longer story.

Detection genuinely improves when the picture is shared. This is no longer a theory. When Swift ran experiments with thirteen global banks across ten million test transactions, a model trained on the shared, privacy-protected picture was twice as effective at catching known fraud as a model trained on a single bank's data alone. Financial crime is estimated to have cost the industry around 485 billion in 2023. Doubling detection against a number that size is not a marginal gain.

The cost of false positives is real money and real customer friction. Better shared signal means fewer legitimate customers frozen out, and fewer hours of analyst time burned chasing alerts that were never fraud.

And the regulatory direction is now unmistakable. Between Article 75 and Article 83, collaboration is shifting from something a bank may do to something a bank is expected, and in payments soon required, to do. The institutions that treat interoperability as a capability to build now will be ready. The ones that wait will be retrofitting under a deadline.

The privacy objection, and why it no longer holds

Every time I describe this, someone raises GDPR. They are right, too. Customer data is sacred, and a bank cannot hand its records to a competitor or a platform operator to make any of this work.

It does not have to. Multi-party computation is the privacy technology that lets several banks compute a shared answer over their combined data while each bank's raw data never leaves its own control. No bank sees another bank's records. No central operator pools the data. The institutions get the collective insight, the criminals get nothing, and the regulator gets a process that satisfies privacy law and anti-money-laundering obligations at the same time. This is the one capability that makes lawful, large-scale collaboration buildable, and it is the heart of what we do.

What has actually changed

The industry has wanted this for years. The pilots proved the promise. What had not been done was the harder thing: turning the promise into a live, running platform that real banks operate on, that satisfies the new regulation, and that can connect to others rather than becoming one more island.

That is what we have built with spotixx, a solution built on the Roseman Labs platform, powered by Article 75, and multi-party computation. The interoperability problem is solved now. Three German banks are using it to show that it can be done, with more institutions joining.

Collaboration is no longer the hard part. The law allows it. Technology protects it. The proof exists. The work now is making sure the systems we build can talk to one another, so that the defense finally moves as fast as the threat.

That is why interoperability matters to banks. Not as a technical detail, but as the difference between fighting financial crime alone and fighting it together.

Join our Webinar

On 2 July, see inside Europe's first live open inter-bank fraud network.

Join Florian Schmitz (DSGV), Nick Goodall (spotixx) and Ian Wachters (Roseman Labs) for a 45-minute deep dive into Europe's first live inter-bank fraud information sharing network- currently running between three major German banks. 

 In this session, you'll learn:

• How three banks tackled data security, GDPR and operational barriers

• Significant fraud damage reduction, what it looks like in practice

• Why #MPC is the only GDPR-safe solution that keeps you in control of your data

• What it takes to join the growing network

📆 Thursday, 2 July | 🕙 13:00 - 13:45 CEST

 👉  Register HERE