About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Interoperability and Innovation: Building a Unified Defence Against Global Fraud

Subscribe to our newsletter

By Josh Vowles-Dent, Business Strategy and Partnerships Manager, ComplyCube.

The global regulatory landscape has become far more demanding over the past few years, leaving firms vulnerable to the costly penalties and reputational damage that come with non-compliance. Regulations have become increasingly complex as a result of the dynamic nature of fraud and its fast-paced evolution.

In 2023, US consumers lost a total of $10 billion to fraud, while the Global Anti-Scam Alliance (GASA) estimates that scammers globally stole over $1 trillion from victims. Interpol, the International Criminal Police Organization, states, “The use of AI, large language models and cryptocurrencies combined with phishing- and ransomware-as-a-service business models have resulted in more sophisticated and professional fraud campaigns without the need for advanced technical skills, and at relatively little cost.” These new AI-powered fraudulent practices require regularly revised compliance mandates from national and international watchdogs. In response, the global RegTech sector has rapidly expanded, offering sophisticated solutions to help businesses navigate compliance challenges and mitigate fraud risks.

Emerging technologies have been increasingly adopted by the RegTech sector to power these solutions, such as Artificial Intelligence (AI), Machine Learning (ML), and cloud computing. However, one thing made clear in the fight against digital fraud is that cooperation, such as data-sharing between organizations, is critical. Businesses can quickly identify suspicious activities for a unified defence by pooling resources and sharing intelligence across sectors. Regulatory bodies have recognized the value of collaboration, promoting frameworks that encourage cross-sector data exchanges. As a result, businesses can form a far more resilient compliance structure.

Global Regulations & Interoperability 

In response to these challenges, several international organizations have stepped into a leadership role in order to enforce Anti Money Laundering (AML), Identity Verification (IDV), and Know Your Customer (KYC) regulations on a global scale.

Setting Global Standards: United Nations, Financial Action Task Force, The EU & IMF 

The United Nations, the Financial Action Task Force (FATF), the International Monetary Fund (IMF), and the European Union are some examples of key players in this arena. Global standards such as the International Organisation for Standardisation (ISO) are equally crucial when defining expectations for the sector. ISO sets out global identity management requirements and security practices, creating consistent guidelines and frameworks. These organizations ensure that systems and regulations can work together seamlessly across jurisdictions and sectors through harmonized frameworks, shared standards, and collaborative policies.

The UN recently underlined the importance of international cooperation within the IDV space during the recent “Digital Identity in the Era of AI” conference, which formed part of the UN Summit of the Future. The launch of a new certification program to further establish international standards for AI systems, called “AI Safety, Trust, and Responsibility” (AI STR), was announced. Philemon Yang, President of the UN General Assembly, emphasized the critical need for global cooperation to navigate the “ongoing technical revolution.”

Insight Partners, a leading VC and PE firm with headquarters in New York, argued in its 2024 predictions that, when it comes to cybersecurity, “the risks created by AI will only be combated with AI.” For this reason, organizations need to work together, as businesses must partner with IDV, AML, and KYC platforms that can leverage the very tools that are used to attack them. Furthermore, IDV, KYC, and AML platforms must ensure they’re offering state-of-the-art solutions that match the sophistication of fraudulent attacks. Solutions can be fortified through a unified approach in which all providers can access data-sharing networks while still abiding by privacy laws such as GDPR (EU), UK GDPR, CCPA (California), DPA (UK), and PDPA (Singapore).

eIDAS 

The European Union has also been very much at the forefront of this push for cooperation and interoperability, having created its eIDAS Regulation (Electronic Identification, Authentication and Trust Services). First introduced in 2014, its principal aim was to establish digital trust, setting the foundation for interoperability between different EU nations. eIDAS allowed for the recognition of any eID within any EU member state, allowing for cross-border interactions that benefitted both businesses and individuals.

“The eIDAS regulation facilitates secure cross-border transactions by establishing a framework for digital identity and authentication. It aims to create confidence in electronic interactions and promote seamless digital services in the EU.”

The EU recently announced eIDAS 2.0, strengthening the framework to address new developments in digital fraud. eIDAS 2.0 solidified policies regarding IDV, AML, and KYC, introducing the European Digital Identity Wallet (EUDI Wallet). This wallet enables individuals to manage their sensitive identity data across borders, helping simplify regulatory compliance processes and digital transactions.

Aligning International Standards 

To align with global standards, the EU and the US have worked together to bridge the gap between the eIDAS framework and the US National Institute of Standards and Technology (NIST) Digital Identity Guidelines.

While eIDAS encompasses a wide range of trust services, including digital identity, NIST primarily focuses on digital identity authentication and management. This collaborative effort has involved a taxonomical mapping to align the levels of assurance and key concepts between the two frameworks, aiming to improve mutual understanding.

The UK Endorses Data-Sharing for a Fortified AML Approach 

The UK government issued new guidance (October 2024) to help Anti Money Laundering (AML) firms share critical data for fighting financial crime without the fear of being held liable for breaches of confidentiality. This guidance helps firms implement the rules introduced by the ECCT Act 2023, which came into effect in January 2024. These changes will allow for:

  • Easier Data Sharing: Businesses can now share customer data more easily, either directly or through third-party intermediaries.
  • Liability Protection: Firms are protected from legal action for sharing information to prevent crime. This encourages data sharing without worrying about breaking confidentiality rules.
  • Cross-Sector Sharing: Businesses can share information across different industries, helping them detect criminal activity that spans multiple accounts or sectors.
  • UK Focus: The rules apply to information sharing within the UK, and protections are not extended to cross-border data sharing.

These rules will be discussed in more detail at the AMLP’s 18th Annual European Financial Crime Conference in November 2024.

The Road to Interoperability: Democratising Data 

The international journal AI & Society recently stated that “the global economy requires transnational exchange of data when authenticating ID holders or citizens. This data exchange must be based on openness and transparency, as well as increased communication, collaboration, and sharing, which can be achieved through interoperability.” Navigating global privacy laws has become increasingly difficult for organizations, as these regulations vary across regions and often restrict data sharing. Striking the balance between increased transparency and respecting strict privacy laws is often challenging but necessary for the evolution and growth of the sector. Networks that enable data-sharing and transparency while still respecting privacy laws are crucial steps toward effective fraud prevention and fortified solutions.

Understanding the provenance of data within these shared networks allows for enhanced accountability, ensuring that data is reliable and traceable by providing details of its origin. This not only strengthens trust but also helps organizations meet compliance requirements and reduce the risk of data manipulation, ultimately improving the overall security and integrity of digital ecosystems.

SIRA (UK)

The SIRA Network is the largest syndicated database of cross-sector customer risk intelligence in the UK, leveraged by many financial institutions, insurance companies, and more to assess risk and prevent crime. The SIRA Network enables 180 clients to share reported fraud data across 400 million records. API services are used to access data depending on the strength of evidence, the history of the identity over time, and the risk of fraud. Gathered intelligence is then aligned with UK DIATF levels of confidence, helping to provide an accurate categorization of the potential fraud risk.

SIRA allows for data transparency regarding identity fraud, enabling organizations to identify patterns that can be linked to identity fraud. The network leverages both internal data (from financial institutions) and external sources (e.g., public databases, government records, sanctions lists, etc) to build a comprehensive risk overview of a particular individual, transaction, or entity. It incorporates checks that pull data from authoritative sources, such as the Disclosure of Death Information Registration (DDRI) to carry out mortality verification, and Amber Hill, a Metropolitan Police Service with a database on counterfeit documents and fraudulent identities.

Due to strict privacy laws (GDPR), intelligence networks such as SIRA approach data sharing safely and securely. Personal data is anonymized or pseudonymized, allowing for a collaborative defence network against fraud without breaking privacy laws.

AAMVA (US)

Another great example of interoperability within the RegTech sector, this time in the United States, is the American Association of Motor Vehicle Administrators (AAMVA). Through its Driver’s License Data Verification (DLDV) service, AAMVA allows for immediate driver identity verification across the US and Canada, easily integrated into all 42 states that participate in one API.

“DLDV connects industry and motor vehicle agencies in real time to create a uniform solution for identity verification.”

Like the SIRA, AAMVA operates in an environment that is subject to strict privacy laws (the CCPA), meaning that data sharing must be carried out in compliance with legal standards.

Joshua Vowles-Dent, Business, Strategy, and Partnerships Manager at ComplyCube, states, “Data-sharing between organizations is no longer optional—it’s essential. Businesses can collectively identify suspicious activities and bolster their defences by pooling resources and sharing intelligence across sectors. AAMVA and SIRA exemplify this principle, and we’re extremely glad to be working closely with the two networks at ComplyCube.”

ComplyCube’s Partnership with AAMVA and SIRA

Reliable data sources have become a critical component of the RegTech sector, as organizations rely on increased transparency to evaluate risk. ComplyCube, an all-in-one platform for IDV, AML, and KYC compliance, has partnered with both AAMVA and the SIRA network, allowing its checks to provide enhanced insights to its clients.

By working with AAMVA, ComplyCube is able to verify driver’s licenses or ID information in real-time against data from the issuing authority. Driver verification checks are highly thorough, along with biometric identity checks and document checks.

Similarly, ComplyCube fortifies its UK government-certified Right to Rent, Right to Work, and DBS checks with its access to the SIRA network. Through access to Amber Hill and the DDRI, as well as customer risk intelligence from over 160 UK institutions, these checks are fortified and provide enhanced profiles on potential tenants and employees.

As fraud continues to evolve, regulations will, too, increase operational complexities for every business. However, as collaboration increases amongst both regulators and organizations, processes and outcomes are fortified. Looking ahead, sustained collaboration and ongoing dialogue will be crucial in addressing challenges and unlocking the full potential of a unified defence against fraud and financial crime.

For more information on safeguarding your business from digital fraud, get in touch with one of ComplyCube’s compliance experts.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: Best practices for regulatory reporting

Regulatory reporting is a repetitive, time consuming and expensive business. At its best it requires robust data governance, automated data collection and reporting, standardised reporting formats, a centralised reporting system and a means to monitor and review regulatory change. Nothing new here – but there are emerging approaches and technologies that could lighten the load....

BLOG

ACA Group Expands Global Presence with Acquisition of Effecta Compliance Group

ACA Group has acquired Effecta Compliance Group, a regulatory consultancy serving financial services firms in the UK and the United Arab Emirates (UAE). This strategic move marks ACA’s entry into the Middle East, enhancing its ability to support clients operating in or expanding to the UAE. The UAE’s financial sector has seen significant growth recently....

EVENT

TradingTech Summit MENA

The inaugural TradingTech Summit MENA takes place in November and examines the latest changes and innovations in trading technology and explores how technology is being deployed to create an edge in sell side and buy side capital markets financial institutions in the region.

GUIDE

Regulatory Data Handbook 2024 – Twelfth Edition

Welcome to the twelfth edition of A-Team Group’s Regulatory Data Handbook, a unique and useful guide to capital markets regulation, regulatory change and the data and data management requirements of compliance. The handbook covers regulation in Europe, the UK, US and Asia-Pacific. This edition of the handbook includes a detailed review of acts, plans and...