By Ronen Cohen, VP of Strategy at Duality Technologies.
A primary goal for financial institutions is to generate revenue while understanding and mitigating risk. Tackling financial crime and compliance issues, including fraud, cybercrimes and money laundering, is critical to achieving this goal and remains among the most challenging tasks for the industry.
The perpetual problem is the fragmented nature of data across multiple silos – both internally across borders and externally between providers – making it difficult to share and interact with it in a timely manner. Fundamentally, firms need access to the appropriate data so they can derive insights and make decisions; to do so, they need to collaborate and jointly analyze it.
A typical customer will have multiple accounts with different providers as well as relationships with separate divisions within the same provider. As a result, the end user’s financial life is broken up to the point that an institution is unable to truly understand them as a customer. In fact, an institution may only see 15% to 25% of its own customers’ activity, which means it cannot effectively protect itself nor its customers from risk and fraud.
USA Patriot Act
Collaboration between firms is crucial and regulation has gone some way to encouraging this. The USA Patriot Act (specifically Section 314(b)) allows financial institutions to share information with one another so they can identify and report to the federal government activities that may involve money laundering or terrorist financing activity, including predicate offenses.
Other regulators and government organizations around the world have joined the cause. The Financial Action Task Force (FATF), Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Financial Conduct Authority (FCA), Monetary Authority of Singapore (MAS), and of course Financial Crimes Enforcement Network (FinCEN), have continued calling for more information sharing and collaboration among regulated entities to better fight financial crimes and terrorism. However, while Section 314(b) has been well-received, it remains underutilized and, therefore, still far from reaching its full potential.
Barriers to collaboration
The problem is that firms can only share appropriate data if they can preserve privacy, confidentiality, and regulatory compliance. Too much transparency would fuel competitive concerns, as revealing details of a key account, for example, could expose valuable information to the market. Firms must also respect their country’s privacy laws, which in some cases outside the US prohibits them from declaring they have a business relationship with a specific party.
Many existing approaches cannot offer privacy guarantees. In financial crime, previous efforts have included the creation of utilities and consortia but, typically, these have leant on manual approaches and the sharing of strategies rather than actual data, which only goes so far.
Other efforts have lacked automation and proven to be inefficient. Often, participants don’t share all the available data due to privacy issues and protections around that information, and the manual nature of these efforts are difficult to scale. The processes required to share data on a one-to-one basis don’t work when it comes to sharing data with an entire network.
A third approach, which is used across the industry, is implementing transaction monitoring systems. These go a long way to helping understand risk and suspicion, but the challenge with these systems is that they rely on data that the firm or jurisdiction already has, so they don’t actually address the data sharing and collaboration problem.
Blockchain and hashing
More recent approaches to tackle financial crime are based on blockchain or hashing. With blockchain, however, the problem is that its key benefit is also its downfall – transparency. Even in a closed network, any participant can see the data being shared, which compromises privacy and security, and reveals information about competitors’ customers and transactions.
As a result, firms are often reticent to join blockchain initiatives or avoid contributing their most valuable data, making the solution incomplete and ineffective. Essentially, blockchain does not adequately address these regulatory and competitive concerns, which hampers how effective these solutions can be.
Alternatively, hashing has enabled simple comparisons, but the problem is it is easy for criminals to circumnavigate these checks. In trade finance fraud, for example, a fraudster trying to hide duplicate financing can easily use different purchase order numbers or change data across documents to make them seem different and evade searches for matches or similarities. Firms need technology that is fit for purpose and able to detect the more complex tactics that criminals deploy.
Protecting data privacy
If financial institutions could have the privacy and security guarantees that ensure the protection of their data and customers, as well as regulatory compliance, they would be more open to sharing information.
A new approach in the field of financial crime and money laundering has emerged – leveraging privacy enhancing technologies (PETs). The term covers an array of technologies, including homomorphic encryption, which allows financial institutions to perform computations on encrypted data without ever decrypting it first. This means they can share and analyze sensitive data without revealing the underlying information.
Using homomorphic encryption software deployed in a ‘hub and spoke’ model is allowing firms to tackle financial crime in real-time. For example, one institution can ask others about a specific alert or case and gain insights into any potentially fraudulent activity. The data itself remains decentralized so does not move across parties. Homomorphic encryption also means the firm’s customer relationship is never revealed and any answers cannot be attributed back to a specific financial institution, thereby preserving competition.
Digitalization has clearly accelerated within the financial sector and continual innovations in this area will prove pivotal in helping firms tackle the ongoing threats. However, it is collaboration that stands to have the greatest impact – and in this data-driven world, technology is finally emerging to enable this in ways that have not previously been possible.