About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Protecting Data Privacy in the Fight Against Financial Crime

Subscribe to our newsletter

By Ronen Cohen, VP of Strategy at Duality Technologies.

A primary goal for financial institutions is to generate revenue while understanding and mitigating risk. Tackling financial crime and compliance issues, including fraud, cybercrimes and money laundering, is critical to achieving this goal and remains among the most challenging tasks for the industry.

The perpetual problem is the fragmented nature of data across multiple silos – both internally across borders and externally between providers – making it difficult to share and interact with it in a timely manner. Fundamentally, firms need access to the appropriate data so they can derive insights and make decisions; to do so, they need to collaborate and jointly analyze it.

A typical customer will have multiple accounts with different providers as well as relationships with separate divisions within the same provider. As a result, the end user’s financial life is broken up to the point that an institution is unable to truly understand them as a customer. In fact, an institution may only see 15% to 25% of its own customers’ activity, which means it cannot effectively protect itself nor its customers from risk and fraud.

USA Patriot Act

Collaboration between firms is crucial and regulation has gone some way to encouraging this. The USA Patriot Act (specifically Section 314(b)) allows financial institutions to share information with one another so they can identify and report to the federal government activities that may involve money laundering or terrorist financing activity, including predicate offenses.

Other regulators and government organizations around the world have joined the cause. The Financial Action Task Force (FATF), Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Financial Conduct Authority (FCA), Monetary Authority of Singapore (MAS), and of course Financial Crimes Enforcement Network (FinCEN), have continued calling for more information sharing and collaboration among regulated entities to better fight financial crimes and terrorism. However, while Section 314(b) has been well-received, it remains underutilized and, therefore, still far from reaching its full potential.

Barriers to collaboration

The problem is that firms can only share appropriate data if they can preserve privacy, confidentiality, and regulatory compliance. Too much transparency would fuel competitive concerns, as revealing details of a key account, for example, could expose valuable information to the market. Firms must also respect their country’s privacy laws, which in some cases outside the US prohibits them from declaring they have a business relationship with a specific party.

Many existing approaches cannot offer privacy guarantees. In financial crime, previous efforts have included the creation of utilities and consortia but, typically, these have leant on manual approaches and the sharing of strategies rather than actual data, which only goes so far.

Other efforts have lacked automation and proven to be inefficient. Often, participants don’t share all the available data due to privacy issues and protections around that information, and the manual nature of these efforts are difficult to scale. The processes required to share data on a one-to-one basis don’t work when it comes to sharing data with an entire network.

A third approach, which is used across the industry, is implementing transaction monitoring systems. These go a long way to helping understand risk and suspicion, but the challenge with these systems is that they rely on data that the firm or jurisdiction already has, so they don’t actually address the data sharing and collaboration problem.

Blockchain and hashing

More recent approaches to tackle financial crime are based on blockchain or hashing. With blockchain, however, the problem is that its key benefit is also its downfall – transparency. Even in a closed network, any participant can see the data being shared, which compromises privacy and security, and reveals information about competitors’ customers and transactions.

As a result, firms are often reticent to join blockchain initiatives or avoid contributing their most valuable data, making the solution incomplete and ineffective. Essentially, blockchain does not adequately address these regulatory and competitive concerns, which hampers how effective these solutions can be.

Alternatively, hashing has enabled simple comparisons, but the problem is it is easy for criminals to circumnavigate these checks. In trade finance fraud, for example, a fraudster trying to hide duplicate financing can easily use different purchase order numbers or change data across documents to make them seem different and evade searches for matches or similarities. Firms need technology that is fit for purpose and able to detect the more complex tactics that criminals deploy.

Protecting data privacy

If financial institutions could have the privacy and security guarantees that ensure the protection of their data and customers, as well as regulatory compliance, they would be more open to sharing information.

A new approach in the field of financial crime and money laundering has emerged – leveraging privacy enhancing technologies (PETs). The term covers an array of technologies, including homomorphic encryption, which allows financial institutions to perform computations on encrypted data without ever decrypting it first. This means they can share and analyze sensitive data without revealing the underlying information.

Using homomorphic encryption software deployed in a ‘hub and spoke’ model is allowing firms to tackle financial crime in real-time. For example, one institution can ask others about a specific alert or case and gain insights into any potentially fraudulent activity. The data itself remains decentralized so does not move across parties. Homomorphic encryption also means the firm’s customer relationship is never revealed and any answers cannot be attributed back to a specific financial institution, thereby preserving competition.

Digitalization has clearly accelerated within the financial sector and continual innovations in this area will prove pivotal in helping firms tackle the ongoing threats. However, it is collaboration that stands to have the greatest impact – and in this data-driven world, technology is finally emerging to enable this in ways that have not previously been possible.

Subscribe to our newsletter

Related content

WEBINAR

Upcoming Webinar: How to maximise the use of data standards and identifiers beyond compliance and in the interests of the business

Date: 18 July 2024 Time: 10:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes Data standards and identifiers have become common currency in regulatory compliance, bringing with them improved transparency, efficiency and data quality in reporting. They also contribute to automation. But their value does not end here, with data standards and identifiers...

BLOG

EU Parliament Approves Landmark Artificial Intelligence Act

The EU Parliament has approved the Artificial Intelligence Act, marking the world’s first regulation of AI. The regulation establishes obligations for AI based on its potential risks and level of impact and is designed to ensure safety and compliance with fundamental rights, democracy, the rule of law and environmental sustainability, while boosting innovation. The act...

EVENT

TradingTech Briefing New York

Our TradingTech Briefing in New York is aimed at senior-level decision makers in trading technology, electronic execution, trading architecture and offers a day packed with insight from practitioners and from innovative suppliers happy to share their experiences in dealing with the enterprise challenges facing our marketplace.

GUIDE

Managing Valuations Data for Optimal Risk Management

The US corporate actions market has long been characterised as paper-based and manually intensive, but it seems that much progress is being made of late to tackle the lack of automation due to the introduction of four little letters: XBRL. According to a survey by the American Institute of Certified Public Accountants (AICPA) and standards...