Financial institutions have been historically averse to cooperating with other financial institutions for sound commercial and compliance reasons. This has meant that they have fought the war on money laundering on their own, in isolation, often using software built internally to monitor the payment transfers of their own customers. Even software that multiple institutions share in common, provides no ability for its clients’ compliance officers to work in tandem on shared targets and cases.
This is not ideal. Money launderers do not politely stick with one FI to commit their crimes but engineer elaborate money flows and networks across different banks and regulatory domains. With the advent of exciting cross border financial networks, the placement, layering and integration steps are executed at different financial participants doorsteps. Compliance officers are left to reporting the activity, without the value of knowing what stage they thwarted. This lack of clarity makes it difficult to mitigate for decreasing the ongoing threat.
To have a better chance of thwarting them, FI’s need a more complete picture. The puzzle is incomplete if FI’s scrutinize only their own data, but combined transaction monitoring, with data from as many sources as possible, would very likely boost detection of financial crime in progress.
Difficult though this is, it is beginning to happen.
United States: FinCEN 314(b)
The US Patriot Act casts its net the widest: FinCEN 314(b) provides the legal framework for banks, insurers, mutual funds, casinos, and other types of financial institutions to share information – on a voluntary basis – when “terror financing or money laundering” is suspected. It is a permitted communication channel for compliance officers of participant institutions. It is, however, not a platform where shared financial transactions are monitored for criminal activity on a day-to-day basis. This lack of close to real-time tactical data sharing has been spotted in FinCEN’s SAR reviews demonstrating only a mere 20% of SARs annotated a 314b related investigation. That being said, over 8000 financial institutions used the mechanism to report suspicious activities. Those SAR’s in over 80% of the cases were purported to be money laundering investigations.
Such a platform is in an exploratory mode in The Netherlands with a consortium of five Dutch banks known as TMNL. Of the participants, the three largest – ING, Rabobank and ABN AMRO make up around 80% of total Dutch banking assets. The financial reach and clout of TMNL mean it enjoys active backing from the government and this may be key to its success.
Similarly, new guidelines from the Dutch Data Protection Authority have permitted 160 licensed banks and insurers to share details of suspected fraudsters within the confines of strict privacy laws. Additionally, TMNL has the added benefit of working closely with Dutch enforcement agencies, ministries of Finance, Justice and Security, the Fiscal Information and Investigation Services, and the FIU. This widespread collaboration has an efficiency over the 314 approaches of ensuring that the intelligence stakeholders are immediately informed.
What has excited the compliance community in The Netherlands and beyond are the early successes of TMNL, where the analysis of a year’s worth of data from the five banks revealed several previously undetected criminal schemes.
How does a platform such as TMNL operate, and could the Dutch project, alongside a communication channel similar to the US 314b participant network be a template for other data-sharing mechanisms, powered by critical SaaS regtechs?
Clear data sharing guidelines: As we remarked earlier, knowledge sharing goes against almost every instinct of the larger institutions and is technologically difficult to achieve. For European banks, there is the legal barrier of GDPR. Security and data sharing guidelines must be negotiated and agreed upon; protocols of communication and feedback mechanisms put in place to alert participating banks of potential criminal activity. How do you review the performance of a transaction monitoring platform, or measure its success?
Commonly used, not commonly controlled: The platform (whatever it looks like) will require substantial innovation, yet may have to operate at arm’s length from the consortium. This is the case with TMNL which is effectively a fintech with its own office and staff. The encrypted data are shared but the results – that is to say, any indication of money laundering – “belong” to the banks involved in the payment chain. The banks investigate independently and rule independently whether to file a report with the Dutch Financial Intelligence Unit.
Balance on individual and collective monitoring: Any joint transition monitoring scheme can never be a substitute for a bank’s internal fraud monitoring but offers enormous potential benefits as data is scrutinised by multiple investigative eyes and is submitted to multiple detection models, not just one.
The idea of joint monitoring and detecting is a no-brainer, but its execution presents a considerable headache for banks and regulators. The main obstacle is data. Any mature business will have a fragmented legacy of multiple data sets and systems, and no two banks are alike. On the other hand, an innovative regtech, whose USP commits to unlocking data silos, might strike just the right balance to tackle this.
All eyes are on the Dutch scheme which is expected to go live later this year. Compliance officers worldwide are keenly interested in its progress because deeper inter-financial cooperation in the fight against financial crime is the way of the future.
At Sentinels, we believe that data sharing is the key to successful AML compliance and transaction monitoring. Our recent partnership with PPRO, the leading local payments infrastructure provider, will take this into practice: by monitoring for suspicious activity across PPRO’s customers, it enables cross-institutional monitoring - the next exciting frontier in compliance. Read more here.
Sentinels (‘us’, ‘we’, ‘ our’’) is dedicated to protect the confidentiality and privacy of your personal data and information entrusted to us. This Privacy Statement provides an overview of our standard data processing activities and sets forth your rights in relation to the processing of your personal data.
Slimmer AI Sentinels B.V. a limited liability company incorporated under the laws of the Netherlands, Chamber of Commerce number 82155313, having its registered office at The Rock Atoomweg 6-B 9743 AK Groningen (‘Sentinels’).
We are responsible for processing your personal data in accordance with the European General Data Protection Regulation (‘Data Protection Regulation’).
We have appointed a Data Protection Officer (DPO) for you to contact if you have any questions or concerns about this Privacy Statement and/or your rights set forth in this statement. Please contact us at email@example.com.
This Privacy Statement provides information about collecting, storing and processing of your personal data that you disclose to us when you use our services.
The type of personal information we collect may depend on how you interact with us and our platform and which services you choose to use. Generally, we collect, store and use the following personal information: name, surname, job title, company, business type, and email address.
When you choose to use our services, you agree to provide us with most of the personal data when you:
We process your personal data in accordance with the provisions of Data Protection Regulation. We will only use and process your personal data we obtain in the context of commercial relationship. We intend to use and process your personal data under the following conditions:
In case we rely on consent as a legal basis for processing your personal data, please note that you have the right to withdraw your consent at any time by contacting at firstname.lastname@example.org. However, please consider that withdrawing the consent may affect the legal basis of processing of your data, hence we may not be able to provide certain products or services to you. If this is the case, you will be advised accordingly at the time you withdraw your consent.
We are committed to maintaining organizational and technical security measures to protect the personal data we hold about you. We have implemented a set of controls and relevant policies and procedures to prevent the personal data we hold about you from being accidentally or deliberately compromised.
Your personal data is stored in accordance with the provisions of the contractual agreements and/or applicable statutory obligations. We maintain adequate retention policies and procedures so that your personal data are deleted after a reasonable and prescribed time. The data will not be stored longer than is strictly necessary to achieve the purposes for which the data have been collected.
Data collected via the website will be retained until users unsubscribe (after which a new consent will be requested)
We do not transfer your personal data to third parties unless it is mandatory by law or court order, in order to protect the rights of the parties involved in the performance of the agreement or if you give your consent to do so.
Cookies are files with a small amount of data, which may include an anonymous unique identifier. We use functional cookies that are essential for technical operations necessary for the users’ navigation on the platform. These cookies also support the website security and basic functionality.
You can set your browser in order not to accept cookies. However, in certain cases, some of our website features may not function as expected.
For more information regarding the cookies in use can be found in our Cookies Policy.
You have the right (under the certain circumstances and subject to the exceptions), pursuant to Data Protection Act to:
You can exercise any of the above-specified data protection rights, by contacting us at: email@example.com.
Should you have any questions or concerns about this privacy statement or you would like to exercise one of your data protection rights, please do not hesitate to contact us at: firstname.lastname@example.org.
However, if you feel we haven't addressed your concern in a satisfactory manner, you have the right to contact the Data Protection Authority.
Address: PO Box 93374, 2509 AJ DEN HAAG
Telephone: +31 70 888 85 00
Privacy Statement Version
This Privacy Statement was last modified on September 1, 2021.
We reserve the right to update or change our Privacy Statement at any time and you should check this Privacy Statement periodically. Your continued use of the service after we post any modifications to this Statement will constitute your acknowledgement of the modifications and your consent to abide and be bound by the modified Privacy Statement.
If we make any material changes to this Privacy Statement, we will notify you either through the email address you have provided us or by placing a notice on our website.