Anti-Financial Crime & Financial Crime Compliance
Regulatory Intelligence Leadership | Insight | Network

Analysis & Opinion, Financial Services

EXPLAINER: The PET Revolution – how preserving data privacy in intelligence sharing is a game changer in the global FinCrime sector

Privacy Enhancing Technologies
By <strong>Sujata Dasgupta</strong> for AMLi
By Sujata Dasgupta for AMLi

Global Head (Financial Crimes Compliance Advisory) at Tata Consultancy Services

Financial Institutions (FIs) across the world have been consistently engaged in their individual fights against financial crimes, while criminals organized in networks and slowly expanded across countries and continents.

Regulators and Law Enforcement agencies have also been working within their jurisdictional boundaries, and do not have access to information on suspected criminal activities outside such boundary – a loophole that is being exploited by criminals who are laundering money to the extent of an estimated USD 2 trillion or more globally each year!

The industry has since recognized the need for concerted action among market participants within countries and regions to jointly fight financial crime. Interbank cooperation on sharing data and intelligence, as well as public private partnership (PPP) on financial crimes have been high on discussion agenda during the past 3 years.  FATF has also acknowledged the importance of PPP collaboration on fincrime intelligence sharing, which has provided an impetus to this initiative.

However, data sharing has been one of the constraints as data privacy regulations in most countries restrict sharing of customer information among FIs without the formers’ consent. As Regulators are working on ways to resolve this conflict, technology innovations on sharing data while preserving privacy are showing a lot of promise to resolve this issue for FIs in the meantime

Emergence of PPP Collaboration in Fighting FinCrime

Financial crimes like money laundering and fraud are most often conducted by organized criminal groups who leverage transnational networks, multiple financial institutions, channels and fund transfer modes. In order to track such complex web of criminal networks, channels and transactions, it is imperative for both private organisations (banks, FIs) and public ones (law enforcement, Regulators, FIUs) to collaborate, share information and generate intelligence to fight financial crimes in a coordinated manner.

Public-private partnership (PPP) for fincrime intelligence sharing is steadily emerging as a strong defense against such crimes and is now being tested in several countries, the initial proof of concepts (POC) of which have yielded positive results. Australia’s Fintel alliance, UK’s JMLIT (Joint Money Laundering Intelligence Taskforce), Netherland’s TMNL (Transaction Monitoring Netherlands), Nordics’ Invidem and Estonia’s AML Bridge are some of the initial yet pathbreaking steps in this direction.

Such initiatives are now being explored in several other countries like USA, Lithuania, Latvia and Belgium already, and we expect to see more of such PPP collaboration being emulated across other regions as well in the next few years.

The PET Breakthrough: Promise of Preserving Privacy in FinCrime Data Sharing

The European GDPR Regulation 2018 ushered in a stringent data protection regime in this region, one that transformed the way FIs collect, disclose, manage and use customer data. Other countries have also enacted similar regulations, for example USA’s California Consumer Protection Act (CCPA), UK’s Data Protection Act, Australia’s Privacy Act, India’s Personal Data Protection Bill, South Africa’s Protection of Personal Information Act to name a few.

It was around the same time that the initiative of industry participants jointly fighting financial crimes through PPP collaboration started gaining momentum. The sticking point however remained sharing customer and transaction data among the participants due to restrictions imposed by data privacy laws.

Turning challenges into opportunities has been the mantra of technology trailblazers, and this time it was no less! Thus, privacy enhancing technologies (PET) made its debut in the world of financial anti-crimes – an innovation to share information using secure encryption, without revealing the underlying customers’ personally identifiable information.

Some of the cryptographic protocols powering PETs are homomorphic encryption (HE), secure multi party computing (SMPC), zero knowledge proof (ZKP) and trusted execution environment (TEE).

Traditional data encryption, both for data at rest and in transit, requires its decryption in order to perform query or analysis and hence privacy to be compromised. PET promises to enable sharing and analysis of sensitive customer and financial data among participants without decryption, hence adhering to regulations and maintaining privacy and security.

It works by sending a query from a requesting participant in encrypted form using one of the protocols – HE, SMPC, ZKP, TEE or any other – to a data owning participant. The query and computations are executed in an encrypted form, without disclosing the query to the data owner, and the results sent back to the requestor again in encrypted form. The requestor can then view the results after decrypting them in its own trusted environment.

PET for FinCrime Intelligence Sharing: Initial Lessons Learnt

The capability of PETs to allow encryption of data during use, thus enabling computation and analysis without revealing the underlying raw data, is the key feature that has attracted the global fincrime compliance fraternity to PETs. Tech Sprint 2019 organized by UK’s FCA brought PETs to the spotlight for use in fincrime data sharing. Several POCs and pilots have been initiated in UK, Australia, Canada, and some countries in EU for accomplishing this objective.

While PETs are emerging as the next big technology disruption in fincrime compliance space, the initial PoCs have also made us aware of some challenges involved, as below:

  • Data interoperability requires common data format, schema and models across participant organisations. However very often organisations have different data models which impair the result of data query.
  • Disparate KYC and AML legacy systems within FIs and lack of a single golden source of customer and transaction data limit the accuracy of PET based query by external institutions.
  • Data quality at source is one of the key challenges which impacts the effectiveness of insights generated, due to missing or incomplete data, dummy data, inconsistent or outdated customer information and so on.
  • Encryption increases the size of data considerably, causing a drain on bandwidth. Some of the encryption protocols also require higher computing power.

The Road Ahead: Industry Adoption of PETs for Fighting FinCrime

This new decade is expected to witness a rise in PET based collaboration on fincrime intelligence pilots and implementations, going by the initial PoC successes and interest among private and public sector that this has generated. Some aspects that organisations may consider while embarking on this journey are as below:

  • As the success of intelligence sharing and collaboration through PETs is heavily dependent on data models and data quality, a common data governance among participants will enhance the effectiveness of such initiatives.
  • Pilots done on specific use cases have proved that query on peer institution dataset gets executed and delivers results in a few seconds. However, analysis of response time and resources required for implementing it on a full scale needs to be conducted, if the same performance is expected.
  • Identification of the appropriate use cases leveraging PETs can enhance the return on investment of each party. Cost of compliance can be optimized by using PET for remediation of customer data through peer benchmarking, better investigations through data augmentation, enhanced network identification and fraud prevention and others.

As more PoCs are conducted and pilots completed in the coming years, the industry will mature in its journey towards implementing PETs for collaborative fight against fincrime. Synergies of data and analytics around transaction behaviour of customer segments, risk models and scenario performances, training dataset for machine learning and AI algorithms can be derived across industry participants. The support and encouragement from Regulators of several jurisdictions has provided strong motivation to this initiative. The day does not seem too far when PETs will completely transform the way we conduct financial anti-crimes – powered by shared intelligence, industry benchmarked risk and detection models, Regulatory feedback, collaborative investigation, joint SAR filing and much more! A very exciting journey has just begun…

THE AUTHOR: Sujata Dasgupta is the Global Head (Financial Crimes Compliance Advisory) at Tata Consultancy Services Ltd., and based in Stockholm, Sweden. She has over 20 years of experience, having worked extensively in the areas of KYC, Sanctions, AML and Fraud across banking, IT services and consulting. She has had a rich global exposure through her work with premier banks in several major financial hubs, viz. New York, London, Singapore, Hong Kong, Frankfurt and Nordics. Sujata is is regularly interviewed by reputed international journals for her analysis and opinions on contemporary topics in this area.

Share this on:

Follow us on:

AML Intelligence
We hope you enjoyed reading this article

If you would like unlimited access to AML Intelligence premium articles, newsletter delivered twice a week, access to our Global Bank Fines and Penalties database, free access to Boardroom Series events and much more, select one of our subscription options and become a subscriber!