Data Sharing: Revolutionising financial crime prevention

by Benjamin David, Editor, The Payments Association
Data sharing

Share this post

What is this article about?

The increasing need for enhanced data sharing in the payments industry to combat the rising threat of financial crime, specifically money laundering and online-enabled fraud.

Why is this important?

Financial crime poses significant risks to the growth and security of the payments industry and the economy, and improved data sharing is essential for effective crime prevention and detection.

What’s next?

The implementation of new regulations, advanced technologies, and public-private partnerships for more efficient economic crime prevention

The urgency around combatting the threat of financial crime in the payments sector has become increasingly vocal in recent years, reflected in The Payments Association 2023 report, Data Sharing to Prevent Economic Crime; Why You Can Now Share Data with Confidence. The report, produced with the support and involvement of Form3, finds money laundering and fraud are the biggest threats to the growth of the payments industry and the security of the UK. Indeed, the report showcases the sophistication and volume of money laundering, with global estimates suggesting that approximately $2 trillion is laundered annually. In the UK, fraud constitutes over 40% of all recorded crimes, with a sizeable percentage being online-enabled.

The report reveals that criminals are improving at defrauding customers, avoiding detection and laundering the proceeds across the private and public sectors. Moreover, the payments industry must be designed to enable and facilitate data sharing. Even though there are legal obligations, a plethora of matters lack data-sharing incentives with other payments companies. These include:

  • Suspicious transactions or parties to the transactions
  • Victims of potential victims
  • Suspected or proven criminals

Crime identification and prevention have become increasingly complex and costlier with the payment industry’s increasing innovation and fragmentation. The report notes that organisations beyond financial services, including telcos and retailers, complicate data sharing and crime prevention measures, making solving the problem more challenging.

Why is the Payments industry not sharing data?

The payments industry’s reluctance to share data can be attributed to various factors, as revealed by The Payments Association’s 2023 survey on data sharing with its members. The range of barriers that Financial Institutions face when sharing data to prevent economic crime include:

  • Balancing data privacy
  • Siloed data within firms
  • Inconsistency in data format
  • Inaccurate data
  • Lack of incentives
  • Lack of alignment
  • Lack of suitable infrastructure
  • Costs or lack of business care for sharing
  • Economic crime
  • Reputational damage
  • Brexit

The fear of breaching data protection laws is of particular note, making companies reluctant to share information. The complexities of data protection legislation exacerbate these worries, finds the survey, especially under General Data Protection Regulation (GDPR) rules and other comparable frameworks, which impose strict data handling and sharing requirements.

A second noteworthy barrier is the internal structure of companies, which are prone to siloing. Here, inconsistent data formats and quality often result from technical limitations and legislative factors. Moreover, data-sharing is hindered by a lack of standardised infrastructure for data sharing in payments and the need for clear incentives for companies to participate in data-sharing initiatives.

Proposed legislation, like the UK’s Data Protection and Digital Information Bill, endeavours to redress these issues by clarifying the legal framework for data sharing. It aims to reform UK data protection laws, simplify the framework, facilitate digital identity verification, and enhance data sharing to combat economic crime. It also introduces ‘Recognised Legitimate Interests’ for data processing and creates provisions under the Proceeds of Crime Act 2002 for voluntary information sharing in economic crime prevention. Despite proposed legislation, data-sharing barriers will only continue without effective implementation and adoption by the industry.

An evolution in regulation

The report from The Payments Association notes an evolution in the regulatory landscape around data sharing in the fight against economic crime, with significant developments in the UK marking a new era of collaboration and technological progress. The UK Government’s Second Economic Crime Plan, published in March 2023, delineates a comprehensive strategy up to 2026, focusing on tackling money laundering, fraud, kleptocracy, and sanctions evasion. The Plan emphasises the value of enhanced collaboration, highlighting the roles of existing public-private partnerships, such as the Joint Money Laundering Intelligence Taskforce, Joint Fraud Taskforce, and Dedicated Card and Payment Crime Unit.

Francisco Mainez, director of financial crime and regulatory transformation at Lucinity, says that the main goal of this bill is to enhance the accuracy of Companies House data, which will “help in making better business decisions and conducting more effective law enforcement investigations.” He also says that the bill grants enforcement agencies more authority to seize and recover suspicious criminal crypto assets: “This adds a new layer of enforcement to fight financial crime more effectively.”

The UK also introduced the Economic Crime Levy (ECL), a financial commitment to bolster the fight against economic crime. The ECL, applicable to all organisations supervised under the Money Laundering Regulations (MLRs) and with a UK budget of over £10.2 billion, aims to create funds for investments in data-sharing infrastructure and capabilities. One such investment, over $100 million, involves state-of-the-art technology that analyses and shares data on threats in real-time, emboldening law enforcement agencies. Another investment of £1.2 million is allocated for a dedicated team to reform the AML supervisory regime, enhancing risk-based supervision, enforcement, and sharing high-value information and intelligence.

Leveraging technology in data sharing 

Alongside an evolution in regulation, The Payment Association’s The Imperative of Data Sharing’s notes that new technology offers hope for data-sharing in the fight against economic crime. The generation of artificial data, also known as Synthetic Data Generation (SDG), can effectively enhance privacy when sharing data for secondary use. This process produces datasets that do not contain identifiable information, allowing their use and disclosure without the legal requirement for extra consent, as these datasets are not classified as personal information.

In November 2023, the Financial Conduct Authority (FCA) updated the Synthetic Data Expert Group, showcasing its efforts since it was founded in March 2023. The group, consisting of 21 experts from diverse backgrounds, aims to deliver practical synthetic data insights for use in financial markets. The Group’s much-anticipated report, anticipated to be released at the end of 2024, will cover areas such as data augmentation, system testing, and data sharing, both internally and externally.

Another promising technology is Privacy Enhancing Technologies (PETs), which can alter the dynamics of data sharing within financial services by decreasing or eliminating privacy risks. The PETs Challenge, a program that pits various PETs against each other, reveals their effectiveness in crime detection and robustness against sophisticated artificial intelligence (AI) technology. The report notes these initiatives’ timeliness, given that fraudsters increasingly turn to AI, requiring a parallel technological escalation in the payments industry.

Jane Jee, lead for the Financial Crime Working Group, The Payments Association, and co-author of the Payments Association report, says that PETs allow businesses to leverage the increasing amount of data available by keeping personal or sensitive information private while still enabling data collection and analysis. “They can include techniques such as encryption, anonymisation, and differential privacy and are already being applied to a broad range of data usage and secure AI challenges across industries,” she explains. 

In September 2022, the US-UK PET Prize was initiated by the White House Office of Science & Technology. The initiative, emphasising the crucial role of data sharing and incorporating advanced technology such as homomorphic encryption, moved through various phases, including red teaming and stress testing. It aimed to assess the effectiveness of PETs against sophisticated AI-driven attacks. Winners were announced on March 2023, with Cambridge University and STARLIT, a collaboration between Privitar, University College London, and Cardiff University, both achieving joint first place.

The need for public-private partnerships

The Payment Association’s Data Sharing to Prevent Economic Crime; Why You Can Now Share Data with Confidence report stresses that the future of combating economic crime in payments lies in developing a robust, data-driven, interoperable, and centralised mechanism. A strategic public-private partnership (PPP) is necessary here. Fortunately, this concept is not as newfangled as it might sound. The UK was one of the first countries to establish a PPP, the Joint Money Laundering Intelligence Task Force (JMLIT). Moreover, in 2023, the UK’s Economic Crime and Corporate Transparency Act (ECCTA) showcased new tools to aid PPPs and information sharing. Several measures were introduced, including allowing for direct data sharing between regulated businesses and indirect information via third-party intermediaries.

The UK Government’s Second Economic Crime Plan also aims to encourage more public-private collaboration, including introducing a public-private cell to bolster the response to new risks related to cryptocurrency, initiating a Public Private Economic Crime Data Strategy aimed at combating financial crime and formulating a strategy for a combined public-private workforce to foster increased cooperation and expertise enhanced across both sectors.

The Payment Association’s Jane Jee explains that public-private partnerships are seen as the bedrock of defeating financial crime in the UK – each has an essential part to play. She points to the NECC (part of the National Crime Agency), which brings together law enforcement agencies, government departments, regulatory bodies and the private sector with a shared objective of driving down Serious Organised Economic Crime (SOEC) in the UK. Yet, “the NECC needs to engage not just with AML regulated entities but also with RegTech companies which have the technology to tackle the networks and activities of SOEC”.

According to ComplyAdvantage’s State of Financial Crime 2024 survey, 56% of firms said they’re already involved in a public-private partnership, with another 39% intending to join within the next 12 months. In the report, Alia Mahmud, global regulatory affairs practice lead, ComplyAdvantage, said that to maximise the opportunity, firms should identify public-private partnerships and explore how to engage local FIUs. “Where joint advisories are published by public-private partnerships, firms should identify how to build findings into relevant risk assessments, policies, and systems to ensure that they can identify emerging threats.”

Establishing common standards and consistent analytical processes will be vital in this endeavour. Moreover, creating, building and delivering a suitable and accepted liability will also be necessary, orchestrated through a specific ‘scheme’ managed by either a new institution or one already engaged in open banking, finance, and data. This will provide a more coordinated and efficient response to economic crime, harnessing the strengths of both the public and private sectors.

More To Explore

Membership

Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Continue reading

This content is only available to members - please see instructions below!

Become a member to continue reading

Member of The Payments Association? Log in to continue reading

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?