Why Tackling Financial Crime Calls for A Privacy-First Approach

By Dr. Alon Kaufman, CEO and Co-Founder of Duality Technologies

To gain the upper hand in the fight against financial crime, banks and other financial institutions need to share data, but concerns around privacy, confidentiality and regulatory compliance often prevent them from doing so. Alon Kaufman, chief executive officer and co-founder at Duality Technologies, looks at how firms are adopting a privacy-first approach to overcome these barriers and enable greater collaboration.

Cybercrime, fraud and money laundering continue to pose major threats to financial institutions and their customers. As attacks become more sophisticated, detecting, investigating and preventing risks grows more challenging and firms often find that existing approaches have notable limitations.

Success hinges on having access to the right data, but the problem is that data is dispersed across multiple lines of business within an institution, geographic locations and third-party institutions. This fragmentation can make it near impossible to access and analyze all the relevant data quickly in order to gain insights.

A typical customer will have multiple accounts with different providers as well as relationships with separate divisions within the same provider. As a result, the customer’s financial life is broken up to the point that no single institution has a complete view of the customer. In fact, a typical financial institution only sees 15%-25% of its own customers’ activity, which means it cannot effectively protect itself nor its customers from financial crime.

An evolving data collaboration regulatory framework

Collaboration between firms is crucial and regulation has gone some way to encouraging this. The USA Patriot Act, specifically Section 314(b), allows financial institutions to share information with one another so they can identify and report to the federal government activities that may involve money laundering or terrorist financing activity, including predicate offenses.

Other governments and regulators around the world have joined the cause. The Financial Action Task Force (FATF), Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Financial Conduct Authority (FCA), Monetary Authority of Singapore (MAS), and of course Financial Crimes Enforcement Network (FinCEN), have continued calling for more information sharing and collaboration among regulated entities to better fight financial crimes and terrorism. However, while Section 314(b) has been well-received, it remains underutilized and, therefore, still far from reaching its full potential.

Existing approaches

The problem is that firms can only share appropriate data if they can preserve privacy, confidentiality, and regulatory compliance. Too much transparency would fuel competitive concerns, as revealing details of a key account, for example, could expose valuable information to the market. Firms must also respect their country’s privacy laws, which in some cases outside the US prohibits them from declaring they have a business relationship with a specific party.

Many existing approaches cannot offer privacy guarantees. In financial crime, previous efforts have included the creation of utilities and consortia but, typically, these have leant on manual approaches and the sharing of strategies rather than actual data, which only goes so far.

Other efforts have lacked automation and proven to be inefficient. Often, participants don’t share all the available data due to privacy issues and protections around that information, and the manual nature of these efforts are difficult to scale. The processes required to share data on a one-to-one basis don’t work when it comes to sharing data with an entire network.

A third approach, which is used across the industry, is implementing transaction monitoring systems. These go a long way to helping understand risk and suspicion, but the challenge with these systems is that they rely on data that the firm or jurisdiction already has, so they don’t actually address the data sharing and collaboration problem.

More recent approaches to tackle financial crime are based on blockchain or hashing. With blockchain, however, the problem is that its key benefit is also its downfall – transparency. Even in a closed network, any participant can see the data being shared, which compromises privacy and security, and reveals information about competitors’ customers and transactions.

As a result, firms are often reluctant to join blockchain initiatives or avoid contributing their most valuable data, making the solution incomplete and ineffective. Essentially, blockchain does not adequately address these regulatory and competitive concerns, which hampers how effective these solutions can be.

Alternatively, hashing has enabled simple comparisons, but the problem is it is easy for criminals to circumnavigate these checks. In trade finance fraud, for example, a fraudster trying to hide duplicate financing can easily use different purchase order numbers or change data across documents to make them seem different and evade searches for matches or similarities. Firms need technology that is fit for purpose and able to detect the more complex tactics that criminals deploy.

Customer financial data is highly sensitive and must be kept private and secure. Unfortunately, locking data away in silos creates blind spots for malicious actors to evade detection by freely maneuvering between institutions and across borders. Banks and financial institutions use Duality to shine a bright light on the dark shadows of data silos by allowing them to collaborate on customer data while preserving privacy.

A privacy-first approach

If financial institutions could have the privacy and security guarantees that ensure the protection of their data and customers, as well as regulatory compliance, they would be more open to sharing information.

A new approach has emerged – leveraging privacy enhancing technologies (PETs). The term covers an array of technologies, including homomorphic encryption, which allows financial institutions to perform computations on encrypted data without ever decrypting. This means they can share and analyze sensitive data without revealing the underlying information.

The data itself remains decentralized so it does not move across parties. Homomorphic encryption also means the firm’s customer relationship is never revealed and any answers cannot be attributed back to a specific financial institution, thereby preserving competition.

Mitigating risk will remain a top priority for financial institutions and PETs have emerged as valuable tools in organizations’’ armories. Ultimately, these technologies are paving the way for firms to collaborate in new ways and finally unlock the value in their data – and this could prove to be a major game-changer in the fight against financial crime.

About the Author

Dr. Alon Kaufman, CEO and Co-Founder of Duality Technologies. has 20 years of experience in the hi-tech arena, commercializing data-science technologies, leading industrial research and corporate innovation teams. Prior to founding Duality he served as RSA’s global director of Data Science, Research and Innovation. In addition to his leadership experience, he is accomplished in the fields of artificial intelligence, machine learning and how they interplay with security and privacy, with over 30 approved US patents in these fields. He holds a PhD. in Computational Neuroscience and machine learning from the Hebrew University and an MBA from Tel Aviv University.Alon can be reached online at https://dualitytech.com