Building trust for compliance as a service

One of the main challenges of establishing a shared anti-financial crime utility – in addition to legal hurdles – is building trust and cooperation between banks.

The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

In the first part of this series, we discussed the potential benefits of shared compliance utilities could bring to the UK banking industry, illustrated by emerging examples from the EU.

Banks are naturally reluctant to share data with their competitors, especially when it comes to customer data, which is completely in line with customer, and regulator, expectations.

The main method of mitigating this challenge that we have seen so far – in both public and private sector initiatives – is the formation of/use of trusted third parties. These third parties can act as intermediaries to facilitate the exchange and processing of data, as well as sending of alerts between banks.

Some examples of this approach from the EU

Invidem is a Nordic KYC processor that provides a secure platform for data exchange and compliance monitoring. They specialize in customer onboarding, and KYC verification and maintenance. Invidem was founded in 2019 by six of the major banks in the Nordic countries as a joint initiative to address challenges in AML regulations for the Nordic market.

Transaction Monitoring Netherlands (TMNL) is a utility that is jointly owned and governed by the participating banks as briefly discussed in the previous article. Founded under the umbrella of the Dutch Bankers Association (Nederlandse Vereniging van Banken), it is now a standalone entity supported by the major Dutch banks.

These third parties can help to address the challenge of building trust and cooperation between banks by providing a neutral platform for data exchange. They help ensure that individual firms do not need to hold or access more data than they need and that all participating banks have equal access to the benefits of a shared compliance utility.

Clear guidelines needed

In addition to the intermediary, it is also important to establish clear guidelines for data sharing and use. Banks should have control over how their data is shared and used, and there should be clear rules around data security and privacy protection. This could include limiting access to sensitive data on a need-to-know basis and implementing robust security controls to prevent unauthorised access.

One important aspect to note from both these initiatives is that they are limited to monitoring commercial entities’ transactions. For legal and other reasons, a general purposes screening utility that also covers retail customer transactions appears out of reach for now, regardless of the potential and ambitions in both these regions.

In the next part of this series, we will address the greatest challenge of establishing a shared compliance utility: ensuring data security and privacy.