The foundations for AML partnership in Ireland - Remarks by Deputy Governor Derville Rowland

These remarks were delivered at a Future of Financial Intelligence Sharing Event, 25 September 2024, Dublin.

Good morning. It is a pleasure to be here with you today at this Future of Financial Intelligence Sharing event to discuss the development of Partnerships for Information Sharing under the EU’s new AML Regulation.

We are at an inflection point in the journey of financial crime prevention. On the one hand, criminal networks in Europe are increasingly seeking out new opportunities for their own interests and exploiting new technology to grow their operations and launder money faster than authorities can keep up.¹ The increasing speed of deception and the complex spectrum of financial crimes is extremely challenging for authorities and law enforcement alike – and as we know, can have devastating effects on the lives of innocent citizens.

On the other hand, the creation of the EU Authority for Anti‑Money Laundering and Countering the Financing of Terrorism - AMLA - offers us a unique opportunity to grasp the nettle of regulatory fragmentation and eliminate the weak points in the current European AML/CFT Framework. I have spoken previously about what is required to set up AMLA for success.² But in terms of today’s topic, I would highlight 3 things that are required to make the new AML package a success.

Firstly, AMLA and national supervisors need to encourage and support the establishment of Partnerships for the Sharing of Information.

Secondly, the responsibility for making Partnerships for Information Sharing work under the AML Regulation does not rest on Authorities alone. Partnerships are not possible without the private sector playing its part.

Thirdly, AMLA and national authorities, including law enforcement, must work in collaboration to raise standards and act as a catalyst for innovative solutions – including around data sharing – to support the fight against money laundering and terrorist financing.

As you may be aware, a central theme of the Central Bank’s Strategy is being Future-Focused. This is why we are evolving our regulatory frameworks and structures to move towards a system of truly integrated supervision (prudential, conduct, AML/CFT) which we believe will strengthen our abilities to protect consumers and investors. Being Future Focused also means being focused on technology, of course. We recognise the many potential benefits and opportunities that technology brings to financial services, consumers and investors in Ireland and in Europe. It is important that these benefits can be realised, whilst also ensuring that the risks are well understood and managed - including the risk that these new technologies are used by criminal actors for illicit purposes. Regulation plays a crucial role in the safe, and therefore enduring, adoption of innovation into the system.

Innovation has brought in new entrants, new products and new ways of serving customers and the economy. As a result, technological innovation continues to be a focus for the Central Bank. This is one of the reasons why we have enhanced our innovation facilities, so that we can continue to engage, learn and develop a deeper understanding of the ecosystem, the opportunities, the benefits and the risks. Our goal is to evolve and iterate so that we continue to regulate and supervise effectively.

In the context of AML, history has however taught us that no system is entirely ‘future proof’ and so we must be permanently vigilant.  Everyone will be well aware that since the first AML Directive was enacted in 1991, the legislative landscape has continuously developed in line with our understanding of the ML/TF risks. This process of evolution will need to continue beyond the establishment of AMLA and the introduction of the single rulebook. The reality is that no single authority or piece of legislation can contemplate every ML/TF risk or close every loophole. We cannot wipe out financial crime – any more than we can wipe out car theft, shop-lifting or burglary. But I believe that the establishment of AMLA – working in partnership with national authorities - and the new EU AML/CFT framework, will enable us to become as effective as possible at reducing its impact.

Supervisors and law enforcement authorities alike have long been pointing to the need for financial institutions to share information to combat global criminal networks. There have been a number of initiatives at European level designed to enhance cooperation and the sharing of information. These range from AML/CFT supervisory colleges to Public Private Partnerships such as Ireland’s Joint Intelligence Group and the UK’s Joint Money Laundering Intelligence Taskforce (JMLIT). While these initiatives are welcome, the fact remains that the data held by credit and financial institutions is the most useful in the detection and prevention of financial crime.

The inability of private sector operators to share real time financial crime information with each other is a gap in the system that is actively exploited by criminals.

As pointed out by the Institute of International Finance, the legal limitations imposed on the sharing of financial crime information “are entirely at odds with the realities of criminal operations, which are not bound by – and indeed actively exploit – international borders to evade civil and criminal sanctions. This undermines law enforcement’s ability to build a picture quickly and comprehensively. It also undermines financial institutions’ ability to fully understand their exposure to financial crime risk at a global level”.

Not only do criminals operate without regard to borders, they also routinely use multiple institutions to launder their ill-gotten gains. Consequently, it is increasingly difficult for a single private sector operator to identify suspicious activity in the absence of all the pieces of the “jigsaw”. Information sharing among private sector operators therefore has the potential to improve the quality and accuracy of suspicious activity reporting. This can ultimately reduce the operational burden in processing and analysing large amounts of low quality data that historically has resulted in large volumes of false positives.

Some countries - the UK, the US and Singapore - have taken the lead in enabling information sharing between private sector operators. America’s Patriot 2001 Act is often described as the gold standard on information sharing. Singapore’s digital platform – called COSMIC - enables six major commercial banks to securely share with each other information on customers who exhibit multiple “red flags” that may indicate potential financial crime concerns.³

Article 75 of the new AML Regulation, while not as broad as the information sharing provisions in the USA and Singapore, enables for the first time the sharing of certain confidential information between private sector operators under the auspices of what are known as “Partnerships for Information Sharing”.

As one would expect, Article 75 contains a number of caveats and establishes a number of important guardrails designed to strike the balance between effectively combatting money laundering and terrorist financing and protecting the privacy and the data of all EU citizens. One such guardrail is the requirement that information can only be shared within a Partnership provided the information relates to customers deemed to be higher risk and the information sharing is strictly necessary for the purposes of meeting AML/CFT obligations.

Another safeguard is the requirement that Partnerships for Information Sharing must be verified in advance of their establishment by the AML/CFT supervisory authorities in collaboration with Data Protection Authorities.

Successfully navigating the complex set of safeguards and fully realising the full potential intrinsic in Partnerships for Information Sharing will require a coalition of actors working in unison and with ambition.

So what specifically will be required of this coalition of actors? Let me start with the role of AML/CFT supervisors.

In the first instance, it is essential that national AML/CFT supervisors encourage the establishment of Partnerships for the Sharing of Information through the development of clear guidance in addition to a verification process that is accessible, transparent, and capable of evolving over time. At the Central Bank, notwithstanding the fact that the AML Regulation will not be applicable until July 2027, work is well underway on developing the necessary framework and governance procedures.

The verification process will require not only the review of the application to ensure that it conforms with the requirements of Article 75 but will also require the Central Bank to consult our colleagues in the Office of Data Protection Commissioner in relation to the Data Protection Impact Assessments (“DPIA”). It will also be necessary to for the Central Bank to consult with the Financial Intelligence Unit where necessary.

In addition to fulfilling our statutory role in verifying Partnerships for Information Sharing, in my view there is an additional and equally important role that AML/CFT supervisors must play in order to realise the full potential of Article 75 AML Regulation.  That is our role in fostering and supporting the development and adoption of technologies that facilitate the sharing of sensitive information through the use anonymisation technologies. The so-called Privacy Enhancing Technologies (PETs) have the potential to revolutionise information sharing between private sector operators. AML/CFT supervisors such as the Central Bank of Ireland can, I hope, act as a catalyst for the development and implementation of such technologies.

One such way the Central Bank can do this is by continuing to enhance our engagement with innovation in financial services. In 2018, we launched the Innovation Hub for firms to engage directly with the Central Bank on innovation. Since the launch of the Innovation Hub, the innovation ecosystem has continued to develop at pace in Ireland and abroad. In line with the continuous development of the innovation ecosystem, we also have continued to deepen our approach by enhancing our Innovation Hub and outreach programme.

This involves, firstly, enhancing the role of our Innovation Hub to deliver deeper, clearer and more informed engagement with the innovative ecosystem. Secondly, we are establishing an Innovation Sandbox Programme to inform the early stage development of selected innovative initiatives which are consistent with our public policy objectives.

In July, we announced the theme of our first Innovation Sandbox Programme that is very relevant to our discussion today, that of combatting financial crime. The Sandbox Programme will focus on the use of innovative technology to foster and develop solutions that minimise fraud, enhance AML/CFT frameworks, and improve day-to-day transaction security for consumers.

As part of our announcement of the theme, we issued a set of Problem Statements for interested applicants to consider. One such Problem Statement deals with information sharing within the financial system, and how technology providers and other stakeholders can enhance the effectiveness of AML/CFT efforts.

Today, the Central Bank is publishing a Call for Applicants to our Sandbox Programme. We are also making available on our website additional guidance on applying for the programme, an application form and some anticipated Frequently Asked Questions.  If you are a firm developing a product or service that uses innovative technology to combat financial crime, I would invite you to consider making an application. More information on the Sandbox Programme can be found on the Central Bank’s website. The Sandbox Programme will commence this December and will take place over the following six months.

As with our Sandbox, the responsibility for making Partnerships for Information Sharing work under the AML Regulation does not rest on Authorities alone. Partnerships are not possible without the private sector playing its part. It is for private sector operators to decide on when it is appropriate to establish a Partnership and who the participants of such a Partnership should be.

It will be for the participants to demonstrate how the information that it is proposed to be shared is necessary for the compliance with AML/CFT obligations, relates to high risk customers and is compliant with the Article 75 of the AML Regulation. Participants must also be in a position to demonstrate the measures that have been put in place to ensure that all instances of information sharing will be appropriately documented and that Financial Intelligence Unit consent will be obtained where necessary. Importantly, individual participants in a Partnership must be able to demonstrate that any decisions made in respect of a customer/business relationship are not solely based on information shared in a Partnership.

Let me conclude I would again highlight the 3 things we must do to make this a success. Firstly, AMLA and national supervisors need to encourage and support the establishment of Partnerships for the Sharing of Information.  In my remarks today I have given some examples of how we can do that.  Secondly, the responsibility for making Partnerships for Information Sharing work under the AML Regulation does not rest on Authorities alone. Partnerships are not possible without the private sector playing its part.  And finally, AMLA and national authorities must work in collaboration to raise standards and act as a catalyst for innovative solutions in the fight against money laundering and terrorist financing.

I would like to thank you all for participating in today’s event and for your continued commitment to fight against financial crime. I truly believe that the use of innovative technology to minimise fraud, enhance AML/CFT frameworks, and improve day-to-day transaction security for consumers is critical to prevent criminal actors abusing the financial system.  The Partnerships for Information Sharing under the AML Regulation have an important role to play in this regard and present a monumental step forward in Europe’s fight against financial crime. Today’s event is an important first step in realising this aim.

Thank you.

¹Europol (2023), European Financial and Economic Crime Threat Assessment 2023 - The Other Side of the Coin: An Analysis of Financial and Economic Crime (PDF 4.14MB). 

²Derville Rowland, Setting up the new EU Anti-Money Laundering Authority for success - Remarks by Deputy Governor Derville Rowland, European Anti-Financial Crime Summit.

³COSMIC stands for “Collaborative Sharing of Money Laundering/Terrorism Financing (ML/TF) Information & Cases”.