Why Real-Time Intelligence Sharing Is Now a Legal Requirement

A decade ago, the notion of regulated financial institutions exchanging crime intelligence in real time seemed far-fetched. Legal barriers were significant, trust between banks was scarce, and collaboration was largely confined to industry conferences or informal personal networks. Today, the landscape has shifted dramatically: regulators are increasingly mandating cross-institution intelligence sharing, and new platforms are demonstrating that nationwide and cross-border data exchange is not only viable but scalable.

Background and Context

The fight against financial crime has historically been fragmented, with institutions working in silos to detect and prevent fraud. However, as fraudsters have automated their activities, the cost of this isolation has grown. According to Salv, a company specialising in financial crime infrastructure, regulators are now moving to enforce cooperation, with mandates expected to take full effect by 2027. This shift transforms information sharing from a competitive advantage into a regulatory necessity, turning what was once a technical niche debate into a cornerstone of financial crime strategy.

Key Figures and Entities

The evolution of this sector is personified by Taavi Tamkivi, CEO of Salv, whose career traces the arc of financial crime prevention. Tamkivi began his work at Skype in 2005 during its rapid growth phase. As the company launched paid services, it faced a surge in credit card fraud. While individual fraud amounts were small—around €10—the sheer volume created a massive data problem. Tamkivi noted that fraudsters were already automating their processes, prompting him to leave his mathematics studies to join Skype’s anti-fraud team.

Later, as employee number 40 at Wise (then TransferWise), Tamkivi encountered early instances of what would become known as authorised push payment (APP) fraud. He observed a critical lack of mechanisms to alert receiving banks when fraudulent funds were transferred. In one instance, when Wise attempted to warn a counterpart bank about stolen funds, the response was to terminate the call. These experiences drove Tamkivi to found Salv, initially focusing on anti-money laundering (AML) tools before pivoting toward collaborative infrastructure.

Crucial support for this ecosystem has come from regulatory and academic bodies. Criminologist Dr. Nicola Harding has emphasised that building trustworthy infrastructure requires the buy-in of diverse stakeholders, including governments, regulators, and the public. In the UK, the Financial Conduct Authority (FCA) played a pivotal role by convening hackathons that brought together banks, lawyers, and technologists to prototype intelligence sharing systems.

Legal and Financial Mechanisms

The mechanics of sharing sensitive financial data are complex, requiring both technical security and legal frameworks. In 2020, Salv ran structured pilots in Estonia involving three parallel workstreams: technical design for secure exchange; legal frameworks co-developed with banks, the Financial Intelligence Unit (FIU), and the Data Protection Inspectorate; and use case mapping to identify valuable data flows.

Tamkivi has articulated a framework for resilient collaboration relying on three components: reliable data that is fresh and unobfuscated; decision engines capable of continuous learning from peers; and real-time action capabilities, such as suspending payments or accounts. Without these pillars, Tamkivi argues, collaboration collapses, signals remain siloed, and criminals outpace the systems designed to catch them.

A major historical breakthrough cited by Tamkivi was his encounter with Ethoca, a platform facilitating early-stage intelligence sharing around chargebacks. While traditional chargeback processing took months, Ethoca enabled near-instant signal sharing. This experience demonstrated that moving intelligence between institutions, rather than locking it within them, was the key to disrupting fraud patterns.

International Implications and Policy Response

The voluntary sharing of the past is rapidly being codified into law. The Payment Services Regulation (PSR) Article 83 requires financial institutions and payment service providers to connect to domestic and international intelligence-sharing networks. Tamkivi emphasised that the regulatory language is unambiguous: “The Payment Services Regulation says that financial institutions and payment service providers shall connect to their domestic and international networks. And by law, this ‘shall’... means must.”

Similarly, AMLR Article 75 extends similar obligations across Europe, mandating pan-European intelligence exchange. This places the duty to connect on the same compliance footing as Know Your Customer (KYC) and AML monitoring obligations. Consequently, the industry is evolving toward a model where intelligence sharing platforms serve as critical infrastructure, akin to the backbone systems like SWIFT or SEPA.

Sources

This report draws on an interview with Salv CEO Taavi Tamkivi and criminologist Dr. Nicola Harding, alongside public regulatory frameworks including the Payment Services Regulation (PSR) and EU anti-money laundering regulations.