It’s been two months since the launch of AML Bridge Estonia - the pilot project between four of the largest financial institutions in Estonia. Salv aims to build a decentralized network for sharing AML intelligence between the banks involved. Time has flown by, but that’s what happens when you’re doing something you really believe in. So, what’s been happening?

How AML Bridge Estonia is managed

Before anything great can happen with any project, it’s important to agree on what the goal of the project is, what steps are necessary to reach this goal, and how the different project participants can contribute.

Our project involves three types of stakeholders: Salv builds the technological solution, banks highlight the practical issues with current information sharing methods and tools, regulators and advisors (the Data Protection Inspectorate, the Financial Intelligence Unit, and the Financial Supervision and Resolution Authority) provide feedback in the context of their expertise.

Results will already be published within half a year of the launch. This means that every minute spent together counts. To make sure all parties can invest their time in the most effective manner possible, we’ve come up with a governance model that allows for just that. Project activity takes place in two working groups - the active working group that consists of Salv AML Bridge product team members and AML specialists from participating banks; and the steering group, where Salv team members communicate with banks’ decision makers (MLROs) and regulators. A two-level system ensures that:

  1. Salv’s product team has real-time relevant input from the future users of the product and quickly acquire the necessary feedback and approvals.
  2. Key decision makers are kept up to date each week by the active working group, but don’t need to commit so much time. They can make quick and well-informed decisions regarding the overall course of the project. aml_bridge_project_governance.png

The current governance model and work-flow is the result of careful communication between all parties and has proven to be perfect for the needs of the AML Bridge project.

The first uses of AML Bridge

Already during the pre-project discussions with AML specialists, the imminent need for AML intelligence sharing became clear. The list of cases, where additional AML Intelligence sharing could help catch criminals and make life easier for good customers, is long. There’s much AML Bridge will help with. But one particular instance of data exchange (that’s, in fact, already taking place) stood out as a sore spot so frequently. The steering group simply had to tackle this before anything else - Request For Information (or RFI) data sharing.

What is it? It’s basically the only way financial institutions can currently ask each other for information regarding a suspicious payment/customer. These kinds of information exchanges are restricted to single messages between banks involved (sending or receiving). They should help mitigate possible risk regarding that specific payment/customer. Even though the context for these information exchanges is relatively straight-forward, there is no agreed upon method to exchange the required information. Current information exchange practices are slow, hard-to-use, and/or incompatible. This leads to delays with payment processing and hinders ongoing investigations.

Finding a fast, safe and reliable technical solution for RFI communication has really been a win-win for everyone involved: Salv gets to develop the technical solution that covers the necessary legal and practical requirements, financial institutions will have the means to exchange necessary information in a clear and auditable manner, and good customers won’t have to endure inconvenience due to checks that take a long time due to technical restrictions. Last, but not least, this would also mean that continued suspicions could be escalated to relevant teams more quickly, resulting in faster reactions and more criminals caught.

What’s next?

Besides getting the necessary input for setting RFI Bridge in motion, Salv has been analysing how participating banks store and organise data on Politically Exposed Persons and their Related Close Associates (PEPs/RCAs). It’s become clear that additional intelligence, especially regarding RCAs, would be extremely valuable for all participants. Every bank struggles to maintain accurate information on which of their customers should be considered RCAs. They spend far too much effort and hassle too many customers working solo. Early in the new year, Salv will develop the technological solution for cross-checking PEP/RCA data between participating financial institutions. As the amount of PEPs/RCAs in the banks’ system is significant, it will also be a good opportunity to show the efficiency of decentralised data storage.

In addition to the current AML Bridge Estonia Pilot, Salv has also been planning the first steps to take the AML Bridge concept to other countries. There has already been significant interest from several jurisdictions and the additional funding received (more on that here) that will help Salv scale AML Bridge to many more institutions across Europe.

ISO/IEC 27001 logo
Aicpa logo
GDPR compliant logo
OWASP logo

We build security to our products and organisation from the start. We use security best practices (incl. ISO 27001, CIS etc.) to ensure that our security management system meets the highest standards.

Salv has an ISO/IEC 27001: 2022 certificate, as well as ISAE 3000 compliant SOC 2 Type 2 report.