Culture, not compliance: why financial institutions still struggle to share intelligence

Pretty much everyone I’ve spoken to in financial crime prevention agrees on the value of intelligence sharing. Between companies and public institutions and across borders, it helps detect fraud earlier, recover stolen funds faster, and disrupt criminal networks more effectively.

Modern regulations fully support it, the technology exists to do it securely, and industry standards are being formed among consortiums… So why are so many financial institutions still hesitating?

After five years building Salv Bridge and working with more than 100 institutions across Europe, I’ve come to a clear conclusion: the biggest barrier isn’t legal or technical. It’s cultural. I want to share what I’ve learned about what really holds organisations back, and how we’ve seen culture shift when leaders are ready to act.

The myth of legal, technical and cultural barriers to intelligence sharing

It’s natural that banks and fintechs are cautious and risk-adverse. They need to be. They deal with sensitive personal data, operate in heavily regulated environments, and face significant reputational risk if they get something wrong.

But the idea that intelligence sharing is legally impossible is increasingly a myth.

In the UK and EU, regulators have laid out clear pathways for compliant, suspicion-led information exchange.

Article 75 of the EU Anti-Money Laundering Regulation, the new Payment Services Directive (PSD3), and national frameworks like the UK’s Economic Crime and Corporate Transparency Act 2023 all point in the same direction. Structured, auditable collaboration between financial institutions is not just permitted, it’s encouraged today and will be mandatory in the future.

The same is true for technology. At Salv, we’ve facilitated thousands of compliant investigations through Salv Bridge. We’ve built the platform with encryption, access controls, predefined templates, and full audit logs. These systems are not theoretical; they’re working in production today.

So when institutions say they’re not ready, it’s rarely about a missing tool or an unclear law. It’s something deeper. Which explains why banks don’t share fraud data more proactively, even when the legal and technical frameworks already exist.

Culture is the real barrier to financial crime collaboration

In my experience, what stops institutions from moving forward is internal uncertainty. Senior compliance leaders often support intelligence sharing in principle, but they’re unsure how to push it through in practice.

The questions they raise are familiar. Things like:

• “How do I explain this to our internal lawyers?”
• “What will our data protection officer say?”
• “How exactly do we update our compliance procedures?”

These are reasonable concerns, but they’re also symptoms of a wider issue. The real blocker is a lack of ownership and precedent. In small companies, people are often selected for their ability to try new things and make decisions quickly.

In large organisations, no one gets rewarded for being the first to interpret regulation differently. The tech might be there, and the legal foundation clear, but the risk of sticking your neck out can feel greater than the risk of inaction.

Which leads to people walking on the edge of regulation, using WhatsApp groups and phone calls to connect with former colleagues they trust. All because it’s easier than getting a proper process and system implemented.

How culture starts to shift

Of course, culture can change. Today’s large financial institutions wouldn’t have survived as long as they have without being able to change when needed. Often it starts with something as simple as getting the right people in a room.

We’ve seen it happen. In Estonia, for example, we worked with compliance teams, operations leads, and lawyers for months. But real momentum came when bank CEOs made it clear that they backed the initiative. Once leadership signalled support, everything moved faster. We saw an important shift in culture within their organisations. That served as an example that other banks took notice of, because they didn’t want to be left behind.

We’ve also learned the value of creating shared language and shared spaces. When we host in-person community sessions, especially ones where regulators are present, trust grows.

People realise that others are dealing with the same challenges. They hear best practices. They see how others have built internal protocols, appointed on-call intelligence responders, and structured data processing agreements. They start to trust each other more, as they see that they’re driven by very similar values. And this encourages people using Bridge to exchange more intelligence.

What needs to happen next

We’re at a turning point. The regulatory direction is clear. The frameworks are already being written. In the EU, PSD3 and AMLA’s rulebook are on the horizon. In different markets across Europe and the UK, momentum is building. But none of that matters if institutions don’t act.

My message is simple: if you’re a CRO, a head of compliance, or a senior leader in a financial institution, now is the time to lead. Review the reasons you and your organisation are actually doing the work you do. Don’t wait for everyone else to move first. Ask your teams: What’s really stopping us? Is it a law, or is it a mindset? And what could we gain — operationally, reputationally, and ethically — by taking the first step?

We’ve seen what happens when institutions stop hesitating and start collaborating. Victims are protected. Losses are prevented. Criminals lose money. And the people doing this work every day see the real, human impact of what they do.

Culture is not an easy thing to change. Changing it can be the most important factor of all.

Frequently asked questions

What are the real barriers to financial crime collaboration between banks?
While many assume the blockers are legal or technical, the real challenges are often cultural. Even when secure platforms and regulatory clarity exist, institutions may hesitate due to internal uncertainty, lack of precedent, or fear of reputational risk.

Why don’t banks share fraud data more often?
Despite regulatory support, many banks hold back due to cultural hesitation. Teams may be unsure how to gain legal sign-off, lack internal protocols, or fear making the first move without widespread industry precedent.

Is intelligence sharing legal under the EU AML regulation?
Yes. Article 75 of the EU AML regulation, along with PSD3 and national frameworks, clearly support suspicion-based, compliant intelligence sharing between financial institutions. These laws are designed to enable collaboration while protecting privacy and due process.

What are the cultural barriers to intelligence sharing in financial services?
Common blockers include unclear internal ownership, fear of misinterpretation, and lack of executive sponsorship. In large institutions, there’s often little incentive to be the first to act — even when doing so would help prevent harm.

How can culture around compliance and collaboration be changed?
Change often begins when leadership actively backs initiatives and cross-functional teams build shared language and trust. Creating internal clarity, engaging legal and compliance early, and learning from peers are key steps.