information sharing 5 min read

What financial institutions get wrong about intelligence sharing (and how to fix it)

Taavi Tamkivi
Taavi Tamkivi
CEO and Co-founder

This article by Taavi Tamkivi looks at the most common misconceptions we hear related to financial crime intelligence exchange, and how we’ve seen them resolved.

Key takeaways

  • Intelligence sharing between financial institutions is legal under EU and UK regulations
  • The biggest blockers are internal: unfamiliarity, legal caution, and operational uncertainty
  • Starting small and involving legal teams early can accelerate adoption *Financial and reputational incentives make collaboration more urgent than ever

At banks and fintechs across Europe, almost everyone I meet agrees that we need to work together to fight financial crime. And, in my job, I hear from a lot of people that are convinced by the concept of intelligence sharing, but when conversation turns to what we can do about it, they feel stuck.

Perhaps they are worried about their legal team, the work it would create to get going or where it fits within their current setup.

Those concerns are genuine but, in my experience, they’re eminently solvable. At Salv, we’ve helped 118 financial crime teams work through them. Here are the most frequent misconceptions we hear – and how we’ve seen them resolved.

This is very common and understandable. Financial institutions operate under GDPR, AML directives, national regulations, and internal policies. The stakes are high. But here’s the reality: suspicion-led intelligence sharing between regulated financial institutions is not only legal, it’s increasingly encouraged.

Article 75 of the EU’s Anti-Money Laundering Regulation sets out clear parameters for structured collaboration. UK regulators have taken a similar stance with the Economic Crime and Corporate Transparency Act 2023.

In both cases, the key is to ensure exchanges are proportionate, auditable, and secure. What’s shared isn’t raw data or full account histories. It’s targeted intelligence tied to a specific case: information with context, used to prevent or investigate crime.

The frameworks to make that happen exist. We’ve facilitated thousands of compliant exchanges across Europe through Salv Bridge. The challenge is making them real at the operational level.

2. “We don’t have the technology or infrastructure”

That brings us to the next obstacle: ok, there’s no legal obstacle, but the technology isn’t available, or our systems are too old or incompatible. Again: that can be managed. Purpose-built platforms like Salv Bridge exist and are in use today. Since 2021, Bridge has facilitated over 56 thousand intelligence exchanges. It’s mature, audited, and secure.

Operationally, the difficulty is often internal adoption, not technical capability. Institutions worry about who should own the process, how to define escalation paths, or how to track requests. But again, there are working models already in place.

The important thing is don’t start big. Many institutions begin with one or two use cases, such as fraud recovery or enhanced due diligence, and expand once the structure is proven.

3. “Our lawyers and compliance teams won’t agree”

This is related to the first point — and again, it comes from a reasonable place. These teams are rightly focused on privacy, liability, and reputational risk. But what they often lack is familiarity with what’s possible.

We’ve seen this concern resolved with clear documentation and shared examples. Our recently published guidance document outlines the compliance framework in detail. And within our community, we see banks sharing example policies and templates (with sensitive details redacted) to help others navigate internal approval.

It’s vital to involve legal, compliance, and data protection teams early. When they’re involved at the outset, rather than being asked to sign off a completed project, the conversation is more productive. And the path has been trodden. Institutions across multiple jurisdictions have shown the way.

4. “It’s too much effort for limited return”

Finally, there’s the question of value. Even those who accept the legal and technical case sometimes wonder if the payoff is worth the effort. The answer is yes, and we see it regularly.

In one case, a single piece of intelligence shared between two institutions led to the recovery of €50,000 that would otherwise have been lost to fraud. The account in question had been flagged and placed on a watchlist. Months later, a payment arrived from a different bank, an alert was triggered, and the resulting investigation saved the funds.

That’s not an isolated example. There are hundreds of successful cases.

With mandatory reimbursement rules in place in the UK, the financial incentive to act quickly has never been greater. But there’s also a reputational and human case. When intelligence sharing works, it protects people, not just institutions.

From misunderstanding to momentum

These misconceptions are based on reasonable caution and a genuine sense of responsibility. But none of them are dealbreakers. What makes the difference is a willingness to engage, to ask for help, and to learn from others already doing it.

If you’re hearing these concerns inside your organisation, I’d encourage you to reframe them: is it really a legal or technical issue, or just an unfamiliar one? Who in the organisation can help move this forward? What’s the cost of not acting?

Intelligence sharing is a vital tool in the fight against fraud. We cannot make use of it without tackling the misconceptions that hold us back.

What happens next?

Practical steps to help you gain momentum:

  1. Involve legal from the start

  2. Start small with one or two use cases — be intentional about what you want to prove

  3. Test for two months or more — share success stories internally to build confidence

  4. Think about intelligence sharing as a core control, not an optional extra. How will it fit into your existing processes?

Ready to take the first step?

Get in touch to learn how intelligence sharing can fit into your compliance workflow

Get in touch

Frequently asked questions

What are the real barriers to financial crime collaboration between banks?

While many assume the blockers are legal or technical, the real challenges are often cultural. Even when secure platforms and regulatory clarity exist, institutions may hesitate due to internal uncertainty, lack of precedent, or fear of reputational risk.

Why don’t banks share fraud data more often?

Despite regulatory support, many banks hold back due to cultural hesitation. Teams may be unsure how to gain legal sign-off, lack internal protocols, or fear making the first move without widespread industry precedent.

Yes. Article 75 of the EU AML regulation, along with PSD3 and national frameworks, clearly support suspicion-based, compliant intelligence sharing between financial institutions. These laws are designed to enable collaboration while protecting privacy and due process.

What are the cultural barriers to intelligence sharing in financial services?

Common blockers include unclear internal ownership, fear of misinterpretation, and lack of executive sponsorship. In large institutions, there’s often little incentive to be the first to act — even when doing so would help prevent harm.

How can culture around compliance and collaboration be changed?

Change often begins when leadership actively backs initiatives and cross-functional teams build shared language and trust. Creating internal clarity, engaging legal and compliance early, and learning from peers are key steps.

×
ISO/IEC 27001 logo
Aicpa logo
GDPR compliant logo
OWASP logo

We build security to our products and organisation from the start. We use security best practices (incl. ISO 27001, CIS etc.) to ensure that our security management system meets the highest standards.

Salv has an ISO/IEC 27001: 2022 certificate, as well as ISAE 3000 compliant SOC 2 Type 2 report.