What’s really holding back AML collaboration and how to fix it
Collaboration across financial service organizations exists today. Credit Reference Agencies (CRAs) gather credit payment information from multiple industries and share it for the purpose of managing new and existing clients. There are some fraud reporting hubs around the world, where known frauds are reported and shared. And collaboration is one of the most repeated ambitions in AML.
Every industry forum, cross-sector initiative, and regulator report reinforces the same point: Money Laundering and Fraud are shared problem that demands a shared response.
There are some limited developments across the world ‘Data Fusion’ programme by the National Crime Agency in the UK and TMNL in the Netherlands. But despite widespread agreement, collaboration for AML rarely progresses past policy statements and pilot proposals and is nearly always limited.
Utilities stall. Data stays siloed. Promising pilots fizzle when it’s time to operationalize. Or run smack into the wall of privacy regulations. Around the world, different institutions continue to miss hidden risks, investigate the same clients in parallel, run the same onboarding checks, and trigger the same alerts separately, inefficiently, and often ineffectively.
Most regulators and FIUs believe that collaboration is key. Most banks want to collaborate. Most compliance teams are open to sharing insights. But the structure around them, the technology, the incentives, the legal and regulatory constraints, isn’t built for it. And unless that structure changes, collaboration will remain stuck where it is now: technically possible, but practically out of reach.
In this blog, we’re looking at what blocks AML collaboration in practice, where progress is happening, and how institutions can finally turn shared intent into shared action.
Barriers to AML collaboration: What’s really getting in the way?
Most institutions aren’t short on willingness to collaborate. But attempts to work together on AML often stall for the same reasons: poor coordination, misaligned regulation, data restrictions, operational blockers, and competing incentives. These challenges are structural, persistent, and visible at every stage of the compliance process.
1. Regulatory misalignment
While FATF provides a global framework for AML/CFT, enforcement and interpretation still vary widely across jurisdictions and even between banks within the same country. These differences make joint initiatives legally complex, particularly when customer data or model outputs are involved. Without clearer regulatory guidance, collaboration often feels more like a liability than a solution. With regulators unwilling to move beyond guidance for organizations, collaboration, while deemed important, is not prioritized.
2. Data privacy and legal risk
Sharing customer information across institutions raises serious compliance concerns. Data protection laws such as GDPR and CCPA place strict limits on access, usage, and retention. Even anonymised datasets can carry risk. Institutions are rightly cautious because the cost of getting it wrong is high, both in reputational terms and regulatory response. While limited safe harbors exist, such as the U.S. PATRIOT Act’s Section 314(b), which allows banks to share information related to money laundering or terrorist financing voluntarily, these are narrow in scope and heavily regulated. In this environment, perceived control over data tends to outweigh any collaborative gain.
3. Internal fragmentation
Cross-institutional collaboration assumes alignment inside each organization, but that’s rarely the case. Risk, compliance, operations, legal, and technology teams often pursue different priorities. Business units operate on separate systems and timelines. These internal divides make it difficult to engage with external partners in a consistent or sustained way.
The challenge is magnified for institutions operating across jurisdictions, where data residency laws, regulatory expectations, and local governance frameworks can prevent even internal cross-border data sharing, making unified responses to financial crime operationally and legally complex.
4. Inflexible infrastructure
Even if Legal and Risk departments could reach an agreement about sharing data, which is a big ‘if’, many institutions lack the necessary systems to collaborate, despite the intention. Data sits in fragmented formats. Interfaces are outdated or incompatible. In some cases, the relevant information can’t be surfaced or exported at all without significant reengineering. Add in concerns around vendor onboarding, cloud governance, or information security, and the effort becomes hard to justify.
5. Competitive pressure and reputational caution
AML collaboration demands a level of transparency most institutions aren’t comfortable with. Strangely, for this author, risk functions consider that stopping money laundering in their institution is a competitive advantage. While that would not even register as an advantage in the commercial and product functions. So even sharing transaction patterns or control frameworks, in part, can feel like exposing risk and putting the organization at a disadvantage.
There’s also the question of client trust. Confidentiality obligations and commercial sensitivities can make data-sharing unacceptable, regardless of purpose. Without strong safeguards and clear boundaries, collaboration remains a reputational risk.
6. Ambiguous ownership and limited return
Consortia and shared platforms often stall over basic questions: Who governs the model? What is the governance and rule structure? Who absorbs the cost? How are decisions made, and by whom? For smaller participants, the return isn’t always obvious, and they may feel put upon by larger organizations. For larger ones, there may be the hubris of I am bigger than everyone else and will not get value from collaboration. Without a clear operating model and a reliable benefit for all sides, most initiatives lose momentum before they can deliver anything.
Despite these challenges, some collaboration models have moved forward, and a closer look at where they’ve succeeded or failed reveals a common thread.
When AML collaboration works and when it doesn’t
The pattern is familiar. Institutions set out to collaborate, only to run into the same structural barriers. But not every effort has failed, and the few that have succeeded offer a clear signal of what’s required.
Below are four examples that illustrate where progress has been made, where it’s broken down, and what separates the two.
✅ What worked: ACIP (Singapore)
The initiative:
The Monetary Authority of Singapore (MAS) established the AML/CFT Industry Partnership (ACIP), bringing together banks, regulators, and law enforcement to address key financial crime threats, particularly in areas like trade finance and shell company risk.
Why it gained traction:
- Regulatory support was baked in from the start. MAS provided legal clarity around participation and data usage.
- The scope was specific. ACIP didn’t attempt to solve all of AML at once. It focused on targeted typologies where collaboration could directly improve detection.
- Information was shared in a way that protected privacy and institutional boundaries. Banks contributed insights, not raw data.
What this tells us:
Collaboration works when it’s regulator-backed, narrowly focused, and designed to avoid unnecessary risk exposure.
❌ What failed: SWIFT’s Transaction Monitoring Utility
The initiative:
SWIFT proposed a shared platform that would allow participating banks to identify suspicious activity across institutions, building on its existing KYC Registry.
Why it failed to take hold:
- There was no clear legal framework to support the sharing of transaction data at this scale.
- Institutions feared that exposing their alerts or monitoring gaps could damage reputations or invite regulatory scrutiny.
- The utility relied on high participation to function, and that participation never materialised.
What this tells us:
If trust and legal protection aren’t addressed from the outset, even well-known infrastructure players struggle to deliver collaborative tools.
✅ What Worked: NCA Data Fusion (UK)
The initiative:
The UK’s NCA Data Fusion programme enables banks to share suspicious activity insights with the National Crime Agency securely. Using advanced analytics, it uncovers cross‑bank typologies such as mule networks, fraud rings, and complex layering in real time.
Why it succeeded:
- Law enforcement embedded – Led and overseen by the NCA, ensuring legal backing and direct regulatory support.
- Targeted use cases – Focused on high‑impact typologies rather than wholesale data pooling.
- Limited Sharing – Participating banks share typology insights rather than unrestricted raw customer data, reducing legal risk.
❌ What failed: Nordic KYC Utility
The initiative:
Banks in the Nordic region attempted to build a shared KYC utility to streamline onboarding and reduce duplication.
Why it stalled:
- Disagreements over governance and control meant key decisions couldn’t be made.
- Institutions struggled to agree on cost allocation, with unclear return on investment for smaller players.
- Harmonising legacy systems proved more complex than expected, leading to delays and integration fatigue.
What this tells us:
Without strong shared governance and a sustainable funding model, collaboration projects tend to stall before they scale.
❌ What failed: TMNL (Netherlands)
The initiative:
Transaction Monitoring Netherlands (TMNL) was a joint venture of five Dutch banks to pool encrypted transaction data and identify money laundering patterns across institutions.
Why it failed:
- Regulatory shift under AMLR – The new EU Anti‑Money Laundering Regulation (AMLR) introduced stricter rules on cross‑institutional data sharing, which TMNL’s model could not fully meet.
- Cross‑border uncertainty – Even within a single country, data sharing across international branches raised questions under local secrecy and privacy laws.
- Complex governance – Multiple banks, differing risk appetites, and alignment with supervisors proved difficult to sustain.
Result: TMNL announced a wind‑down of its current operations in 2025 and plans to redesign its model for compliance with AMLR, targeting a relaunch by 2027.
Lesson: Collaborative initiatives that rely on pooled transaction data face significant legal and operational risk if regulatory alignment isn’t locked in from the start.
❌ What failed: Blockchain-based KYC pilots
The initiative:
Multiple banks explored blockchain-based models for decentralised identity and KYC sharing.
Why they didn’t progress:
- Interoperability issues between different blockchain protocols limited adoption.
- Regulatory uncertainty made it hard to proceed beyond the pilot stage.
- Legal teams remained uneasy about how decentralised identity systems could be audited, governed, or held accountable.
| Initiative | Jurisdiction | Approach | Why It Worked / Failed | Key Lesson |
| ✅ ACIP (AML/CFT Industry Partnership) | Singapore | Regulator-led forum for banks, regulators, and law enforcement to share typology insights | Worked – Legal clarity from MAS, narrow focus on typologies (trade finance & shell companies), privacy preserved (no raw data shared) | Collaboration works when it is regulator-backed, narrowly scoped, and privacy-preserving |
| ❌ SWIFT Transaction Monitoring Utility | Global | Proposed shared transaction monitoring platform leveraging SWIFT KYC Registry | Failed – No clear legal framework, reputational risk from sharing alerts, dependent on critical mass that never materialised | Trust and legal protection are prerequisites for large-scale collaborative utilities |
| ✅ NCA Data Fusion | UK | Banks share suspicious activity insights with NCA for cross‑bank typology detection | Worked – Law enforcement embedded, high‑impact typology focus, sharing limited to insights (not raw data) | Embedding regulators and law enforcement enables safe, targeted collaboration |
| ❌ Nordic KYC Utility | Nordics | Shared utility for KYC/onboarding to reduce duplication | Failed – Governance disputes, cost allocation issues, complex IT harmonisation led to delays | Shared governance and sustainable funding are essential for scaling collaboration |
| ❌ TMNL (Transaction Monitoring Netherlands) | Netherlands | Pooled encrypted transaction data for cross‑bank AML pattern detection | Failed – AMLR regulatory shift, local secrecy and cross‑border complexity, multi‑bank governance friction | Regulatory alignment and governance must be secured before operational rollout |
| ❌ Blockchain‑based KYC Pilots | Multiple | Decentralised blockchain-based identity and KYC data sharing | Failed – Interoperability gaps, regulatory uncertainty, unclear governance and auditability | Novel tech doesn’t replace legal clarity or operational governance |
What this tells us:
Technical novelty doesn’t solve structural problems. Without legal clarity and clear governance, emerging technologies struggle to gain institutional traction.
So what separates the few that succeed from the many that don’t? It comes down to how collaboration is structured, governed, valued, centrally coordinated, and made operational.
Federated learning: AML collaboration without exposure
Most collaboration efforts stall when they ask institutions to trade control for insight. The control of proper systems and controls for risk management is the explicit responsibility of the organization. Federated learning removes that trade-off. It enables banks to contribute to and benefit from shared intelligence without exposing customer data or relying on centralized infrastructure.
The method is straightforward: each institution trains the same model locally, on its own data. No transaction records or client files are exchanged. Only model updates are shared, and even these are encrypted and stripped of sensitive detail.
In the context of AML, this approach delivers three key advantages:
#1. Data and decision‑making stay under institutional control
At no point does customer data leave the bank, and participation is entirely opt-in and revocable. This eliminates the legal, reputational, and operational risks that have held back previous collaboration attempts. There’s no need to move data to a central platform, navigate complex consent requirements, or adjust internal retention policies. Each institution remains fully accountable for its own data. Models travel, not data, which neutralises the legal and reputational risks that crippled earlier centralised initiatives.
#2. Broader behavioral patterns improve detection
Multiple institutions’ data shape the model. That means it can detect typologies that wouldn’t register in a single bank’s dataset, such as dispersed mule activity or multi-jurisdictional layering. In early deployments, this has led to a threefold increase in SAR-worthy alerts without increasing overall alert volumes.
#3. It meets internal and regulatory scrutiny
Federated models are fully auditable. Institutions can trace which risk indicators influenced a given output, how thresholds were applied, and how the model behaves across different client segments. This supports internal governance and satisfies the documentation standards expected by regulators. Explainability isn’t a bolt-on. It’s embedded in the model design.
#4. Scalable and future‑proof collaboration
FL allows institutions to join or leave without disrupting the ecosystem. As new typologies emerge, such as crypto‑linked laundering, new models can be added to the federation without retraining everything from scratch or moving historical data.
The operational impact has been significant. Participating institutions have reported 75% improvements in analyst efficiency and 4x detection uplift thanks to better alert prioritization and triaged caseloads. False positives are materially reduced, and typology detection expands beyond what any one bank could achieve alone.
AML collaboration fails because it’s built the wrong way
There’s no question that financial crime can’t be tackled in isolation. Every institution sees only part of the picture. And while regulators continue to encourage collective action, very few joint efforts have made it into live environments, let alone delivered consistent results.
Collaboration often asks institutions to compromise on control, data security, legal clarity, or operational fit. And when that’s the price of entry, most opt out.
What’s working now looks different. It doesn’t rely on shared data utilities or cross-border data transfer. It doesn’t assume that institutions will align their risk models, technology stacks, or governance frameworks overnight. Instead, it reflects the reality: collaboration needs to be private by design, aligned to specific outcomes, and usable inside live compliance operations.
Federated learning is proving to be one of the few approaches that meet those criteria. It keeps data in place, respects legal boundaries, and produces outputs that institutions can act on and explain.
The lesson is simple: if collaboration is to succeed, it has to be designed for the world institutions operate in today, and not the one they wish they had.
Our federated learning model is already enabling institutions to collaborate at scale, without compromising privacy, control, or regulatory alignment. Get in touch today to learn more.
