Processing Content
- Key insight: Keeping financial information siloed at individual institutions severely restricts the banking industry’s collective ability to stop illicit finance.
- Expert quote: “Robust and appropriate sharing” of transaction records and data “amplifies financial institutions’ collective ability to detect, prevent and mitigate illicit finance activity,” according to FinCEN.
- Forward look: FinCEN’s proposed rules aim to push banks toward a risk-based AML approach that produces highly useful illicit transaction data for law enforcement.
Overview bullets generated by AI with editorial review
The International Monetary Fund warned in a recent working paper that the financial sector’s fight against surging digital fraud is severely hampered by banks’ failure to share threat data across domestic and international borders.
The IMF argued for a shift in strategy toward private information sharing between banks both domestically and internationally.
The paper concluded that “inadequate frameworks for cybersecurity incident reporting” and existing arrangements for domestic and cross-border information sharing severely hamper the sector’s ability to understand and combat these threats.
U.S. banks are hit harder than their counterparts in other countries, according to the March working paper. During the period from 2014 to 2023, the IMF identified 6,479 publicly known cybersecurity incidents across all industries in the U.S. — 46% of the global total of 14,055.
U.S. regulators have long encouraged banks to share suspicious transaction data, and the issue remains front of mind for many of them.
Last week, the Financial Crimes Enforcement Network (FinCEN) issued proposed rules that would have banks implement a risk-based approach in their anti-money laundering programs to direct more attention and resources toward higher-risk activities.
While the rules do not require information sharing, they make several mentions of it, including references to section 314(b) of the USA PATRIOT Act. This section of the law allows banks to share payment transactions with each other when they uncover money laundering, which often has a fraud nexus.
The ultimate goal of the new rules FinCEN proposed is to produce “highly useful information related to illicit financial transactions for law enforcement and national security agencies,” according to the proposed rule.
FinCEN has previously encouraged banks to collaborate to prevent financial crimes, as well.
“Robust and appropriate sharing” of transaction records, customer and account information and investigative materials “amplifies financial institutions’ collective ability to detect, prevent and mitigate illicit finance activity,” according to a September 2025 guidance document from FinCEN.
Crucially, the massive, multinational institutions are not the only ones feeling the pain.
Banks that are not categorized as global systemically important banks endured 87% of the cyber incidents that hit the banking sector during the 10-year period the IMF analyzed in its March study.
As such, information sharing coalitions or systems in the U.S. must include regional and community banks to fully address the vast majority of cyber-enabled fraud.
Silos enabling syndicates
Keeping financial information siloed at individual institutions severely restricts the banking industry’s collective ability to identify and stop illicit finance, according to the September 2025 guidance from FinCEN.
Voluntarily sharing transaction records, investigative materials and customer data allows banks to build a more comprehensive picture of the threats they face, which helps them deploy their compliance programs more effectively against bad actors, according to FinCEN.
Many experts agree that collaboration is essential to stemming the tide of digital crime, which is itself the result of a great deal of collaboration.
Enhanced information and intelligence sharing among relevant stakeholders is a key strategy for minimizing digital fraud risks, according to a November 2023 discussion paper from the Basel Committee on Banking Supervision.
The Financial Action Task Force, an intergovernmental body established by the G7, also warned in a February report that cyber-enabled fraud has grown “exponentially in recent years” and requires “inter-agency cooperation across borders” to improve the response to transnational fraud and scam networks.
However, sharing sensitive customer information across institutional and international borders presents significant legal and regulatory hurdles.
When deciding whether to share data with foreign institutions, U.S. banks must carefully navigate a maze of legal obligations, including the Right to Financial Privacy Act, the Gramm-Leach-Bliley Act, various state-level privacy laws and foreign legal requirements, according to FinCEN.
Despite these privacy hurdles, domestic and cross-border information sharing remains critical to identifying, reporting and preventing financial crime — a position FinCEN held as early as December 2020, when it issued new guidance about federally-protected information sharing.
Swapping data helps banks map out complex financial trails that are layered across numerous institutions and jurisdictions, allowing for more precise decision-making in due diligence and transaction monitoring, FinCEN said in the guidance at the time.
This collaboration alerts participating banks to suspicious activities they might not have detected on their own, allowing the industry to spot emerging money laundering schemes and terrorist financing methods.
Section 314(b) of the PATRIOT Act protects financial institutions from liability when they voluntarily share information with one another about suspected illicit activity, the guidance emphasized.
A bank does not need conclusive proof of a crime, nor does it need to identify the specific proceeds of an unlawful activity, to utilize this safe harbor.
As long as an institution has a reasonable basis to suspect money laundering or terrorist financing, the safe harbor protects the sharing of that information, according to FinCEN.
FinCEN greenlights data sharing
To facilitate this united front, FinCEN issued guidance in September 2025 that actively encouraged U.S. financial institutions to voluntarily share information across borders to combat fraudsters, drug trafficking organizations, and foreign terrorist groups.
Banks sometimes hesitate to share data out of fear of violating the strict confidentiality rules surrounding Suspicious Activity Reports (SARs).
However, FinCEN clarified in the September guidance that, while banks cannot disclose whether a SAR exists, the Bank Secrecy Act does not prohibit them from sharing “underlying facts, transactions and documents upon which a SAR is based.”