Across Europe, trillions of euros are moved every day. In the shadow of these mostly ordinary transactions, criminals exploit gaps no human can watch alone.
“Being able to identify FinCrime and stopping it are two different things, often involving many parties,” says a spokesperson from RelyComply. Banks, payment providers, and law enforcement each hold a piece of the puzzle. Yet without seamless intelligence sharing, suspicious activity can slip through the cracks, vanishing before it triggers an alert.
In this quiet, invisible chase, seconds matter: and clarity, rules, and technology are the only way to keep pace.
The EU’s Anti-Money Laundering Regulation (AMLR) and the upcoming 3rd Payment Services Directive (PSD3) aim to close these gaps, providing a legal and technical framework for secure, cross-border intelligence sharing
Why AMLR and PSD3 matter
For years, European banks have faced a patchwork of privacy and financial crime rules, leaving gaps for criminals to exploit.
“With the ecosystem remaining siloed and not picking up the warning signs through payments or blacklisted customers, launderers will step up and run at a speed where catching up is impossible,” the RelyComply spokesperson warns.
AMLR and PSD3 aim to fix that, creating standardised rules for cross-border data sharing, access to beneficial ownership information, and clearer legal frameworks.
Legal clarity for data sharing
Maximilian Riege, Chief Risk Officer at Hawk, explains the reforms’ backbone, “Art. 75 EU AMLR and Draft Art. 83 EU Payment Service Regulation (PSR), which would complement the 3rd Payment Service Directive (PSD3) once enacted, provide the long-needed legal framework for moving data sharing from an unsecure legal grey zone into a regulated environment for fighting financial crime. By setting common standards and clarifying the legal basis for collaboration, they allow regulated institutions, like banks and payment providers, to exchange intelligence without fear of overstepping data-protection rules.”
These measures aim to make intelligence sharing not just legal, but routine, across all 27 member states.
RelyComply explains, “In that light, the EU’s AMLR and PSD3 are at least looking to standardise a widespread approach across its member states: creating a more substantial rulebook for data exchange across borders; tailored access to beneficial ownership information where appropriate; and ultimately more transparency around legal frameworks.”
The role of RegTech
Technology is the enabler of secure, fast, and compliant sharing. Riege notes, “RegTech makes compliance scalable, turning regulatory complexity into automated, real-time intelligence. It reduces cost, ensures auditability, and allows institutions to keep pace with both regulatory demands and criminals’ tactics.”
Automated monitoring, reporting, and data pipelines allow banks to detect suspicious activity in real time.
But technology cannot solve every challenge. “Even with new rules, privacy conflicts and inconsistent enforcement in different EU member states remain real risks. Regulated institutions need to align on common standards and data formats to facilitate automated data exchange without creating new vulnerabilities,” Riege cautions.
Firm alignment
According to RegTech firm Salv, AMLR has already been approved and goes live across the EU in less than two years — and in many places, it’s already being implemented.
“At Salv, we’ve aligned with Article 75 for quite some time now. It’s the legal foundation we use to support cross-border collaboration on financial crime. In fact, we’ve built a full legal guidance document for institutions who want to understand how to share data safely under this regulation.”
The company noted that there are three elements that make Article 75 so important. Firstly, the Article is explicitly cross-border – something which is crucial, Salv details, as most financial crime isn’t contained within a single country — and most fraud isn’t.
“Second, the networks can be industry-led. That means public–private partnerships, banking associations, or private consortiums can drive the actual collaboration. Regulators need to make sure these networks exist, but they don’t have to run them. That flexibility is useful,” said Salv.
Third, Article 75 sets a governance standard. “Article 75 isn’t just about legal permission — it’s about ensuring the right operational and technical safeguards are in place. In practice, we think about it in terms of two main models: real-time collaboration between institutions (like messaging around specific fraud cases), and suspicious entity screening (where banks check customers or payments against a shared pool of risk indicators). We’ve built Salv Bridge to support both of those models,” said the Estonian RegTech firm.
Another key question is how PSD3 and the PSR are able to enable more secure fraud data sharing between institutions.
Salv answered, “One thing to keep in mind is that PSD3 is about payments, not just fraud. That’s the primary focus. Fraud prevention and reimbursement are part of it, but it’s broader than just compliance. It’s a structural reform of how payments work across Europe. So far, most people know PSD2 for things like open banking — and this next evolution brings a tighter, more harmonised framework across the EU.”
In this space, the firm remarked, the main story is around reimbursement and fraud liability. “If the current wording stays in place, we’ll see much stronger obligations for payment service providers to cover impersonation fraud losses — with less room to push liability downstream. That creates both pressure and opportunity.”
The firm highlighted in line with this that the European Parliament wants PSPs to stop scams before they happen. Their draft proposals go well beyond reimbursement. “They want real-time data sharing about fraud risks, flagged IBANs, mule accounts, and more — with short implementation deadlines and an IT platform operated by the EBA. It’s a big shift.”
The firm concluded, “Once PSD3 is finalised, I believe it’ll become as big a driver for data sharing as Article 75 has been.”
AMLR and PSD3 in action
These reforms are ultimately expected to provide tangible practical benefits. The introduction of AMLR harmonises EU rules, increases beneficial-ownership transparency, and empowers FIUs to analyse and suspend suspicious activity more efficiently, while AMLA coordinates supervision and facilitates cross-border intelligence sharing.
As Flagright‘s CEO and founder Baran Ozkan notes, “In parallel, the draft PSR allows PSPs to join structured data-sharing schemes for fraud prevention and pushes industry toward confirmation-of-payee checks, which together create a legal and technical path for timely, privacy-aware signals across institutions.”
Still, sharing data carries risks. Over-sharing can breach privacy; under-sharing lets criminal networks persist; while poor validation can trigger false positives.
Ozkan stresses the importance of careful design, “Shared intelligence should rely on minimised, hashed identifiers, strict access controls, lineage on every contribution, and continuous outcome testing so firms can prove that sharing reduced loss and did not degrade fairness.”
When implemented effectively, these structured sharing mechanisms allow banks and payment providers to act on suspicious patterns much faster, turning fragmented alerts into coordinated intelligence.
The combination of harmonised rules, technological safeguards, and strict governance ensures that insights move across borders without compromising privacy or compliance.
In practice, this means transactions that might have previously slipped through the cracks are now flagged, verified, and escalated before harm occurs.
Hawk’s Riege notes: “Shared intelligence can dramatically shrink the blind spots in transactions monitoring and fraud prevention. It can also help level the playing field with organised crime, which already acts globally and cross-borders with a huge network of collaborators. However, this race is never over, and governance and data quality need to keep pace.”
Still, sharing intelligence is not just a technical or regulatory challenge, it’s a cultural one. Even with robust frameworks, the effectiveness of AMLR and PSD3 depends on whether institutions treat compliance as a proactive safeguard rather than a box-ticking exercise.
In practice, that means fostering collaboration across departments, aligning incentives, and maintaining discipline in monitoring suspicious activity.
A RelyComply spokesperson affirms, “More and more regulations will not solve the data-sharing conundrum. On top of them, enhanced intelligence sharing maintains close partnerships between all those who track suspicious activity from source to prosecution.”
A blueprint for collaboration
Ultimately, AMLR and PSD3 are not just rules, they act as a blueprint for coordinated action.
“Concrete regulations for financial data sharing and technologies that adapt accordingly to this issue are paramount to effectively identifying FinCrime, and therefore taking the whole system from reactive to proactive in this data-driven landscape,” the RelyComply spokesperson says.
With proper execution, institutions can anticipate crime rather than simply react to it, protecting customers and the financial system alike. Every second counts, and now banks can stay one step ahead.
Copyright © 2025 FinTech Global
Copyright © 2018 RegTech Analyst
