Summary Payment Systems Broadcast #28: Operationalizing the EU’s Article 75

Insights

16 Apr

As financial fraud and scams accelerate through real-time payment networks, the window for authorities to intervene often collapses before coordination even begins. The introduction of the EU’s Article 75 offers the opportunity to change this entirely, providing a direct mandate for organizations to go beyond reporting to build operational information-sharing systems capable of functioning at the speed of scams.

Moving on from conversations around legal and privacy standpoints in our previous broadcast, session #28 explored Article 75 from a different perspective, offering a technical debrief on the practical engineering and coordination required to break down siloed responses to fraud and align institutional defenses against network-level threats. With guests Taavi Tamkivi, CEO of Salv, and Jon Draper, Director of Financial Crime Solutions at FNA, moderator Carlos León bypassed abstract policy debates to focus on real-world infrastructure. As Carlos established right away, “Article 75 is not a reporting requirement. It is a mandate to build operational information-sharing systems capable of working at the speed of fraud and scams”.

The Anatomy of a Scam and Institutional Blind Spots

To build the systems that defeat modern fraud networks, institutions must first map how these operations work. Tamkivi illustrated the typical trajectory of stolen funds, noting that a victim’s money usually begins in a trusted retail bank before cascading through a rapid, predictable pipeline:

Initial Transfer: Scammers typically move the funds to a smaller domestic bank or neobank.
Cross-Border Movement: The money is then funneled into an international fintech or remittance service.
The Point of No Return: Finally, the funds are pushed into crypto ecosystems or cashed out via ATMs, at which point recovery becomes nearly impossible.

Because these hops leverage modern banking infrastructure, the intervention window is vanishingly small, often measured in seconds or minutes rather than hours. This sheer speed creates a massive structural blind spot for banks further down the chain. Draper pointed out that these institutions only see standard transfers between accounts that otherwise appear to conduct legitimate daily activity. Ultimately, Jon noted, “the first blind spot really is that a lot of the time there is no way for the institutions to even know that they’re part of a money trail from a fraud or scam”.

Overcoming the Coordination Hurdle: The Role of Regulation

If the blind spots are clear, why haven’t institutions simply banded together to fix them? A recurring theme in the broadcast was that structural fragmentation, rather than a lack of technology, is the primary obstacle. Historically, institutions hesitated to share intelligence across corporate lines due to competition, strict interpretations of GDPR, or banking secrecy laws.

However, incoming regulations are fundamentally changing this dynamic. Tamkivi explained that the EU’s AML Regulation (AMLR) and the Payment Services Regulation (PSR) provide vital legal certainty. These mandates grant institutions the legal backing to establish joint risk appetites, define mutual standards, and proactively exchange data without fear of regulatory blowback.

Navigating Governance and Cross-Border Interoperability

While new legislation offers a path forward on paper, real-world execution remains complex. Tamkivi highlighted that many domestic initiatives struggle because banking associations fundamentally misunderstand the law, often confusing a directly applicable EU regulation with a locally implemented directive. Furthermore, institutions are navigating a chaotic vendor landscape filled with conceptual noise rather than proven, market-tested products.

The most significant governance hurdle, however, is cross-border standardization. Taavi cautioned that relying strictly on public sector agreements to define interoperability will likely be too slow and potentially unsuccessful. Instead, he argued that the private sector is much better positioned to establish this common infrastructure, using the telecommunications industry as a powerful parallel. “If you can imagine the GSM mobile network, if each country would have their own network, which couldn’t connect to the other, roaming wouldn’t exist, then it would be a really bad network actually,” Taavi stated.

Network Intelligence: Shifting from Post-Mortem to Real-Time Interception

Once regulatory and governance hurdles are cleared, collaborative systems must be engineered for speed. If institutions want to catch up to criminals, they must abandon siloed detection and embrace real-time network intelligence.

Jon compared traditional, slow information sharing to terrible customer service, where a caller is bounced between departments and forced to re-explain their problem from scratch. In contrast, real-time collaboration ensures that every new alert arrives with its full network context already attached. Jon emphasized the impact of this visibility; it shifts the approach “from one where you are gathering intelligence after the fact, to one where you are racing to catch up and then overtaking the criminals and freezing the funds before they can be moved on”.

Crucially, this system thrives on algorithmic suspicion rather than waiting for hard confirmation from victims and researchers, which can take weeks or never happen at all. By exchanging data based on internal suspicion, institutions can prevent scams from succeeding and generate thousands of valuable data points to train models and flag anomalies in milliseconds.

Crushing the Mule Network Business Model

When the intervention window is successfully compressed from days to minutes, the improvement in real-world results is staggering.

Taavi shared data from an intelligence-sharing network launched in Estonia, where, previously, manual sharing took days or weeks and yielded recovery rates of less than 5%. After implementing an integrated system where the median response time dropped to twelve minutes, recovery rates jumped to approximately 50%. Similarly, Jon noted that in Malaysia, real-time funds tracing led to a 50x increase in recovery rates.

By exposing mule networks rapidly, the system breaks the economic viability of the crime. Jon summarized this effect perfectly: “It becomes more difficult and more expensive for the scammers to open up new accounts and to maintain them”.

The 2030 Vision

When asked to look into the future of the fraud-sharing ecosystem by 2030, both experts envisioned a highly standardized, frictionless environment. Taavi likened the future state to standard financial rails, predicting that “the information exchange will run as smoothly as SWIFT for payments today”. Jon agreed, adding that by that timeframe, the industry must lean into tracing the movement of illicit funds out into crypto and cross-border networks, thereby exposing the hidden pathways criminals rely on.