Articles
Analysis and perspective on compliance technology, regulatory architecture, and the future of financial crime detection.
Beyond Banking: Cross-Sector Federated Detection for Financial Crime, Telecommunications Fraud, and Digital Asset Compliance
A single detection engine that correlates risk signals across banks, telecommunications operators, and digital asset platforms without sharing raw data between institutions. The same code, the same cryptographic protocols, the same GPU-native detection pipeline, applied to every regulated sector where financial crime operates.
What Article 75 Was Afraid to Permit
AMLR Article 75 restricts cross-institutional data sharing to high-risk customers. The criminals who are hardest to catch are the ones who stay low-risk at every bank. Multi-Party Computation resolves the paradox: full customer base federation without sharing a single byte of personal data. The evidence, the legal argument, and the path to a pilot.
From Edge to Federation: A Unified Architecture for Real-Time Financial Crime Detection
A single detection engine that replaces overnight batch processing with continuous real-time monitoring. Three layers, one binary. Institutional real-time monitoring, cross-bank federation without data sharing, and regulatory interface. Three use cases, the ESG case, and the regulatory alignment map.
The AML Industry Has Never Proven Detection Works. We Built a Way to Measure It.
Every AML vendor claims high detection rates. Not a single one can prove it. The ZQUAS Financial Crime Network Simulator generates complete financial ecosystems at production scale, embeds criminal networks of known structure and difficulty, and measures detection accuracy with mathematical precision.
What Does Real-Time Actually Mean?
Every transaction monitoring vendor claims real-time. The term has three distinct meanings with fundamentally different implications for detection capability. A framework for evaluating what real-time actually delivers.
EU AI Act and AML: Is Your Transaction Monitoring System High-Risk?
The EU AI Act is the first comprehensive AI regulation in the world. Most AML transaction monitoring systems are excluded from high-risk classification. But the profiling exception creates an important grey area that banks using AI-based customer risk scoring cannot ignore.
The 16-Month Window: Why Banks Must Act Before July 2027
AMLR Article 75 applies on July 10, 2027. Cross-institutional monitoring infrastructure takes 18 to 24 months to build. Banks that begin vendor evaluation in Q1 2026 can be ready. Banks that wait until 2027 cannot.
UK Banks Can Share AML Data Today: ECCTA Sections 188-189
While the EU waits until July 2027 for AMLR Article 75, the UK has already acted. ECCTA Sections 188 and 189 have been in force since January 2024. UK banks have the legal basis to implement collaborative AML detection now.
From TMNL to Article 75: The Netherlands' Path to Collaborative AML
In 2019, five Dutch banks created the most ambitious collaborative AML project in Europe. By 2025, it was being wound down. The technology was right. The legal framework was not ready. AMLR Article 75 changes that.
MPC and GDPR: What the EDPB Actually Says
The European Data Protection Board has identified multi-party computation as an accountability tool for cross-border data processing. Their position is more specific and more supportive than most compliance teams realise. Here is what it says and what it means for collaborative AML.
What AMLR Article 75 Means for Dutch Banks
The Netherlands tried collaborative AML detection. It failed because the law was not ready. AMLR Article 75 creates an explicit legal basis for bank-to-bank information sharing. Dutch banks now have 16 months to build what TMNL could not.
Why Cross-Institutional AML Detection Requires a New Architecture
Joint transaction monitoring initiatives have stalled across Europe. The core assumption — that centralising data is the path to better detection — is architecturally flawed. Privacy-preserving computation offers a fundamentally different approach.
What Running a Multi-Bank Monitoring Network Actually Looks Like
The architecture papers write themselves. The hard part is operations. How do banks join? Who sets the rules? What happens when one bank's policy change affects another bank's alerts? These are the questions that determine whether a network works or collapses.
The €200 Billion Compliance Market Nobody Has Disrupted
Financial institutions spend more on compliance than on almost any other technology category. The tooling hasn't fundamentally changed in 15 years. Here's why, and what's about to break that open.
Privacy-Preserving Detection Under AMLR
The EU AMLR creates a catch-22 for cross-institutional detection. You can only share data about customers you've already identified as high-risk. But you need shared data to identify them in the first place. There is a way through this.
Batch Processing Is a Liability on Real-Time Payment Rails
Your payment infrastructure settles in seconds. Your AML monitoring runs overnight. That gap is where both criminals and regulators will find you.
The Real Cost of 95% False Positives
Everyone in compliance knows the number. Ninety-five percent of AML alerts are false positives. But the real damage isn't in the alerts themselves. It's in everything that happens around them.
From Trust-Based Audit to Cryptographic Verification
Current supervisory models depend on banks accurately reporting how their systems work. Cryptographic attestation replaces that trust with mathematical proof. Here's what changes for supervisors.
Supervising AI in AML: What Article 12 Actually Requires
The EU AI Act may classify AI-based AML risk profiling as high-risk. Article 12 demands record-keeping. But what does technically adequate record-keeping look like when a system makes millions of decisions per day?
What Your AML Vendor Can't Prove
Your monitoring system generates alerts, case files, and reports. But can it cryptographically prove that a specific policy was applied to specific data at a specific time? That question is coming.
Same Data, Same Rules, Different Verdict: The Determinism Problem in AML
Run the same transaction through the same monitoring system tomorrow and you might get a different result. That's not a bug. It's an architecture problem. And regulators are starting to notice.
AMLR 2027: Why Every Bank in Europe Faces a Hard Rebuild Deadline
This isn't a regulatory update banks can absorb with a policy tweak. AMLR requires architectural changes that legacy monitoring systems weren't designed for. The deadline is mid-2027. The rebuild starts now.
Why GPU-Native Compliance Is a Moat, Not a Feature
Competitors can copy a feature in a sprint. They can't replicate a GPU-native architecture with privacy-preserving MPC and cryptographic attestation in under three years. Here's why the gap is structural.
Land, Expand, Network: How Sovereign Compliance Scales
Start with one bank. Add cross-institutional detection as the federation grows. Each new participant makes the system better for everyone. The business model has network effects built into the architecture.
Why Compliance Tech Hasn't Been Disrupted Yet, and What Changes That
The most conservative buyers in the most regulated industry, using tools that haven't changed in 15 years. There are specific reasons this market has resisted disruption. Those reasons are expiring.
If Your AI Compliance System Can't Attack Itself, How Do You Know It Works?
The EU AI Act requires continuous risk management for high-risk AI systems. Most AML vendors test against historical data. That tells you how the system performed in the past. It says nothing about how it will handle attacks it hasn't seen yet.
Reactive Compliance Is a Losing Strategy. Here's What Comes After.
Every compliance system on the market tells you what already happened. What if the system could tell you what's about to go wrong, before it does? That's not a hypothetical anymore.
Why a Governance Runtime Is Worth More Than a Monitoring Tool
The difference between a compliance monitoring tool and a governance runtime is the difference between a dashcam and an autopilot. One records what happened. The other prevents what shouldn't.
Your New Compliance System Won't Work If It Can't Talk to Your Old One
The most common reason compliance technology projects fail isn't the technology. It's integration. If the new system can't ingest from your existing payment rails and export to your existing SIEM, it's dead on arrival.
Transaction Monitoring Netherlands: What Went Wrong, What Comes Next
The most ambitious cross-institutional AML initiative in Europe was shut down because its architecture couldn't be reconciled with privacy law. A complete analysis of what happened, why it failed, and what the alternative architecture looks like.