Why the Current Approach Fails
Financial crime costs the global economy trillions per year. Banks spend billions on compliance. Detection rates remain below 2%. The architecture is the problem.
Today, every bank fights financial crime alone. Each institution monitors its own transactions, flags its own alerts, and files its own reports. Criminals exploit this by spreading activity across multiple banks. The transfer that looks normal at one bank is part of a laundering chain visible only when you combine the picture across institutions. But combining that picture means sharing customer data, which privacy law prohibits.
This is not a new problem. Attempts to solve it have failed. In the Netherlands, five major banks created TMNL to pool transaction data for joint monitoring. It was shut down after the Data Protection Authority ruled that mass data sharing without a specific legal basis violated privacy law. The technology concept was sound. The architecture was wrong. Centralising data creates the very privacy problem it tries to solve.
The EU has now created the legal basis. AMLR Article 75 (applicable July 2027) explicitly permits cross-institutional information sharing for AML purposes, with mandatory pseudonymisation as a technical safeguard. The legal barrier is removed. The question is now purely technical: how do institutions cooperate without sharing data? The answer is privacy-preserving computation, specifically multi-party computation, where institutions jointly compute over their combined data without any institution revealing its raw information to another.
What Changes
| Capability | Traditional AML Systems | ZQUAS |
|---|---|---|
| Visibility | Each bank monitors only its own transactions. | Detection runs across all participating institutions. |
Criminal networks move money between banks. Monitoring one bank means missing the pattern that spans three. |
||
| Data Sharing | Collaboration requires sharing customer data. | Banks collaborate without sharing any customer data. |
Multi-party computation allows joint detection with mathematical privacy guarantees. No raw data leaves any institution. |
||
| Detection Model | Static rules tested against historical transactions. | Real-time federated analysis across the network. |
Suspicious patterns are detected as they form, not months later during a manual investigation. |
||
| Processing Speed | Batch processing. Overnight or hourly cycles. | 150 million+ compliance policy evaluations per second. |
GPU-native computation evaluates the entire entity population continuously. There is no queue. There is no overnight batch. |
||
| Compliance Assurance | Systems produce logs and reports for auditors. | Every decision is cryptographically signed and independently verifiable. |
Regulators can mathematically verify that a compliance decision was made correctly, not just trust the documentation. |
||
| Security Testing | Periodic penetration testing and vulnerability scans. | Continuous adversarial self-testing built into the engine. |
The system attacks its own detection logic continuously, finding weaknesses before criminals do. |
||
| Knowledge Sharing | Laundering typologies shared slowly via industry reports. | New patterns propagate across the network automatically. |
When one institution discovers a new laundering tactic, every participating institution benefits immediately. |
||
| Regulatory Audits | Audits rely on documentation and sampling. | Audit evidence is machine-verifiable. |
Compliance examinations become faster and more reliable because every decision carries a cryptographic proof chain. |
||
| AI Integration | ML models bolted onto existing rule engines. | AI sits inside the same governance perimeter as the rule engine, with the same audit trail and the same constraints. |
AI components and policy components run under the same deterministic, attestable governance model. No model output reaches a regulator-facing decision without passing through the same controls as a hand-written rule. |
||
| Scalability | Scale by adding servers and databases. | Single GPU: 8 million accounts. Adding banks does not increase processing time. |
Parallel execution means the system processes 5 banks as fast as 2 banks. Scale is a hardware property, not an infrastructure project. |
||
| Multi-Industry | Separate products for each regulation and sector. | Industry-agnostic governance engine. Financial crime is the first application. |
The same engine governs any domain where autonomous entities must operate under verifiable rules. |
||
| Philosophy | Each bank fights financial crime alone. | Collective defence across institutions. |
Criminal networks cooperate globally. The financial system must do the same, without sacrificing privacy. |
||
The Numbers
All numbers measured. Federation benchmarks use realistic Dutch banking entity distributions.
July 2027
AMLR Article 75 applies on July 10, 2027. Banks that want to participate in cross-institutional detection must have the infrastructure in place by that date. The European Data Protection Board has identified multi-party computation as an accountability tool for privacy-preserving data processing. The Netherlands Court of Audit (Algemene Rekenkamer) found that current AML controls involve 13,000 FTE and 530,000 annual reports with no measurable insight into effectiveness. The technology to change this exists today.
The difference between monitoring transactions and governing entities is architectural. It cannot be retrofitted.