With jobs at Bigbank, Skype, and TransferWise, Taavi Tamkivi had been working in the financial sector for well over a decade when he decided to take a year off to spend time with his four children.
He returned to work just as the Danske Bank money-laundering scandal was hitting the headlines.
For eight years, about €200bn ($222bn) of suspicious transactions had been passing undiscovered through Danske Bank’s Estonian branch. Soon, similar issues emerged about another Scandinavian bank’s, Swedbank, Estonian branch.
So it was no surprise that given Tamkivi’s experience, which included building up TransferWise’s know-your-customer, anti-money laundering, and enhanced due diligence compliance teams, he started to get more and more calls and emails from banks and businesses asking for help with data compliance.
SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)
He realized that the key to success in financial fraud prevention lies in data sharing between banks and financial institutions.
“When I was at TransferWise, a scenario would repeat itself over and over again,” Tamkivi tells ZDNet.
“The police would come and ask us for information on a particular customer. And, when we looked into the client’s transactions, everything appeared completely normal.
“But if the police were doing some digging, it meant there had to be mountains of information we didn’t have access to that was outside our company.”
He stresses that it wasn’t just TransferWise that had this problem.
“We knew that 94% of banks said sharing intelligence is key. So then the question is if banks overwhelmingly believe that sharing is key, why don’t they do it? The easy answer to that is fear,” he says.
“There have been a tremendous number of data breaches in just the past three years alone. And banks and financial institutions have an obligation, first and foremost, to protect their customers’ data.”
As these problems kept reoccurring, he understood that the real issue to tackle is finding a solution for banks to share information without the risk of a data breach.
A few former colleagues from TransferWise joined him to found anti-money laundering platform Salv and they decided to partner with local software company Cybernetica, which had developed a new technology called Multi-Party Computation.
“It’s a cryptographically secure communication technology that allows banks to keep their most private data safe, but they can also use it to help other financial institutions make smarter decisions about suspicious activity,” Tamkivi says.
Although individual anti-money laundering specialists already review customer behaviors to decide whether or not they look legitimate or might be criminal, with Salv’s messenger, valuable new information about a customer’s behavior at all other financial institutions becomes available.
“This means the banks aren’t siloed and can gain the upper hand against organized criminals systematically targeting them,” says Tamkivi, who adds that this kind of cooperation is becoming more and more necessary because of the proliferation of new banks and fintech companies.
Banks and financial institutes integrate with Salv’s anti-money laundering platform through Salv’s API.
“From there, data can be hosted on our servers or theirs. Whichever they prefer,” explained Tamkivi.
After everything is up and running, anti-money laundering specialists tasked with reviewing suspicious behavior can get to work. They’ll review alerts as they come in, scan through customer behavior on a single page, and make decisions about whether a customer’s activities are suspicious enough to warrant reporting them to the authorities.
According to Tamkivi, Salv’s tool is customizable to a business’s needs.
“The first step is to develop some scenarios, like patterns of suspicious behavior that should be reviewed. The tool will have a default setting for them to begin with, and then the team can customize based on their financial institution’s product, market, and customer profiles.”
He argues that Salv stands out from the competitors because it is not just merely ticking compliance boxes but actively fighting crime.
“Many compliance systems are ‘set it and forget it’ type systems. They take ages to set up – literally a year or more for integration – and the rules take weeks or months to modify,” he says.
“Our system, by contrast, takes a month or less to set up and minutes to update rules. So as a result, our customers can take everything they learn today from new criminal patterns, encode it in automated rules tomorrow, and repeat that cycle every day to protect their bank.”
Obviously, there is the question why should big international banks trust a small startup with their most confidential data.
“On the one hand, if a big bank chooses to, they can deploy our platform on-prem, and keep all their confidential data on their own network,” says Tamkivi.
“But we know how incredibly important data security is. To that end, we’re currently pursuing SOC2 compliance to ensure our data is as secure as the best in the industry.”
When talking about security, he pointed out that Salv’s CTO, Sergei Rumjantsev, led the know-your-customer engineering team, and built up secure processes to securely manage TransferWise’s most confidential data including passport copies.
“Also, the rest of our engineers have all had five to 15 years’ experience developing secure applications in leading European fintechs, where security is the first priority.”
Salv offers a monthly subscription, the price varies based on the number of customers. There are 10 people working for Salv right now, but the company is looking to hire new people in engineering, marketing, and sales in 2020. The company received $2m in seed funding in December 2019 from Fly Ventures, Passion Capital, and Seedcamp among others.
Tamkivi views Germany, the UK, and the Benelux region as the most promising markets for Salv.
“There are roughly 6,000 banks in Europe, plus tons of exciting fintechs who all need our help to both keep compliant with growing regulations, but also to combat financial crime,” he says.
SEE: Westpac CEO out following Austrac anti-money laundering allegations
Tamkivi says because the founders and engineers have used their experience gained building similar tools at TransferWise and Skype, the most difficult thing hasn’t actually been building the tool itself.
“The hardest part is going to be to convince an entire compliance field that mere compliance isn’t enough. That we need to shift our whole mindset and tools to active crime-fighting. That’s going to be a long, hard, uphill battle. But I think we can do it.”
He believes that if his product would have existed and had been implemented by local banks 10 years ago, the money-laundering scandals of Scandinavian banks’ Estonian branches could have been avoided.
“Danske and others who got into trouble relied on antiquated technology that financial criminals could easily circumvent. The compliance teams didn’t have the data at their fingertips, and couldn’t easily adapt their systems to keep up with the smart, rich, powerful criminals abusing their bank,” Tamkivi says.
“At the end of the day, compliance and crime fighting comes down to processes and incentives. To combat financial crime, banks need not just passively tick compliance boxes but actively investigate suspicious behavior. Incentives – across the whole banking industry – need to prioritize taking smart risks, with sufficient controls in place.”
More on Estonia, startups, and technology