Latest white paper on evolving regulations and emerging technologies

  • Industry perspective: The key forces driving AML reform in 2025 and beyond.

  • Operational insight: How automation is reshaping onboarding and accuracy.

  • Strategic value: Where collaboration is unlocking the next era of compliance.

Access White Paper
relycomply whitepaper

Get updates that matter

Stay connected with:

  • Industry insights - Reports on trends, threats, and regulatory shifts shaping the financial services world.

  • Customer highlights - See how businesses like yours are closing AML gaps and protecting their customers.

  • Feature releases - Discover the latest products and AI-powered capabilities in our platform.

relycomply whitepaper

How tokenisation can unify strict AML data sharing

Data sharing

Information-sharing in the age of strict data privacy

Tokenisation is emerging as one of the most powerful ways to balance AML information-sharing with strict data privacy obligations. As everyone’s personal data becomes increasingly precious – and increasingly exposed – financial services face mounting pressure to protect customer information while still identifying risk. Criminals are able to trade stolen personal data (government identities, banking details, and more) across hard-to-trace global networks, with large volumes already circulating on the dark web. This makes it harder than ever for institutions to share crucial AML intelligence without violating privacy laws.

When regulation alone can’t keep pace with evolving threats, closer collaboration between regulators, governments, intelligence groups, data providers, and financial institutions (FIs) becomes essential. Yet sharing customer data for KYC or AML checks remains a major obstacle. Tokenisation and other privacy-preserving technology offer a practical path forward – enabling FIs to identify suspicious actors collectively without exposing sensitive personally identifiable information (PII)

The challenges of data privacy

There are multiple reasons why capturing customer data is essential: beyond KYC technology to assess their liability as safe customers, consumers are in charge of whether they’d like to ‘hand over’ PII for options specific to their wants and needs. It’s a trusted two-way transaction between a vendor and an individual, and data privacy laws have become more scrupulous to protect this information from ending up in the wrong hands.

Data privacy laws differ worldwide, making it extremely difficult for any FI to adhere to cross-border AML compliance when tracking payments within certain jurisdictions. That’s especially true if they lack legislation; roughly 21% of the globe, as outlined by the United Nations. Certain large-scale regions are covered, including the European Union’s General Data Protection Regulation (GDPR), South Africa’s Protection of Personal Information Act (POPIA) and the South African Credit and Risk Reporting Association (SACRRA), but any gaps in unified coverage offer vulnerabilities for criminals to exploit.

Non-regulated means to facilitate data-sharing are causing more roadblocks, such as the rise of new crypto or asset classes that can be used on decentralised ledgers. Identifying sources of funds and ownership from anonymous information is vastly tricky, highlighting how financial technology can often lack the speed with which criminals are evolving. A shared ‘data lake’ may combat this, albeit questions about its global governance and liability have stalled progress.

Customer data capture

The tokenisation tactic

However, data collaboration for portraying holistic customer views for AML is possible without having to reveal sensitive identity details, through a variety of techniques that are centred around ‘identity matching’ and complete anonymity:

  • Payment tokenisation can replace real sensitive information (such as card numbers) with random character sets, rendering it entirely nonsensical for anyone who accesses it. The original data is secured in a vault and protected from unauthorised access.
  • Homomorphic encryption (HE) stores data in a safe to be sent to a receiver who needs to perform analysis on it (including to identify suspicious customer activity). The original data is never revealed. Only those with the ‘key to the locker’ can see the results. The UK, South Korea, and Canada are reportedly exploring HE use cases for financial means.
  • Hashing converts PII using an algorithm into an unreadable hash code that’s almost impossible to decrypt. It differs from data encryption as it is a one-way process, rather than one in which a correspondent could use a decoding key.
Identity matching techniques for data privacy

In the case of how these typologies can be used by FIs to catch risk, a suspected mule account can be preserved in a bank’s system as a token without any plain-text PII. If the same token was identified from the mule using a different financial company, it can be flagged within a privacy-preserving consortium model as a recognised risk profile without complete data exposure, complying with the aforementioned laws, including GDPR or POPIA.

The vision for a wholly structured, federated data lake is ambitious but possible, so long as tokenisation becomes an industry standard. With it, the intelligence becomes shareable in real-time – particularly in high-risk KYC or AML areas such as onboarding and transaction monitoring – and with the added security where first-party data owners retain control of the cryptographic keys. Such tokens are meaningless outside the system, meaning that any data breach would be fruitless for a hacker.

With a greater scope, this collaborative nature could extend well beyond the financial industry. Sectors from aviation to health centres to retail would ideally be able to cross-reference any risk areas and ensure safeguards from harmful parties worldwide.

A new frontier of AML tech for data privacy

Rather than letting criminals win, positive reactions to collective innovation, which rewards the entire ecosystem, need to be implemented. To do so, compliance frameworks can make use of automated and security-grade regulatory technology (RegTech) systems to bridge regulators, institutions and governments and ensure tokenised data sharing can be done so seamlessly, quickly, and without failing today’s harsh AML and data privacy legalities, as follows:

  • Scaling AML monitoring can account for spikes in onboarded customers and payment activity, able to spot suspicious behaviours to be flagged across the ecosystem.
  • Ensuring real-time alerts according to trusted local and global watchlists can expose high-risk customers and opaque ownership structures without compromising PII. 
  • Automating AML allows any sized institution to manage risk controls without data siloes and duplicate manual effort. It limits false positives and escalates investigations into only pertinent customers or transactions. 
  • Future-proofing compliance culture through practical tech-driven AML can securely merge multiple industries with advanced risk modelling techniques.

A lot gets said about the value of common AML learnings and collaborative forums to advance RegTech’s anti-fincrime methods, but data consortiums can go one stage further in drawing together partnerships using their most valuable shared commodity – data itself. Not only can it solve societal problems, but it can even build sophisticated new industries dedicated to securing our digital data privacy.

AML data privacy

Big vision, tangible steps toward tokenised AML collaboration

Even though data-based regulation is expensive and complex, and handling sensitive data can be a hot potato issue, when privacy-preserving methods remove exposure from the equation, a confident, fortified front is achieved to make red flags available to all who need them right away.

Tokenisation is a bold move toward practical cross-industry insight in that it requires expertise and the right RegTech. However, it’ll become more necessary as we see criminals adapt and customers demand regulatory trust from large FIs, fintechs, and other disruptive market entrants to come that are making finance safer and more accessible for all.

Compliance should bring the forces of good together through innovative technology that protects the world by syncing data and systems in a nonintrusive way. We are exploring this space with our partners who are committed to solving the data privacy conundrum and ensuring a proactive, risk-averse, and revolutionary future.

Arrange a demo

More News and Resources

Peach Payments & RelyComply Partnership

Peach Payments partners with RelyComply to build a scalable compliance infrastructure

November 13, 2025

Peach Payments, a leading African payment service provider, has partnered with the global Anti-Financial Crime platform RelyComply to strengthen its anti-money laundering (AML) and know-your-customer (KYC) compliance capabilities and support its expansion into new African markets. Recognised as one of the 100 Most Innovative Fintech Startups of 2024 by CB Insights, Peach Payments offers a &hellip; <a href="https://relycomply.com/peach-payments-partners-with-relycomply-to-build-a-scalable-compliance-infrastructure/">Continued</a>

Blanket de-risking in AML

“Ghost Customers”: How de-risking excludes the very people banks should protect

October 29, 2025

As usual with financial compliance, if you fail to spot real risk, there’s dire repercussions. In the case of blanket de-risking, there’s an even greater Pandora’s Box of implications beyond stalling financial access to low-risk entities &#8211; wrongly chasing the “ghost customers” who rely on those they bank with the most.&nbsp; There’s already been a &hellip; <a href="https://relycomply.com/aml-risks-with-de-risking-in-banks/">Continued</a>

RelyComply in the UK

RelyComply takes the fight against financial crime to the UK

October 14, 2025

Why the UK is the next frontier in the battle against financial crime RelyComply launching in the UK marks a new milestone for us, and is the first of many to come. With our beginnings in South Africa, we started out with a simple, albeit ambitious mission: to reduce, and ultimately end financial crime through &hellip; <a href="https://relycomply.com/relycomply-takes-the-fight-against-financial-crime-to-uk/">Continued</a>

Cookie Settings

Manage your cookie preferences here.