EXCLUSIVE: “Sharing is Caring” – Jamie Renehan, Bank of Ireland in ‘The Fintech Magazine’

Bank of Ireland’s payments data analytics team produces information that’s useful to the bank, its customers and the wider economy. But could it play an even more important role?

According to the Central Bank of  Ireland, the epidemic of payment fraud spreading across mainland Europe, has reached Irish shores. Its Behind the Data paper, revealed fraudulent payments rose by 26 per cent to €126million in 2023 – the most recent year for which it has statistics.

Online card payments made up 86 per cent of the total value of card fraud, totalling €37.4million, while the value of money remittance frauds more than tripled between 2022 and 2023 to reach €8.2million. The report also showed that about 60 per cent of the total fraud during 2022-2023 involved cross-border payments, amounting to €77million.

Banks everywhere are under pressure to keep customers safe from criminals – but also from themselves. The same payments data analysis that can raise a red flag on suspicious transactions made with or without a customer’s knowledge, could also identify self-harming behaviours, such as problem gambling. In both scenarios banks face legal, moral and commercial arguments around what to do with that information.

And, in the case of fraud, that’s made even more complex by the fact that the regulations designed to keep customers safe prevent banks from sharing the very data that could stop bad actors. It’s a Catch-22 that technology providers, regulators and banks are trying urgently to address.

Jamie Renehan is head of the Behavioural Insights team for the high street Bank of Ireland. He’s acutely aware of how compliant payments data analysis by responsible organisations such as his own can deliver huge advantages for customers, the bank and wider society. But also of the inherent conflicts surrounding it – which can impact a bank’s technology choices.

“There are a lot of amazing tools out there that can increase the speed of analysis and personalisation of data. Large language models, such as ChatGPT have incredible capability. But right now, is it safe to put our customers’ data through these models, albeit, they will provide rapid insight at scale?

“That’s the question holding many banks back,” he says. “That said, the same technology is available to those who want to take advantage of consumers, so there is an onus on financial institutions to try to use them to protect our customers.”

Renehan’s team provides higher-level strategic analysis to the bank. But, elsewhere, categorisation engines can help colleagues communicate products and services to individual customers at key points in their lives.

“They might be looking to buy that first home or getting engaged or starting their first job,” says Renehan. “Customers in those different categories have different financial needs as well.”

They are all benign events around which it’s possible to create greater engagement. There is one instance, though, in which Bank of Ireland uses customer data to stop that engagement – and that’s in relation to gambling. It’s worked with Visa and the new Gambling Regulatory Authority of Ireland to introduce a voluntary payment block on debit cards that can be applied across all betting, gaming and lottery sites licensed in the Republic. The bank’s own data for the first quarter of this year revealed that 90 per cent of bets took place online, with 99 per cent funded by debit cards.

Tackling financial fraud is a much bigger problem that unilateral action won’t solve. But there are winds of change in Europe, propelled by the latest Anti-Money Laundering Directive (AMLD6), which must be fully implemented by European institutions by 2027. It’s based on four central tenets: consistent application of AML rules across the EU; holding more individuals and entities accountable; incorporating emerging risks like cybercrime into the AML framework; and, crucially, facilitating better information sharing and collaboration between authorities.

The National Crime Agency (NCA), which is the UK’s lead agency against organised crime, has already announced a data sharing partnership with seven UK banks – Barclays, Lloyds, Metro Bank, NatWest, Santander, Starling Bank, and TSB. The project involves the banks voluntarily sharing customer and transactional data with the NCA, with the aim of tackling crime and preventing the flow of dirty money through the UK’s financial system.

Initial results, announced in January 2025, revealed that eight new criminal networks have already been confirmed. A further three suspicious networks have been referred to the NCA’s intelligence division, while new leads have been uncovered related to 10 of the agency’s largest ongoing investigations.

“Banks sharing information is not something that has been looked at en masse before. But for the greater good, it might just work”

In January 2025, the Central Bank of Ireland created its first regulatory sandbox on combating financial crime, with the stated aim of using ‘innovative technology, foster(ing) and develop(ing) innovative solutions that minimise fraud, enhance KYC/AML/CFT frameworks, and improve day-to-day transaction security for consumers’.

Thirty-eight applications were received to join the initial cohort, which were whittled down to seven startups, scaling firms, partnerships and established financial services organisations.Among the participants, which all come at the problem from different fincrime and fraud vulnerability points, is AMLYZE, headquartered in Lithuania, which is building an AML/CFT information-sharing framework that uses structured taxonomies and synthetic data to simplify detecting and preventing fraudulent activities, and Roseman Labs, which is enabling secure, GDPR-compliant collaboration and analysis on sensitive data for regulated industries.

Roseman Labs’ work is especially interesting, in relation to encouraging collaboration across the ecosystem to support the fight against financial crime. Indeed, the Central Bank of Ireland’s Deputy Governor, Derville Rowland, said in February of this year that: “The lack of an ability to share such information has long been pointed to as a real weak link in the system, which could allow someone who had an account closed by one bank on money laundering/terrorist financing grounds to seek to open an account in another.”

Roseman Labs has partnered with spotixx, a leading fintech in AI-powered financial crime detection, to develop Qorum. This encrypted computing platform allows financial institutions to jointly investigate suspicious activity while maintaining strict privacy safeguards. For instance, Qorum facilitates banks in detecting whether a client flagged for suspicious activity at one institution is connected to alerts at others, whilst helping identify potential mule accounts early by checking if a new client has opened multiple accounts across institutions in a short time frame.

Renehan acknowledges that the industry is at something of a crossroads.

“Fraud and financial crime are increasing at pace, so we need a solution that uses the technology at our disposal, whilst ensuring it is a safe process. It certainly requires fresh thinking and collaboration within the industry,” he says.

Collaboration is key

The Bank of Ireland already partners with particular vendors and experts in the fincrime space that have capability and experience in other markets. Their input, says Renehan, helps ‘arm’ the bank when working to combat fraud

“Technology partners and vendors bring a unique experience. It’s not just their product; they have relationships with a lot of the large banks across Europe and the world, and they understand the key things that banks are working on. They can, in a subtle way, translate a little bit. They can understand the problem you have, recognise that another financial institution in the UK market or in the US market, for example, has had a similar experience, and communicate that to us. This approach has worked well for our business.”

Renehan believes the wider financial environment could benefit from the same pooling of experience. Indeed, that will be encouraged by the Payment Services Regulation, which will be introduced as part of the PSD3 reforms next year. The Regulation allows payment service providers to exchange, on a voluntary basis, personal data of their users, such as unique identifiers of a payee. A similar arrangement already exists in the Netherlands, where five of the biggest banks set up a Transaction Monitoring Netherlands, an initiative to flag unusual patterns in payments traffic that individual banks cannot identify.

“Banks sharing information is not something that has been looked at en masse before,” says Renehan. “But for the greater good, it might just work.

“The connectedness of banks across Europe could be a valuable asset for them to work together in combating crime because, individually, the technology stocks available to those in financial crime is immense, and they obviously don’t have to worry about not wanting to use a technology because of ethics.

“So we have to be really careful that the right tools are used, which are strong enough to combat that.

“The power of technology is there to serve our customers’ needs and wants, but to also protect them from those that wish to do them harm. Working together across institutions is a logical way to achieve that goal.”

This article was published in The Fintech Magazine Issue #36, Page 29-30