GovTalk with Kelly Nõmmiko on navigating legal challenges and regulation in the fight against financial crime

In this second edition of GovTalks, we delve into the world of financial regulation and compliance with Kelly Nõmmiko, Head of Legal at Salv, discussing her career journey into regetch, some of the major legal challenges for financial organisations nowadays, and what will be shaping the sector in 2024.

Welcome to GovTalks - Cygnetise’s new interview series dedicated to exploring the multifaceted world of Governance, Risk & Compliance (GRC), and the transformative role of Regulatory Technology (RegTech). GovTalks brings together thought leaders, industry experts, and trailblazers to shed light on these complexities. If you’d like to be featured and share your story, get in touch here. 

In this second edition of GovTalks, we chatted with Kelly Nõmmiko, Head of Legal at Salv. Since April 2023, Kelly has been at the helm of Salv's legal department, steering the company through the complex waters of financial regulation and compliance. Since its launch in 2018, Estonia-based Salv has rapidly made international waves with its mission to combat financial crime. Founded by former Skype and Wise employees amidst the fallout of the Danske Bank scandal, Salv has leveraged its insider knowledge to revolutionise the financial sector. With its cutting-edge anti-money laundering (AML) software, Salv positions itself beyond a mere compliance tool; it enables banks and fintechs to proactively tackle financial crime. By automating routine tasks and enhancing the effectiveness of risk mitigation teams, the regtech empowers institutions to outpace criminals. This innovative approach has garnered significant attention, leading to Salv raising €1.8 million in seed funding and securing partnerships with major banks like LHV within just two years of its inception.

In our talk with Kelly, we explored how her previous roles have shaped her current leadership approach at Salv, and touched on key issues like the legal hurdles to data sharing across financial institutions and how advancements in AI, machine learning, and blockchain are shaping compliance and collaboration in 2024. Kelly also shared her insights on the future directions of the regtech industry and the emerging trends that are setting the pace at Salv.

Read Kelly’s complete story below.

Kelly, we're eager to learn about your path to becoming the Head of Legal at Salv. Could you share how your past roles have impacted and shaped your current leadership approach?

I have always been passionate about criminal law and initially aspired to become a prosecutor, even dedicating my Master's thesis to the prevention of white-collar crime within organisations. However, my career took a different turn when I started working as an attorney in corporate, employment, and M&A law at one of the largest law firms in the Baltics. But despite my success as an attorney, I consistently sensed that something was lacking. I harbored a dream of engaging in legal work that combated crime, yet in my daily practice, I encountered limitations that hindered my ability to offer the best advice to my clients. Time constraints and a lack of comprehensive understanding of my clients' businesses prevented me from seeing the full picture. I realised that to provide truly effective counsel, I needed a deeper familiarity with my clients' internal processes, business operations, and products. Merely dispensing general legal advice accompanied by standard disclaimers felt insufficient and unfulfilling for me. 

This feeling led me to realise that in order to make some real impact, I needed to immerse myself within a specific organisation, and get to know its business inside out. The Estonian legal system allows licensed attorneys to also serve as in-house lawyers, which opened the door for me to transition into a role as a senior lawyer at a regulated Estonian financial service provider where I could learn all the specifics about financial law, data protection, IP, and anti-money laundering. Having access to the full picture greatly improved the legal assistance I provided, as it was tailored to fit the specific organisation, management style, and risk appetite. However, I still felt a void—I was missing the mission I had long been eager to fulfill: catching criminals.

At some point during my time there, I was tasked with implementing Salv’s AML tools and this was a pivotal moment for my career. That experience not only helped me fulfill my longstanding dream of fighting crime but also cemented my desire to work for a company like Salv whose mission resonated deeply with my personal values.

Now, as part of Salv, I draw on my diverse background to lead with a mission-driven approach, treating our customers as partners and striving for bold, smart solutions. My role at Salv allows me to live out my dream, leveraging my experiences to make a meaningful impact in the fight against financial crime.

What distinguishes your role at Salv, and for those less familiar, could you introduce us to what Salv does and its mission?

Salv provides a regulatory technology (regtech) solution to regulated financial institutions. In my role as a Head of Legal, I ensure that our services not only comply with all relevant regulations but also support our partners in maintaining compliance. This involves ensuring that our products and their development meet legal requirements, as well as supporting our sales team who frequently encounter complex legal queries from our partners' Data Protection Officers (DPOs), lawyers, and engineers. My responsibilities range from assisting with the European Banking Authority (EBA) outsourcing regulations to aiding in data protection impact assessment analysis.

Being a lawyer at Salv is critical—without strict adherence to legal standards, our products cannot exist. Let me explain further what Salv does to illustrate this point.

Salv is a European company that helps financial service providers combat money laundering and terrorism financing by offering technical solutions for screening and monitoring end customers. Additionally, we provide a unique solution that allows financial institutions to securely share information with each other. This not only helps in timely and effective risk mitigation of fraud but also builds a sophisticated network to counteract the complex networks of criminals involved in money laundering.

What sets Salv apart is our focus on collaboration. Tackling financial crime is a sophisticated and prolonged endeavor—it's a marathon, not a sprint. We work in a flexible, sustainable manner and take time to celebrate our victories. For instance, at the start of this year, Salv achieved a significant milestone by obtaining the world’s first closed KYC utility tool license in Latvia—a historical achievement as no such license had previously existed. The challenges and excitement of this project were immense, both for me as a lawyer and for the entire team at Salv.

Salv is at the forefront of fighting financial crime through collaboration. In your view, what are the main legal and regulatory hurdles to information sharing across financial institutions?

We often receive inquiries from financial institutions about the legality of sharing information, particularly across borders. In partnership with these institutions, we help assess the legal grounds for such actions. This process is complex as it involves navigating diverse data protection regulations, banking secrecy laws, and local anti-money laundering (AML) statutes simultaneously. The forthcoming Anti-Money Laundering Regulation (AMLR) and Payment Services Directive 3 (PSD3) are expected to provide clearer guidelines.

One major regulatory challenge is the varying application of the current AML legal framework across different EU countries. Additionally, there is often room for interpretation by regulators. Without specific guidelines on information sharing, outcomes may be unpredictable. Collaboration and intelligence sharing between financial institutions is something that can and is already being done today. Although local laws permit cross-border information sharing, local regulators sometimes adopt a more conservative stance, issuing restrictive guidelines for market participants. Despite that, we have great success stories of how this has really helped fight financial crime in Europe. We are also eagerly looking forward to how the new regulation will broaden the scope even further. But there is no reason to wait.

Balancing information sharing and privacy is crucial. How can financial institutions navigate these challenges while safeguarding customer privacy?

It is not easy, but it definitely can be done and it is our role to help financial institutions do it. Financial details about customers are highly confidential and protected under banking secrecy laws. Yet, financial institutions also have a duty to do everything possible to prevent money laundering and terrorism, which often necessitates the processing and sharing of personal data with other institutions. The critical question then becomes: How do we strike the right balance?

From a data protection standpoint, any exchange of personal data must be considered under data protection regulations. Financial institutions are required to process and disclose personal data, and the legal bases for such exchanges could include compliance with a legal obligation under national or EU law, performance of a task carried out in the public interest, or the legitimate interests pursued by the controller or a third party. However, these interests must not be outweighed by the data subject's rights and freedoms requiring the protection of personal data.

The appropriate legal basis often depends on the specific requirements of local AML laws. Typically, preventing money laundering and terrorism financing is seen as a matter of public interest, and this is the basis commonly used. However, legitimate interest can also provide a more flexible legal basis, though its applicability varies based on the use case, specific personal data involved, and local legislation. 

Technology plays a critical role in combating financial crime. Can you talk about how advancements in AI, machine learning, and blockchain are shaping the way institutions collaborate and maintain compliance?

AI and machine learning technologies are increasingly utilised to combat fraud, but they often lack the quality and richness of underlying data, which typically excludes information from other institutions. The most effective way to combat financial crime is through the exchange of data points and collaboration among crime fighters, both domestically and internationally. The more data that is shared between organisations, particularly true positive signals, the more effectively AI algorithms can detect fraud. AI is capable of creating smarter and more accurate algorithms than humans, yet collaboration remains crucial as it allows for the sharing of knowledge, rules, and typologies from across the industry, enhancing the intelligence used to combat financial fraud.

On the practical side, there are many innovative ways to employ AI, machine learning, and blockchain to prevent crime and foster collaboration. For instance, machine learning can be used to develop a knowledge base for financial institutions, providing alerts on new suspicious fraud patterns. Additionally, tools that can automatically analyse source of funds documents to identify and report suspicious elements can significantly reduce the workload of manual AML officers. However, these new features, products, and services must comply with legislation. The field remains largely unregulated, and some AI applications have faced unfavorable court cases and regulatory guidelines against their use. Financial institutions must exercise extreme caution when providing client data for machine learning due to unresolved issues around IP rights and security.

We are also eagerly awaiting the enactment of the AI Act, which is expected to bring more legal clarity to the use of these technologies, helping to establish a safer balance in their application.

Educating the financial sector on the legality and advantages of shared intelligence is vital. What initiatives has Salv undertaken in this realm, and what more needs to be done?

Educating the financial sector is crucial. What is the legal basis, how secure is it, and what are the implications for banking secrecy? These are common questions from lawyers, but meanwhile, financial institutions often resort to less secure methods, such as unencrypted emails, which can delay responses for weeks. By then, the funds have often been withdrawn and the trail has gone cold, making this a highly ineffective method for preventing money laundering and terrorism financing. Therefore, it's vital that we provide our customers with compliant and secure tools for sharing information.

To be able to help our customers with named questions, Salv has launched an initiative with our external legal partners to determine the appropriate legal basis for information sharing on a country-by-country basis. We began with our home countries, Estonia and Latvia, and have expanded our review to include the UK market. We are also closely monitoring upcoming legislation, such as the recent amendments to the AML law in Lithuania that came into effect in late April, which include provisions on information sharing. We are eager to share these insights and the results of our legal analyses with our customers.

I am particularly encouraged by the advancements in UK laws regarding fraud, which are significantly ahead of local laws in EU member states. The UK provides a strong model for EU members in this regard.

Looking ahead, what directions do you predict the regtech industry will take in the coming years, and are there any trends at Salv that you believe are setting the pace? 

More regulations are on the horizon in the financial world, and while inevitable, they are necessary given the increasing complexity of the industry.

In the realm of AML and information sharing, there are particularly exciting developments ahead. The EU is set to revise its laws on payment services, signaling a significant shift with the proposed transition from the current Payment Services Directive (PSD2) to PSD3. This new directive aims to combat and mitigate payment fraud by allowing payment service providers (PSPs) to share fraud-related information with other regulated financial institutions. Key enhancements include increasing consumer awareness, strengthening customer authentication rules, extending refund rights for victims of fraud, and mandating a system to verify the alignment of payees' IBAN numbers with account names for all credit transfers.

Additionally, the upcoming Anti-Money Laundering Regulation (AMLR) will be a directly applicable law that facilitates cross-border information sharing. This is a pivotal advancement that will alleviate the need for financial institutions to navigate the legal complexities of information sharing on a case-by-case and country-by-country basis.

As we await these new regulations, it is essential for us to be proactive and navigate the myriad of legal approaches and unexpected challenges. Fortunately, financial institutions can rely on firms like Salv for support during these transformative times.

About Cygnetise:

Cygnetise uses the latest blockchain technology to help organisations reduce the risk of fraud, facilitate business continuity and contribute to ESG by digitising the process of authorised signatory management and bank mandates. Our application enables users to update their signer data in real time and has a variety of sharing mechanisms so that all relevant counterparts can have constant access to the most up-to-date information without you having to recompile and redistribute.

To learn more about Cygnetise and request a free demo, click here or email our team at info@cygnetise.com