{"id":10816,"date":"2026-04-23T13:34:18","date_gmt":"2026-04-23T13:34:18","guid":{"rendered":"https:\/\/fintech.global\/amltechforum\/?p=10816"},"modified":"2026-04-23T13:34:18","modified_gmt":"2026-04-23T13:34:18","slug":"inside-rhinos-push-to-make-privacy-preserving-aml-collaboration-work","status":"publish","type":"post","link":"https:\/\/fintech.global\/amltechforum\/inside-rhinos-push-to-make-privacy-preserving-aml-collaboration-work\/","title":{"rendered":"Inside Rhino\u2019s push to make privacy-preserving AML collaboration work"},"content":{"rendered":"

Launched in 2021, Massachusetts-based\u00a0Rhino Federated Computing<\/a>\u00a0is focused on one of AI\u2019s biggest challenges: activating siloed data through federated computing.<\/strong><\/p>\n

Over the past three decades, financial institutions have invested heavily in making data available to enable better decisions for the business. Now the focus is on enabling advanced AI models and agents on top of that data. While the move toward data centralization has delivered enormous value, it was always doomed to hit a wall: some data simply cannot be moved due to regulatory, sovereignty, or intellectual property concerns. That\u2019s where Rhino comes in.<\/p>\n

Rhino\u2019s Federated Computing Platform is an AI collaboration stack that sits inside and across enterprise firewalls, enabling computing resources, data preparation and discoverability, as well as model development, deployment, and monitoring within secure, privacy-enhanced environments. With Rhino\u2019s flexible architecture, companies can securely deploy data pipelines, queries, models, agents, and third party applications wherever data lives.<\/p>\n

\u00a0<\/strong>How FIs can collaborate on AML efforts<\/strong><\/p>\n

When asked how financial institutions can collaborate on anti-money laundering (AML) efforts without sharing sensitive customer data, Dr. Ittai Dayan, CEO of Rhino Federated Computing, said financial crime does not respect institutional boundaries, but data privacy rules must.<\/p>\n

He said, \u201cCriminal networks move funds across institutions and across borders, knowing that no single bank can see the full picture. Most institutions are fighting financial crime in isolation, and that isolation is a strategic advantage for criminals. Current estimates suggest less than one percent of illicit flows are intercepted. That number reflects not a lack of data, but a failure to connect data that already exists to form a broader context.\u201d<\/p>\n

For Dr. Dayan, Federated Computing changes the equation for cross-institutional collaboration. Instead of pooling transaction records in a central repository \u2013 something that creates both a high-value breach target and a major compliance risk \u2013 banks instead keep data exactly where it lives and bring the analytical workload to it.<\/p>\n

\u201cModels train locally on each bank\u2019s own data. Insights aggregate across the network. No raw transaction records, no customer PII, and in sum no intellectual property ever leaves the bank\u2019s environment. We like to think about it as \u201ccompliance-by-architecture,\u201d said Dayan.<\/p>\n

Rhino is now testing this model at scale with SWIFT through a proof of concept involving multiple banks in a consortium.<\/p>\n

One project is focused on cross-border payment fraud detection models that continuously improve by running locally on each bank\u2019s data, allowing every participant to retain full sovereignty over its information. \u201cWhat travels across the network is learning, not records,\u201d he said.<\/p>\n

Learning from SWIFT<\/strong><\/p>\n

With Rhino engaged in a large-scale project with SWIFT, the company has been able to learn more about the real barriers that exist to multi-bank AI collaboration.<\/p>\n

For Rhino, the technology was the straightforward part. Dayan remarked that the harder problems were trust, governance, and the question every compliance officer asked before the word models ever crossed anyone\u2019s lips was \u2013 how do I know my data never leaves?<\/p>\n

\u201cThat question sounds simple, but it has deep implications for how you architect everything,\u201d said Dayan. \u201cNot just the data pipeline, but the audit trail, the access controls, and the contractual framework between participants. Banks are familiar with consortium arrangements on the payment and settlement side of the business, but a shared AI system around AML and Know Your Customer (KYC) is a different conversation. The liability questions are different. The regulatory questions are different. And the instinct to protect intellectual property, which includes transaction patterns and fraud typologies, is strong.\u201d<\/p>\n

Overall, what Rhino learned from the collaboration is that you have to solve for institutional trust while you solve for model accuracy.<\/p>\n

Dayan concluded, \u201cThe federated architecture addresses the technical side \u2014 data stays in-place by design, not by policy. But participants also need governance structures that give them visibility into how the shared model is being used, what it has learned, and how updates are applied to their local systems.\u201d<\/p>\n

Avoiding data exposure risks<\/strong><\/p>\n

Once shared models are running, a common question being asked is how banks can contribute feedback \u2013 confirming fraud and flagging false positives \u2013 without such feedback itself becoming a data exposure risk.<\/p>\n

In the opinion of Dayan, this is one of the \u2018subtler\u2019 compliance questions in federated AML, and it matters because a shared model compounds in value over time.<\/p>\n

He explained, \u201cIt improves as more institutions contribute their investigative judgments to it. But those judgments are sensitive \u2014 a SAR disposition, a mule account confirmation, a false positive determination \u2014 and they cannot travel in plain text across a network.\u201d<\/p>\n

The feedback mechanism, Dayan stated, has to carry the same privacy guarantees as the initial model training. When a compliance officer closes an alert, that label stays within the bank\u2019s environment. What gets shared is not the disposition, Dayan explains, it is the mathematical update the disposition generates in the model.<\/p>\n

\u201cThat model gradient represents what the model learned from the feedback, but it has been abstracted to the point where the underlying case cannot be reconstructed from it,\u201d the Rhino CEO remarked.<\/p>\n

\u201cWe layer additional protections on top of that,\u201d said Dayan. During aggregation, Rhino uses technologies such as trusted execution environments and secure multi-party computation so that the network coordinator can benefit from overall improvement across participants without attributing any specific update to any specific institution. When updated model parameters are distributed back to the individual banks, the company uses differential privacy to add calibrated mathematical noise that prevents anyone from reconstructing the model\u2019s inputs with advanced techniques. Rhino also takes advantage of Confidential Computing to ensure the bank\u2019s data always remains absolutely secret, and federated homomorphic encryption can provide added privacy to the model\u2019s intellectual property.<\/p>\n

\u201cThe outcome for a compliance team is that their investigative judgments improve the network without ever constituting a disclosure under applicable data-sharing restrictions,\u201d said Dayan.<\/p>\n

Demonstrating traceability and defensibility<\/strong><\/p>\n

Dayan was also posed with a critical question in relation to federated models: if a compliance team is relying on a shared federated model to support SAR decisions, how can they be able to demonstrate to an examiner that those recommendations are traceable and defensible.<\/p>\n

Dayan explained that this is the question that has to be answered before any chief compliance officer will operationalise a shared model \u2013 and it is the right question to be asking.<\/p>\n

He said, \u201cThe federated architecture works essentially the same as traditional centralized AI. Because processing happens locally at each institution, the audit trail lives within your own environment. Every input the model processed, every recommendation it produced, every model version deployed \u2014 all of that happens inside your virtual four walls, where your existing data and model governance are enforced. You are not dependent on a third-party vendor to produce audit evidence on your behalf.\u201d<\/p>\n

The Rhino CEO made clear that in practice, a compliance officer reviewing a flagged transaction can trace the recommendation back through the local model\u2019s logic, document what features drove the output and include that in the case file. The aggregated learning from the consortium is documented as a governance-approved enhancement to the local model, with version history and update logs maintained within your own environment.<\/p>\n

Dayan also shone a light on the model risk management frameworks across jurisdictions \u2013 SR 11-7 in the US, the EU AI Act, SS1\/23 in the UK and EBA\u2019s guidelines across the EU, and stated that that is a clear model risk management story.<\/p>\n

\u201cYou are not asking an examiner to trust a black box sitting outside your perimeter. You are showing them a governed, auditable system that benefits from consortium intelligence,\u201d he said.<\/p>\n

The future of agentic AI<\/strong><\/p>\n

What is the future of agentic AI in Alert-to-SAR workflows? In the view of Dayan, agentic AI is going to completely reshape how institutions handle the Alert-to-SAR process from end-to-end over the next few years.<\/p>\n

He commented, \u201cRight now, most of an analyst\u2019s time gets burned on false positive triage and data gathering rather than exercising their professional judgment. AI agents can automate the routine work: culling false positives, pulling case evidence across systems, drafting narratives, and routing completed packages for review. This will free analysts to do what they are best at: deciding whether a case clears the SAR threshold and what it means.\u201d<\/p>\n

Once the banks get over the initial adoption hurdle, Dayan believes they will find building agents to be \u2018wonderfully easy\u2019 since they have strong existing practices to inform the agentic systems design.<\/p>\n

He remarked, \u201cThe fun part is that the tools themselves help you create stronger tools. The hard part is architecture for scale: getting those agents to work across disparate systems. Alert-to-SAR success depends on reasoning across siloed data: transaction records in one system, customer identity in another, watchlists in a third, correspondent bank data in a fourth. Each silo has its own owners, data residency rules, and PII constraints.\u201d<\/p>\n

Dayan continues by explaining how centralizing that data to feed an AI system creates regulatory and governance risk that many institutions are not willing to take. \u201cMany banks simply don\u2019t have the IT resources needed for big data centralization projects like this,\u201d he said.<\/p>\n

For the Rhino CEO, this is exactly where a federated computing architecture is able to alleviate this challenge.<\/p>\n

\u201cIt\u2019s a lot easier to install a Rhino \u2018client\u2019 where the data lives in most cases than it is to nail a massive data migration project. Agents can query and reason across distributed data silos without the underlying data moving or sharing sensitive data with unauthorized people. Meanwhile, agent performance and updates can be governed across data siloes so that you see a continuous improvement loop. The agent stays at the data, not the other way around. Without these capabilities, agents will not be able to coordinate, and you will be stuck in the same shuffle between systems, doing the \u201cswivel chair\u201d routine pasting agentic outputs from one screen to another, just like you do today.\u201d<\/p>\n

A message for regulators<\/strong><\/p>\n

Dayan was also asked how regulators should think about their role as cross-bank AI consortia mature.<\/p>\n

He stated that regulatory frameworks for shared AI systems in financial services are still forming, and the right answer will likely vary across different markets.<\/p>\n

He said, \u201cWhat has been established \u2013 the FCA, the Federal Reserve, and the EBA have each been explicit on this \u2013 is that existing accountability principles apply. Institutions remain responsible for AI-informed decisions under frameworks already in force, and AI-specific regulation isn\u2019t required to drive enforcement.\u201d<\/p>\n

Dayan hopes to see the evolution of the regulatory oversight model itself, stating, \u201cRight now, regulators oversee institutions individually, with limited visibility into the shared intelligence layer that increasingly connects them. As federated consortia scale, that gap becomes a systemic risk \u2013 not because the technology is opaque, but because the governance frameworks are lagging.\u201d<\/p>\n

Dayan advocated for enabling regulators to participate in these systems, and not just observe them from the outside.<\/p>\n

\u201cA regulatory authority could, in principle, be a node in a federated consortium, receiving aggregate insights and pattern-level intelligence without accessing raw transaction data from any individual institution. That would give the regulators the network-level visibility they need to identify emerging typologies and systemic risk, without requiring any institution to hand over customer records or compromise data sovereignty,\u201d he stated.<\/p>\n

Dayan made it clear that the market is not there yet in terms of regulatory appetite or legal frameworks, but argued that the technical foundations already exist.<\/p>\n

He concluded, \u201cInstitutions that build federated infrastructure now will be positioned to extend access to regulators as those frameworks evolve, rather than retrofitting a centralized architecture that was never designed for that kind of governed, privacy-preserving transparency.\u201d<\/p>\n

Read the daily RegTech news<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Launched in 2021, Massachusetts-based\u00a0Rhino Federated Computing\u00a0is focused on one of AI\u2019s biggest challenges: activating siloed data through federated computing. Over the past three decades, financial institutions have invested heavily in making data available to enable better decisions for the business. Now the focus is on enabling advanced AI models and agents on top of that… <\/p>\n

<\/div>\n

Read More<\/a><\/p>\n","protected":false},"author":13,"featured_media":10817,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/fintech.global\/amltechforum\/wp-json\/wp\/v2\/posts\/10816"}],"collection":[{"href":"https:\/\/fintech.global\/amltechforum\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fintech.global\/amltechforum\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fintech.global\/amltechforum\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/fintech.global\/amltechforum\/wp-json\/wp\/v2\/comments?post=10816"}],"version-history":[{"count":1,"href":"https:\/\/fintech.global\/amltechforum\/wp-json\/wp\/v2\/posts\/10816\/revisions"}],"predecessor-version":[{"id":10818,"href":"https:\/\/fintech.global\/amltechforum\/wp-json\/wp\/v2\/posts\/10816\/revisions\/10818"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fintech.global\/amltechforum\/wp-json\/wp\/v2\/media\/10817"}],"wp:attachment":[{"href":"https:\/\/fintech.global\/amltechforum\/wp-json\/wp\/v2\/media?parent=10816"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fintech.global\/amltechforum\/wp-json\/wp\/v2\/categories?post=10816"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fintech.global\/amltechforum\/wp-json\/wp\/v2\/tags?post=10816"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}