Safety-by-Design: The Collaboration Gap

Part 3 of a Series on Payments and Financial Crime

A scam victim in Singapore loses SGD 50,000.

In 60 seconds, the money moves through a local mule account and vanishes. It either buys USDT via a P2P listing to disappear into a self-custodied wallet, or it fragments into smaller amounts, hops to an e-wallet, and crosses to Malaysia and Thailand via PayNow, DuitNow, PromptPay.

Two paths. One result.

Four ecosystems. Four regulatory frameworks. Zero cross-border shared intelligence..

Everyone's compliance box is ticked. The money is gone.

This is the fragmentation problem. And no single player can solve it.

The Myth about Compliance

Much that we would like to believe... compliance doesn't equal safety.

Banks file SARs. E-wallets verify IDs. Crypto exchanges run sanctions screening. Each institution meets its regulatory obligations. Each passes its audits.

And yet...

The fraud succeeds because criminals don't respect institutional boundaries. They study them. They exploit the seams between your compliance program and your competitor's. The handoff points. The blind spots.

A bank sees an unusual outbound transfer after it settles. An e-wallet sees a new user topping up and cashing out immediately, within policy limits. A crypto exchange sees a "clean" deposit from a licensed wallet. Everyone did their job. No one saw the crime.

Compliance is necessary. It's not sufficient.

What Safety-by-Design Actually Requires

Safety-by-Design isn't a product. It's a philosophy, and an infrastructure challenge.

It means building detection into the rails from day one, not bolting it on after the breach. It means asking "how could this be exploited?" before asking "how fast can we ship?"

But more than that, it requires capabilities that don't yet exist at scale:

1. Shared Signals Across Competitors

The victim's bank sees unusual behaviour. The mule's bank sees suspicious inflows. A third institution sees rapid fragmentation. Individually, weak signals. Together, unmistakable.

But today, these signals don't connect.

Banks don't share fraud intelligence with each other in real-time. E-wallets don't talk to banks. Crypto exchanges operate in a parallel universe. Everyone protects their own customers. No one protects the ecosystem.

The criminals have network effects. We don't.

2. Risk-Based Friction, Not Blanket Rules

Friction is a dirty word in fintech. Every millisecond of delay is a conversion killer. Every additional verification step is a user lost.

But friction isn't the enemy. Stupid friction is.

A 15-minute delay on a first-time high-value transfer to a new payee could break the 60-second pipeline. A step-up verification when behavioural patterns shift could pause a mule account before it cashes out. A warning screen with real scam stories could give a victim the moment of doubt they need.

Singapore's "cooling off" measures point the way. The UK's Confirmation of Payee shows it's possible. Risk-based friction applied intelligently, at the right moments, protects without destroying experience.

The technology exists. The will is inconsistent.

3. Network-Level Visibility

Individual transactions look normal. The network reveals the crime.

Graph analytics can map mule clusters before they're fully activated. Behavioural patterns across accounts can identify recruitment networks. Cross-institutional data can expose the layering structure in real-time.

But this requires seeing beyond your own four walls. It requires infrastructure that doesn't exist. It requires competitors to collaborate on safety while competing on everything else.

Why No One's Solved This Yet

The barriers aren't technical. They're structural.

Incentives are misaligned. Banks are measured on fraud losses to their own customers, not losses to the ecosystem. Fintechs are measured on growth, not safety. The victim at Bank A isn't Bank B's problem until the regulator makes it everyone's problem.

Competition trumps collaboration. Sharing fraud intelligence feels like sharing competitive advantage. What if the data leaks? What if it reveals our weaknesses? What if we're blamed for the fraud we helped detect?

Regulation is fragmented. Each jurisdiction has its own rules, its own regulators, its own priorities. Cross-border information sharing is slow, bureaucratic, and often legally constrained. Criminals move in seconds. Legal frameworks move in years.

No one owns the problem. Banks own their rails. E-wallets own their apps. Crypto exchanges own their platforms. Who owns the gaps between them? Who's accountable for the seams?

The Opportunity

Here's what I believe: the winners in the next era of financial services won't just be the fastest or the cheapest. They'll be the most trusted.

Trust is becoming a competitive advantage. Consumers are waking up to scam risks. Regulators are tightening liability rules. Reputational damage from fraud failures is real and lasting.

The institutions that figure out Safety-by-Design, genuinely, will differentiate. The solution providers that enable it will thrive.

But no one can do this alone.

• Regtechs building fraud detection need distribution and data access.

• Payment networks have reach but need intelligence at the edges.

• Fintechs have agility but need trust infrastructure.

• Banks have data but need interoperability.

The whitespace isn't another point solution. It's collaboration infrastructure - the connective tissue that lets shared signals flow, that enables risk-based friction across ecosystems, that creates network-level visibility without requiring everyone to merge.

This is hard. It requires new models of data sharing, new legal frameworks, new commercial arrangements. It requires competitors to cooperate on safety while competing on everything else.

But the alternative is what we have now: a fragmented ecosystem where compliance boxes are ticked and money still disappears in 60 seconds.

The Bottom Line

Financial crime is global. The stories are local. The solutions must be both.

The grandmother in Penang who lost her retirement to a love scam. The small business owner in Bangkok whose supplier payments were intercepted. The university student in Singapore who became a mule without understanding the consequences.

Their stories are local. The infrastructure that failed them is global.

Safety-by-Design isn't a slogan. It's a design challenge, a coordination problem, and a commercial opportunity, all at once.

The question isn't whether someone will solve this. It's who, and how fast.

If you're building in this space, regtech, payments, identity, fraud detection, let's talk - not to sell. To explore.

Because the next chapter of this story hasn't been written yet.

This is Part 3 of a series on Payments and Financial Crime. Part 1 explored why AML can't keep up. Part 2 broke down the 60-second pipeline. Next: where do we go from here?

-----

JFourth works at the intersection of compliance, technology, and financial inclusion, helping organisations build frameworks that protect the financial system while enabling innovation. Get in touch to learn more.