I thought the contention was information sharing and access to another nation's law enforcement databases, not risk assessment. The latter is decision making while the former is just access to records and history. For example, CBSA, at its POE terminals, can query CBP records directly or via special access API for info on certain USA passport (travel history, DUI info, criminal warrants, and other derogatory information, etc.) Once the info is received, which should be fairly immediate, CBSA can risk-assess the traveler and either allow or deny entry. The same goes for CBP requesting info on Canadian travelers. The scope of info either agency can request or receive is agreed upon in advance, coded into bilateral legislation/agreements and, ultimately, built into the the software running in the terminals at either POE. Same with other countries as well and the Interpol, of course.

There's always a chance here for name collisions, inaccurate or false info stored in a database that could send a traveler to secondary inspection or worse. But that is the reality of aggregating data from multiple disparate sources into a single record.