by Amir Tabakovic, Co-Chair of Mobey Forum’s AI & Data Privacy Expert Group
Those who closely follow the digital trends impacting financial services will surely remember that, not so long ago, cloud technology and artificial intelligence (AI) were widely touted as the technologies that would protect banks against the rising tide of fintechs, big techs, and the evolving expectations of customers.
Several big promises were made. Together, cloud and AI would enable dynamic, predictive applications that could replace static expert systems run locally. They would unlock great stores of data trapped in silos and share it across the organization. And they would enable the implementation of a new generation of analytical tools and practices enabling more and more employees to experiment with that data, identify trends and shorten both time-to-insight and time-to-market. The net result? Banks would be able to level the playing field.
Fighting fire with fire can often be successful. But it’s difficult to win battles for digital dominance with old-fashioned, inefficient, and expensive infrastructure. Particularly when your opponents are already using predictive insights as a basis for data-driven decision making.
Fighting fire with fire can be problematic in other ways too, like when you realize you’ve been sitting on a huge pile of nitrogen-rich fertilizer. Customer data, like fertilizer, can be used to nurture customer relationships and bring them to bloom. And when it is mishandled, it too can explode. Data breaches. GDPR violations. Public fines from regulators. Any such blast can devastate a bank’s cloud and AI initiatives and can reduce its age-old palace of customer trust to a smoldering crater.
Banks are aware of the risks. Information security, compliance and data protection departments are perpetually balancing the forces of change with the growing risks associated with making customer data accessible both across the organization and within multi-party ecosystems. Inevitably, this results in compromise. The bank’s commercial forces are frustrated by the slow pace of change and the imposition of risk-averse limitations that disable their data projects. On the other side, the bank’s guardians of data protection must deal with the uneasy feeling that Pandora’s box has been left ajar. That not all risks have been identified and eliminated, meaning a data related practice considered safe today could still self-detonate tomorrow.
With all this in mind, the news that the industry has an immense appetite to resolve these issues will surprise no-one.
On one side, pressure is mounting to further develop banks’ analytical capabilities and support the global processing of data by migrating more business applications into the cloud. At the same time, the opposing forces of risk mitigation pull just as hard in the other direction; an iron-rod of discipline that stands tall in every process involving the access, utilisation, and management of sensitive data, now and in the future.
The good news? These difficult circumstances put banks right at the cutting edge of innovation and in the albeit unfamiliar role of ‘early adopter’.
It is a massive and exciting opportunity for banks to lead.
All around the world, banks are working with startups, academic, and privacy technology providers to bring to maturity to emerging technologies that specialize in eliminating privacy related risk while negating the need to place trust in any third party (or parties) accessing and processing their sensitive data.
When harnessed correctly, these so-called emerging Privacy Enhancing Technologies (PETs) could allow banks to complete their digital transformation without jeopardizing either the trust of customers or their compliance to regulation. And emerging PETs are not just resolving the challenges ahead. They are enabling banks to gen-up and become specialists, enabling them to expose and mitigate previously unseen privacy risks within their existing processes before they trigger an unwelcome incident or start a chain reaction.
Mobey Forum has recognized early the potential of this new generation of emerging PETs to benefit both its members and the entire financial service industry. Last year it assembled and tasked an AI & Data Privacy Expert Group to dig into the subject, the technologies, and the prevailing strategic options for banks.
If you have already read the group’s first report, published in June 2021, you will be familiar with secure multi party computation, AI generated synthetic data, and homomorphic encryption (to name but a few). Since then, the group has been busy. At the last Mobey Forum Member Meeting in Helsinki, it brought an elite party of privacy technologists together with specialists from implementing banks, to reflect on how the industry can maximise value from PETs by combining the fortes of each to form an ‘analytical value chain’, or hybrid approach. This is the bleeding edge, and the field’s current direction of travel.
2022 will be the year in which PETs take flight. In response, Mobey’s AI & Data Privacy Expert Group is beginning with a report mini-series designed to present, in bite-sized chunks, a deeper dive into each PET. Our aim? To help the uninitiated develop a foundational understanding of each emerging technology, which can then support further independent investigation.
And this time, they have a real chance to succeed with AI and the cloud, despite the raft of contradictions and constraints that define their circumstances.
We open the series with Secure Multiparty Computation (SMPC) – a cryptographic technology that, when the legal conditions permit, allows different parties to jointly analyse data without sharing it. This technology promises to play a key role in the creation of multi-stakeholder ecosystems that create value from the decentralized analysis of joined datasets, without requiring the pooling of data.