We sat down with Ronen Cohen, VP of Strategy at Duality, to explore the critical intersection of privacy, collaboration, and security in the realm of financial institutions. Cohen delves into the challenges hindering secure data sharing, including resource constraints, regulatory compliance, and trust issues, while offering insights into the transformative potential of privacy-enhancing technologies (PETs) in combating financial crimes.
How can financial institutions find a way to securely share data and how might this lead to a decline in terror-financing, money laundering, fraud and other crimes?
To answer this question, it is first helpful to understand why they don’t share data at scale today. There are a few reasons for this, including:
Resource availability: Resource-strapped financial institutions will always prioritize their investigations versus helping others.
Regulatory compliance: Many countries make a distinction between sharing data about different types of financial crimes, and all must be done while complying with privacy and/or bank secrecy legislation.
Trust: There is a general lack of trust between financial institutions, especially between large and small ones, and between direct competitors.
When viewed from this perspective, privacy becomes an enabler for collaboration. Ensuring privacy is protected and utilizing technical governance to enforce privacy allows financial institutions to share data in a way that takes advantage of “privacy enhanced automation”.
In other words, financial institutions can collaborate at scale and in a regulatory compliant manner without increasing resources. Further, they can address blockers around trust because they can enforce what data is shared and how it can be used.
The way to achieve this level of information sharing is by utilizing “privacy enhancing technologies”, or PETs, which allow for insights to be derived from data across networks while ensuring the data and the participants are protected.
Based on Nasdaq's recent 2024 Global Financial Crime Report, what are the potential drawbacks of the idea that countering the complexity of financial crime demands the adoption of solutions like AI and data analytics tools?
Financial crimes are indeed becoming more complex and more globalized. AI and data analytics are only part of the solution, though. The average millennial couple in the USA has relationships with around 40 different financial services providers. What this means is that any given financial institution only sees a partial view of their own customers’ financial activity – and this is for “good” customers who aren’t trying to hide anything. As such, AI and data analytics are only as powerful as the data a financial institution has at its disposal, but the reality is that the data needed to prevent, detect, and investigate financial crimes requires data that is distributed across institutions and borders. For this type of data to be utilized, privacy enhancing technologies are an absolute requirement in order to achieve a complete solution.
How can the power of secure data sharing be harnessed to facilitate collaboration on highly sensitive data for the purpose of detecting potential red flags?
As stated above, each financial institution only has a limited view of their customers’ financial activity, and therefore a limited view of risk. Secure data sharing is the only way to facilitate collaboration across financial institutions (and even with the public sector) in a way that protects regulatory compliance, security and privacy, business confidentiality, and also provides the ability to scale.
As an example of the power of secure data sharing, we’ve worked with financial institutions who wanted to jointly build detection models while keeping their data private. Utilizing privacy enhancing technologies, we helped them train AI/ML models that helped them improve their model efficacy by 150%-300%.
Why must financial institutions ensure real-time encryption of data to adhere to privacy/security laws and maximize effectiveness?
Financial institutions can rely on a number of different privacy technologies, some of which are cryptographically based, in order to collaborate. However, in order to collaborate, organizations still need to comply with data privacy, data security, data sovereignty, and confidentiality laws (e.g., GDPR). In order to both share data and comply with privacy regulations, a combination of PETs and technically enforced governance are required. A good explanation of this was put together by the UK’s ICO, which shared:
PETs are linked to the concept of ‘data protection by design’ and are therefore relevant to the technical and organizational measures you put in place. They can help you implement the data protection principles effectively and integrate necessary safeguards into your processing.
PETs can help you demonstrate a ‘data protection by design and by default’ approach by:
Complying with the data minimization principle, by ensuring you only process the information you need for your purposes.
Providing an appropriate level of security.
Implementing robust anonymization or pseudonymization solutions.
Minimizing the risk that arises from personal data breaches, by making the personal information unintelligible to anyone not authorized to access it.