There are many reasons why financial institutions would want to collaborate on data. For instance because of the important role they are taking in fighting financial crime. However, sharing data in order to collaborate is difficult because of:
As a result, data sharing is often simply not happening with the result that institutions have their hands tied behinds their backs in their efforts to identify criminal activities. The question is, how do we break this paradigm? How can we enable cross-organizational data collaboration while preserving individual data sovereignty?
Multi-party computation is a potential solution for a number of typical data sharing use cases in financial services.
Secure Multi-Party Computation (commonly known as MPC) is a cryptographic technique that allows multiple parties to collaborate on sensitive data without the need to reveal their data source. It enables calculations on a joint data set, without parties exchanging or combining datasets. The data input from an individual party remains hidden from other parties and the result of the analysis is only known to pre-specified parties. With MPC, one can run computations on multiple data sources as if the data were centralized, without the data ever being brought to a central place. This makes it possible, for example, to combine data from multiple sources in an analysis, without the need to entrust this data to a “third party”, which can be highly beneficial from a data privacy/confidentiality and data security point of view.
Within the financial services industry, one can think of several use cases where multi-party computation can offer tremendous benefits. Previously impossible or costly data collaborations can now become reality, with more security, at lower costs and with lower legal hurdles. Some examples:
Cross-institutional transaction monitoring: especially for smaller banks, AML is a difficult topic. Spotting suspicious transactions in relatively limited data sets is challenging. Cross-institutional monitoring allows spotting patterns of transactions the criminal parties execute across multiple banks. Current initiatives on this, such as TMNL in the Netherlands aim to realize this. MPC technology would enable monitoring across data sets of different institutions, without centralizing the data.
KYC collaboration: KYC at the moment of onboarding and KYC maintenance are costly and labour-intensive processes. Institutions largely execute these processes in isolation (except for some countries where a KYC utility exists). What if institutions could collaborate. For instance, check whether the data that they have on a company matches the data other institutions have on the same company, without disclosing the records to each other? MPC enables this matching “in the blind”.
Collaboration on investigations: Suppose the AML monitoring generates a large number of positives. How do banks prioritize? Before starting a full investigation, it would be helpful to know whether that same client has also generated a positive hit within another financial institution. We can, and do not want to disclose all our hits openly to each other, but what if we could compare our hits “in the blind”. Banks can prioritize their investigations and can seek collaboration on those hits where they know another institution has also spotted suspicious behaviour.
Collaboration on sensitive data between financial institutions can be facilitated by MPC. The Roseman Labs Virtual Data Lake enables the easy and fast deployment of MPC for financial institutions. With the Virtual Data Lake, the proprietary information held by each party remains at the source, and only pre-agreed analytical outcomes are shared. The application of MPC through the Virtual Data Lake could revolutionise collaboration in financial services at a time when society heavily depends on financial institutions for fighting financial crime.