Frequently Asked Questions
Mostly transaction data. For new use cases we start with the use of synthetic data (fake data that resembles the real data in format and structure). Part of the research is on how to generate synthetic transaction data. This allows to verify and validate the technical approach and to make sure that the approach satisfies relevant regulations.
The types of data being used can vary per use case: transaction data, KYC-related data, etc. Usually, we start with an implementation at two or three parties and extend this to more parties in a later stage.
Input (transaction) data is never shared. During the computations, encrypted data is exchanged between financial institutions. Only the output is readable and used for further transaction monitoring or KYC purposes. The Financial Privacy Tech collaboration is all about finding ways to preserve privacy and still being able to fight financial crime.
It depends. Multi-Party Computation (MPC) is a decentralized privacy-preserving data analysis. Each party runs their own MPC node (potentially outsourced) to perform computations in collaboration with the other MPC nodes. The MPC nodes compute on parts of the data, need each other to perform meaningful computations, and collaboratively decrypt the result of a data analysis. However, in some cases the involvement of a third party is beneficial for technical or organizational reasons. This can be done in such a way, that the third party learns nothing about the data or the outcome.
Most use cases will add information to each individual organizations’ intelligence base. The results from the secure algorithms can be used as preselection or added information, on basis of which each organization can perform their own detection and/or prevention. The information resulting from a secure algorithm might lead to sharing pieces of concrete data (based on the outcome of the analysis) or adding the result of the analysis to business rules or machine learning models that run locally at each individual bank. In the end, a successful use case will ensure a better and more effective process of detecting financial crime.
Privacy Enhancing Technologies (PET) or Privacy-Preserving Analyses are a collection of technologies that allow to perform computations on data of multiple organizations while keeping the data confidential. One of the major technologies is Multi-Party Computation (MPC) (www.tno.nl/mpc), which is a ‘toolbox’ of cryptographic techniques that allows several different parties to jointly compute on data, just as if they have a shared database. Cryptographic techniques are used to protect the data, so it can be analyzed in a decentralized way that prevents the parties involved from ever being able to view other people’s data. The participating parties together determine who is allowed to view the outcome of the computation.
In this way, these technologies enable organizations to jointly gain insights on their data without having to share privacy or commercially sensitive information with each other.
Privacy-by-design comes at a price: the available computation time and hardware may restrict the suitable algorithms that can be performed in practical computation times. Academic research is continuously pushing the boundaries of the applicability of new privacy preserving AI. TNO, as applied scientific research institute, adopts new advancements from fundamental research and makes this available to industry and society. Also, in Europe, several MPC companies have started in the last 5 years, demonstrating that MPC is actually feasible in practice.
We start with exploring and further scoping the use case. This includes evaluating the (expected) value of combined data analysis, a legal exploration, and security and privacy requirements on the data. Given the use case, we will evaluate the technical options and pick and design the solution that suits best. Privacy is not something that can be easily added upon existing systems, but needs to be included in the design from the start.
Transaction Monitoring Netherlands (TMNL) is a nationally oriented Dutch initiative that centrally collects pseudonymized data to improve money laundering detection. It is and will be focusing on showing the benefits of sharing data and is operational since 2020. The goal of the Alliance is to enable innovative shared data analysis using Privacy Enhancing Technologies with an international scope. We develop new sets of algorithms for applications in fraud detection, AML and KYC from the idea phase until piloting phase with production data. TMNL is also interested in PETs and therefore participates in the Alliance.
In the project we actively seek to connect with PET companies offering their products to the financial sector for detecting financial crime. With a market analysis, interviews and demonstrations we aim to map out the current PET landscape and develop a vision on the future-proof upscaling of the use of privacy preserving technologies within the financial sector.