Waters Wrap: Will privacy-enhancing tech for the back office fall flat?

When it comes to innovation, how does one recognize the difference between a hammer-looking-for-a-nail “solution” and something revolutionary? That’s a question that likely many a back-office professional has asked themselves in recent years. (And if they haven’t, I’ll use the question as a writing device, anyway.)

Of course, there’s distributed ledger technology. Five years ago, it was like when Lyle Lanley came to Springfield on the Simpsons—“MONORAIL!”, except it was, “BLOCKCHAIN!”. (Does that reference date me?) Today, there are use-cases, but the luster has certainly diminished in the eyes of many.

And it’s not just blockchain. How many firms are touting themselves as machine-learning magicians in the back office, but those claims of sophisticated ML are more for marketing than function.

And then there are these things called privacy-enhancing technologies. Pets, as they are so cutely called, allow financial institutions (in theory) to share information, and make computations and reconciliations on data without having to decrypt it. This group of tools includes things like homomorphic encryption, secure multi-party computation, trusted execution environments, zero knowledge proofs, federated learning, and confidential computing.

I bring this up because two weeks ago, Jo Wright wrote about a new bank consortium post-trade project underway that’s being led by Societe Generale.

For the project, dubbed Danie, SocGen is teaming with eight banks. Danie is using a Pet developed by Intel in the field of confidential computing, an execution environment that is a physical piece of hardware known as a trusted enclave. It uses Intel’s Software Guard Extensions, which is a set of instructions built into a CPU that allows users to partition regions of the CPU as something of a black box. As a result, users can perform know-your-customer (KYC) and anti-money-laundering (AML) tasks using data that can be decrypted in a secure environment but remain invisible to the operating system.

“Because all the operations that [Danie] does are happening in an encrypted environment but on decrypted data, we have much more flexibility in terms of operations than we would with pure cryptographic protocols. It’s also orders of magnitude faster,” said Bertrand Foing, cofounder of Secretarium, a startup that was grown in SocGen’s incubator, and which is supplying the tech around Intel’s confidential computing environment.

As Jo explains in the story, Danie was grown out of another consortium project that was built using a blockchain, but SocGen splintered off and ditched the idea of a blockchain because they believed the tech to not be scalable enough for their needs.

There are legitimate questions as to whether this “Pet” project will succeed where others have failed. As Josephine Gallagher wrote a year ago, some believe that bleeding-edge tech won’t solve the ills that hinder the back-office, especially when it comes to financial crime.

“I’m not a naysayer of privacy-enhancing technology, but I do wonder whether we are proposing solutions—could we actually get to a solution from a different direction by adjusting regulation?” said Tom Keatinge, director of the Royal United Services Institute.

And the reason it’s so difficult to use Pets in the back office is because of the prevalence of legacy systems and an accumulation of technical debt, said Andrea Sharrin, managing director of financial crime for the Americas at Barclays. “I often say it’s almost easier to build a bank from scratch than it is to try to overlay some of this [privacy-enhancing technology] on existing platforms,” she said.

The fact is that Pets are not a panacea for decades of neglect in the back office. (And I think that SocGen and any other firm using a Pet or blockchain or ML would agree with that statement.) The problem is that there’s so much technical debt accumulated that it’s hard to see a way through the weeds of legacy platforms tied together with patchwork tools. As a result, the idea of a revolutionary tech like blockchain, machine learning, or any of the assortment of Pets becomes all too enticing, but they don’t address the root issues that are leading to decay in the back office.

The Danie project is certainly interesting, and if it works, it will be revolutionary. But as of right now, only one bank, SocGen, has come forward to put its name on the project publicly. For this to work, there needs to be massive buy-in. It’s the problem with every consortium, but it’s especially true here: the data is what’s known as low entropy, or data that provides lots of potential to predict generated values, thus making it easier to guess what data has been encrypted and who provided that information. So you need a lot of institutions on the platform to guard against data leakage.

As I understand it (and I may be off here, so just let me know), but as a hypothetical, let’s say that my institution is based in South Korea and yours is in Switzerland. The Swiss have notoriously high standards when it comes to data privacy, so your regulator won’t allow you to share certain information, while my regulator is OK with me sharing a bit more detail. But if we put this info together, it will be easy to see who provided which datasets. So not only do you need dozens—if not hundreds—of banks participating, but you would need, say, sets of five banks, at minimum, from all the various regions so as to make it more difficult to decode who is providing what info.

So the fundamental question: do we need bleeding-edge tech to improve back-office processes for things like AML and KYC, or do we need global regulators to come together and make exceptions, or carve-outs, for data that can be shared and not violate statutes like the General Data Protection Regulation (GDPR)?

I’m not sure what the answer is, but I do believe that firms need to better understand their technical debt and how to unwind their legacy systems and tools before worrying about leapfrogging the dirty work to get to “innovation.” As Marge Simpson once famously said, “I still think we should’ve spent the money to fix Main Street.”

Think I’m wrong? Let me know: anthony.malakian@infopro-digital.com.

The image at the top of the page is “Boat Builder” by John George Brown, courtesy of the Cleveland Museum of Art’s open-access program.