Other parts of this series:
In the previous blog in this series, we looked at the business case for financial institutions to share customer exit data. Innovative technology solutions can help align a data sharing framework to any operating model that balances data protection and financial crime requirements.
The technology framework can be built around the following roles:
- Contributors: These are organisations that share data into the distribution network.
- Subscribers: These entities are organisations that can access and/or view data from the distribution network.
- Stewards: These are organisations that prescribe components of the data sharing framework, includes data sharing principles, conformance of alignment to regulation, and incentive schemes.
Participating organisations can play any or all the above roles. The technology solution itself should be built around considerations including:
- Data Access Structure/Protocols – These are parameters that help define key concerns.
- Who can access the data? Do all subscribers have equal access to all data shared into the network? Will access also be driven by the purpose for which a data request is made, such as for execution of regulatory duties?
- What data can be accessed? Will personally identifiable customer data be shared with all subscribers? Will any critical data element be masked? Is access likely to be restricted only to outcomes of data analysis, driven by risk typologies?
- How can data be accessed? A role-based access matrix can be deployed to authenticate and authorise users who interact with the data sharing network. This should cover qualification both of users sending data into the network and accessing data from the network.
- Incentivisation approach — The effectiveness of any data sharing network relies on the ability to define, deploy and maintain a meaningful incentive model, balancing these elements.
- Contributors should be convinced they gain value from sharing data into the network. This value could be delivered through higher levels of access proportional to the volume and/or quality of data provided, or through fee-based access.
- Subscribers should be convinced they gain incremental value from accessing data from the network and that the data access protocols are fair.
There are alternative technologies and solutions that help in solving the data sharing problem. They could be deployed both on-premise or in the cloud. These decisions should be forward-looking to justify the investments required. Innovative technologies include:
- Homomorphic encryption: The whole record is encrypted and unauthorised access to the record causes immediate destruction of the information contained. This all-or-nothing approach may be applied if the data enquiry is focused only on checking the existence of an individual and/or entity in the records.
- Critical data element encryption: This approach requires a selective encryption for specific data elements which can differentiate between highly sensitive data elements and other data points. For some use cases, data points like names, dates of birth or government identification may not be even necessary for data analytics.
- Distributed ledger technologies: A longer-term view would also consider the use of these technologies to share the data and allow for a more granular accounting of the activities and volumes of data accessed and/or shared with the contributing institutions.
In the last blog of this series, we will look at how financial institutions can share customer exit data responsibly.