Going further in data sharing thanks to PETs


Last year at Sibos 2020, Cécile Bartenieff – COO of Global Banking & Investor Solutions – presented Societe Generale's goals regarding Privacy Enhancing Technologies (PETs) with particular emphasis on the DANIE project initiated by Societe Generale and involving numerous banks and data providers. One year later, it is clear that the subject has matured significantly. In fact, it is more relevant than ever, with an increasing number of use cases in the banking sector.

Privacy Enhancing Technologies encompass all the solutions that allow sharing with peers and collaboration on client data, while ensuring the security and anonymisation of this data. Societe Generale is particularly involved in this area as part of the DANIE project which was launched in 2020 at the initiative of the Group and described here by Cécile Bartenieff.

The DANIE project, an initiative bringing together banks and data providers

This project unites a growing number of banks and data providers who are working together to develop an innovative solution that helps improve data quality, reduce costs and set standards for exchanging the data needed for transaction processing, risk management and regulatory reporting.

Thanks to this cooperation, it is now possible to share KYC-related data in order to identify any inconsistencies in the information provided in an automated, anonymised and encrypted way. A data quality report is issued in less than a minute, saving time and boosting reliability. The whole process is possible without a trusted third party thanks to a decentralised infrastructure developed by the London-based fintech Secretarium.

More and more use cases for PETs in banking

Since its launch, the DANIE project regularly on-boards new financial institutions interested in trying the platform and the number of use cases is increasing in all areas of banking. In 2021, new proofs-of-concept were rolled out, focusing on sharing and assessing data quality for KYC and AML processes. As the driving force behind the project, Societe Generale's teams were among the first to populate it with their data, following approval by the various departments concerned (IT, legal, compliance, cybersecurity, etc.). 

In view of the success of these first collaborations, other use cases are under development, particularly in the fight against organised crime. It's true that it is often impossible to detect certain types of fraud or combat money laundering alone. It is by cross-referencing information that is currently sparse ‒ because it is held by various banks and institutions ‒ that we will be able to truly improve our effectiveness.

Greater collaboration between peers and with public authorities

More broadly, this topic is becoming more and more important to other stakeholders (regulators, law enforcement, fintechs, research centres, think tanks), and Societe Generale's teams are regularly called on to share their experience in this area and to promote the DANIE initiative. 

Another example of the growing interest in this area is that PETs even made the list of the top strategic technology trends of the year identified by Gartner in early 2021. The stakes go far beyond banking and finance, extending into healthcare, aerospace, defence and more. There are numerous fields in which these technologies are or will be playing an important role. 

Still, these technologies are particularly relevant to the banking world, as they pave the way for more exchanges and pooling with other banks and financial institutions as part of increasingly open architectures. In many use cases, the pay-off will be efficiency gains and lower costs. 

Building a secure and anonymised framework for clients

Some countries are really driving the issue abroad. One example is the Netherlands, where local financial institutions already share their data with each other under the aegis of the regulatory authority. Such systems are also being rolled out in Scandinavian countries and in the United Kingdom.

While these collaborations are necessary, they can only be carried out within a framework that ensures the complete security and confidentiality of client data. What's more, this requirement has only gotten stricter since the entry into force of the GDPR. Future advances in PETs, notably through the progress of machine learning and data encryption and anonymisation solutions, will therefore be crucial to enable further sharing and collaboration. 

By 2025, 50% of large organizations will adopt privacy-enhancing computation", i.e. will protect data in use while maintaining secrecy or privacy, "for processing data in untrusted environments and multiparty data analytics use cases