Data is the new oil. Most digital businesses today have been working to turn every bit of data they have into actionable business intelligence. After all, “Data serves as the oil that is running the wheel of current digital businesses”. In fact, Data Monetization is a huge topic with banks and lending companies looking to turn Big Data into new revenue streams (or to minimize cost), more personalized client solutions, to support new product offerings, and finally to manage business risk. Truth be told, the ‘Digital Era’ has taken over completely, and banks are looking at technology approaches ranging from API Marketplaces to advanced Data Science modeling to gain business value from this data.
Equally important to this data monetization strategy is a data protection strategy that keeps in mind factors such as data privacy, data security, data lineage, data governance, and more. This is especially important for banks which are entrusted as custodians of a huge amount of confidential, personally identifiable (PII). Banks have a responsibility as they think through their digital strategies to make sure the proper safeguards are in place to manage and protect this data.
One option for safeguarding data and minimizing fraudulent activity is using blockchain applications to address business use cases where fraud is prevalent because of the lack of visibility and transparency across distributed workflows. Blockchain enables these businesses to create an unchangeable, replicated, and distributed database that removes the need for data reconciliation and reduces fraud by giving real-time transparency into how the data is being used across the network.
The blockchain is essentially a database that runs software that validates and shares new entries with all participants. In simple words, blockchain is a technology that functions as a distributed database where each participant has a secure block representing data, linked together across a shared network. Blockchain, if leveraged in the appropriate manner has the power to enable a robust and highly-secure network that practically cannot be hacked.
To top it all, blockchain boasts of a tamper-proof and decentralized ledger system that enables the reduction of personnel and server costs and empowers informed decision-making. It may seem counter-intuitive that a decentralized, open-source code that is easily downloaded and could be run by anyone can actually help to support cyber-security objectives, but the blockchain being inherently and immutably secure, and supported by cryptography all helps to reduce fraud across the network.
For banks and lending companies, popular use cases that the industry has been exploring include mortgage financing and processing as well as managing syndicated loans.
A Comprehensive Risk Management Model
A best-in-class risk management program should look at all types of risk across the business including Market Risk, Credit Risk, Operational Risk and Finance/Treasury/Accounting Risk.
To reduce fraud, financial institutions and lenders need to focus on Operational Risk and to develop a comprehensive risk management model across their global businesses. This starts with business logic to identify and catalogue risks and to put a library of controls in place to manage those risks.
For banks and lending companies, this might be fraud risks during new account onboarding, as one example. Currently, most banks test these controls downstream at the second or third line of defense. If enterprise risk controls can be tested more upstream, this will dramatically enhance risk management across the enterprise.
Additionally, risk management approaches should include cryptographic systems. Cryptography on its own is a powerful approach which should be considered for any data security program. Cryptography allows banks to secure any sensitive information the end-user provides to avail a product or a service. Furthermore, it also safeguards transactions done by financial institutions to the highest level.
The information that is primarily safeguarded could vary from PII including PAN, Aadhaar, account numbers, payment, loan and deposit history and balances, card details to even court records and sensitive reports of users. Blockchain-based solutions go one step further with a unique architecture where encrypted messages are sent by the bank server to the user, and this message is decrypted by the users. The encryption and decryption are categorized by a secret key that all legal parties have to possess.
Utilizing technologies like the Blockchain and methods like Cryptography can in combination help to authenticate and verify transactions, maintain privacy, and allow participants to see only the parts of the ledger that are relevant to them while restricting any kind of third-party intervention in the data flows.
DigiLockers – The Digital India initiative
Document tampering risk is also a real concern reflected in India’s new government policies. Recently, the Government of India unveiled a new initiative called the DigiLocker – a document storage, verification, and utility service. The move is intended to eliminate the need for physical copies of important documents and to encourage digital processing of document-related tasks.
The DigiLocker is another example of an initiative powered by blockchain technology, and it can be used for any sort of document storage. Many financial institutions already are using DigiLocker for functions such as reviewing and centralizing documents for loan applications. Further, this technology can also simplify the work processes, along with safeguarding it.
Mortgage Laws and Regulations / Data Sharing Protocols
In order to avoid a data breach, it is important for financial institutions to focus on maintaining the security of clients’ confidential information. Regulatory bodies governing the Indian Financial Services space including the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Telecom Regulatory Authority of India (TRAI), and others have taken the onus to promote secure digital transactions in India. It is mandatory for financial institutions to cooperate and comply with regulatory frameworks provided by these bodies which could include adhering to guidelines and heavy penalties on violations. Nonetheless, compliance with each applicable law can be tough for lenders. Internal auditors can, therefore, help reduce this learning curve by implementing the most common compliance areas which intersect with different data privacy laws. Adhering to these privacy laws will eliminate the stress of getting into a legal fuss.
There are many approaches banks can and should be considerating to reduce fraud and minimize risk across their businesses. Emerging technology has a prominent role to play in shaping data security strategies as big data and data monetization business models put client data in the cross-hairs of potential fraudsters. Having a methodical plan for how to secure this data is crucial for financial institutions and may cut across different businesses and technology approaches ranging from risk management controls to a futuristic blockchain infrastructure. In any case, in the years ahead, banks and other lenders will need to look at new ways to build an enhanced, safe and secure business ecosystem.