Since financial systems deal with a vast amount of data, the privacy of users should be protected from private contracts, suggested T Rabi Sankar, executive director at the Reserve Bank of India, on Tuesday. “If I want to use a particular app, it can not be that I have to sign the terms and conditions of the app and that is the basic contract. We can not ensure privacy of an individual through such bilateral contracts, there has to be a clear law,” Sankar said, while speaking at the Indian government’s Raise 2020 Summit (Responsible AI for Social Empowerment, 2020). He was making his remarks in a personal capacity.
Sankar was speaking on a panel which was discussing how data and artificial intelligence can help the financial system, and he was joined by the likes of NPCI CEO Dilip Asbe, UIDAI’s Vivek Raghavan, and Mastercard’s Ashutosh Chadha, among others.
Framework to deal with data and AI in the financial services sector
In order to manage the huge amount of data that the financial services sector deals with, Sankar suggested that the following principles be adhered to, apart from ensuring data privacy:
1. Legality, transparency, efficiency of data sourcing
“The basic principle should be that there is a clear legal protection to a data creator when that data is used. When I put my photograph in, let’s say, a social media platform, how to ensure that that photograph is not misused for illegal activities, should basically be provided in law, particularly when the data creator is an individual,” Sankar said.
“Most data used today is based on contracts, but that can’t be the basis for use of data, if you really want privacy at the end of the day. You can not base legality of data on the small print that no one can read, on contracts that very few of us understand. Clear legal provisions are important”.
2. Integrity of data collected
The data must be explicitly legally collectible, and law must provide that that data is collectible, he said. “Law may not provide in full detail, but it should lay down the basic principles, and the consent regulators can specify which kind of data can be collected, used and processed. All data collected must be verifiable. Anyone who processes data, be it businesses or the government, should be able to establish the process through which that data was collected, and it should be sanitised of privacy implicating features. If any aspect of that data can affect the privacy of a person which is otherwise protected,” he suggested.
3. Responsible and accountable data access by government and businesses
All data access must maintain 100% audit trail, for any purpose whatsoever. “What steps the data went through, what modifications, processes it was put through. There is a huge amount of data which is good for businesses but, given the risks to privacy of the individual, the process followed to use that data must be clearly recorded, and it should be auditable,” Sankar said.
He also said that there should be protection from “black box ignorance”, which basically means that humans should never be allowed to delegate an issue to machines, especially when something goes wrong. “At the end of the day, machines do what they are instructed to do in one form or the other,” Sankar said.
4. Could we put in place an organised data monetisation framework
All data monetisation should be made legitimate only on the basis of ‘value can only be received if value is paid’ principle, he said. He illustrated by saying that, “I was reading a book sometime back, which said that if a company is worth $50 billion, then that $50 billion is the difference of data that it has sourced from its users, and the value it has not paid those users”.
How tech can be used in the financial services sector
Sankar acknowledged that the massive generation and availability of data, and the “unimaginable” improvement in computing power, and the reduction in computing cost has aided technology adoption in the financial sector. Areas where technology can help:
- Fraud detection: “Yes, computers can themselves make decisions and that has already come into the financial sector, largely in the area of customer service. One of the areas where we have also done something is in terms of fraud detection, where we [RBI] have recently issues some instructions on positive pay in the cheque truncation system. The days of processing cheques physically is completely over, and a few weeks ago we have completely shifted to a cheque truncation based settlement of payment of cheque,” Sankar said, highlighting how the central bank has used technology to automate cheque processing.
- Following laundered money: Similarly for money laundering, the availability of data, and the availability of funds flow, so much of data and so much of computing power should help substantially in identifying trends in the movement of money which is key to identifying money laundering, Sankar said. “The Central Payment Fraud Information Registry we have put in place. Once enough data is collected over a period of time, it will eventually enable prevention, reduction, and early detection of fraudulent transactions in the financial system,” Sankar said.
- Robo-advisory services is clearly an area which has a lot of potential, Sankar said, but cautioned that “I have not experienced it myself, but from what I’ve talked to certain people, it works reasonably well. My experience with my banker’s chatbot, and it’s a well known private sector bank, hasn’t been great. It keeps telling me is this the question you want to ask, and if I say no, it goes back and tells me to ask the question again”.
- Credit assessment: AI can help in “good improved credit assessment of the borrowers to the extent that one can envisage going forward at some point of time in the future that the credit risk premium, that adds to the cost of borrowing, the interest rates can be minimised there, which will have a secular impact in bringing borrowing rates down,” Sankar said.
- Geo-tagging touch points: Another area on which there could be further development is geo-tagging of touch points. “This is extremely crucial for financial inclusion because this data can help the drive to cover uncovered areas for financial access. And, also device very region and culture and geography specific strategies for digitalisation of payment transactions. So products can be far more adapted to the local lifestyle to improve their chances of success,” he noted.
- Data a ‘national resource’, confident the govt will introduce ‘sound’ data regulation framework to protect it: Mukesh Ambani
- UIDAI, NPCI piloting face authentication for Aadhaar