Every year, as Data Privacy Week sharpens the focus on protecting personal information, I’m reminded of a customer event a major North American bank hosted at SAS world headquarters.

The bank’s chief data officer led a roundtable discussion on generative AI (GenAI) with a group of esteemed data and AI experts. The discussion centered on the technology’s cross-industry impacts and how those responsible for implementing GenAI are addressing its inherent challenges.

The CDO was quick to emphasize the bank’s obligation to safeguard its customers’ data and use it responsibly as part of the bank’s broader commitment to AI ethics. The ethical use of data and AI is “table stakes,” he said.

“That’s nonnegotiable for us because, as a financial institution, we’re fundamentally in the trust business,” he shared. “People trust us with their data. They trust us with their financial information.”

To him, his team and everyone else at the bank, that means using AI technology – and the customer and other data that fuel it – in “very narrow ways that would never put customer trust at issue,” he said.

This CDO is not alone in these sentiments. A recent GenAI study by SAS and Coleman Parkes found that banking leaders’ foremost concerns in using the technology are protecting data privacy (cited by 74% of survey respondents) and security (71%).

And banks aren’t the only financial services organizations in the “trust business.” The same can be said of credit unions, insurance companies and other financial institutions.

With this in mind, I gathered insights from several SAS experts – and added some of my own – offering perspectives on data privacy for financial services leaders. What’s top of mind? Let’s dive in.

There is no data privacy without good data governance

Perhaps I’m stating the obvious here, but it’s worth repeating with sage advice from the woman who literally wrote the book on using AI in risk modeling.

“Financial services organizations must delve deeper into the importance of integrating AI into existing systems within context while aligning with an enterprise AI strategy underpinned by robust data governance,” said Terisa Roberts, Global Lead for Risk Modeling and Decisioning at SAS and author of the book Risk Modeling: Practical Applications of Artificial Intelligence, Machine Learning, and Deep Learning.

“They must also consider the broader scope of GenAI use cases beyond large language models while remaining good stewards of precious customer data,” continued Roberts. “Effective applications of synthetic data generation, for example, could help insurers optimize pricing, reserving and actuarial modeling – or help banks fortify fraud detection and enhance the fairness and accuracy of their credit risk models – while also strengthening data privacy.”

Swimming in data, yet not a drop to drink

While data quality is not directly a "data privacy issue" in itself, the two issues are closely intertwined. Poor data quality can significantly limit an organization’s ability to protect customers’ personal information, a crucial factor in ensuring compliance with data privacy regulations like GDPR.

According to the latest estimates, more than 400 million terabytes of data are created each and every day. That’s a mind-blowing figure. What are the implications for insurance and banking leaders?

“The explosion of customer data is both powering – and, in some ways, overpowering – the insurance sector,” cautioned Franklin Manchester, Global Insurance Strategic Advisor at SAS. “While insurers are awash in data like never before, many of them recognize they still have a ways to go in terms of having clean, reliable data that they can effectively manage and protect. For those insurers, from a reputational risk management perspective, the downside of trying to extract value from their customer data outweighs the upside. But for those firms that overcome their data and AI maturity challenges, the potential rewards are great. Recent research by IDC and SAS revealed that 50% of surveyed insurers ‘expect up to two times, and 41% over three to four times,’ return on AI investments.”

Insurers are not alone in their data quality and integrity challenges. Banks face similar struggles with incomplete, inconsistent and inaccurate data that can threaten data privacy.

“Banking is highly regulated and extremely risk-focused, where there are very complex problems to solve with high consequences for failure and very low fault tolerance,” said Stephen Greer, Advisory Industry Consultant in Financial Services at SAS. “In matters of data privacy, the consequences for lax data management can be steep. About half of all active MRAs [Matters Requiring Attention] in the US are for operational risks, a category where data management plays a large role.”

In the AI age, there’s no shortcutting data management. To optimally bolster data privacy, SAS advocates for a responsible data management framework that:

1. Ensures operational readiness controls and governance structures are in place;
2. Quickly escalates and remediates issues as they occur; and
3. Complies with all local regulations around the handling of sensitive data.

Can you put a price on data privacy?

This next perspective comes from Alena Tsishchanka, Senior Insurance Practice Leader at SAS, who offered this prediction late last year as SAS thought leaders shared their annual forecasts:

“In 2025, insurers intend to offer a bold new model: ‘Data for discounts.’ Customers who opt-in will share personal information like health metrics, driving habits and spending patterns with carriers, who will fine-tune risk profiles to offer hyper-personalized pricing. For consumers who consent, lower costs await – but costs could climb for the privacy-conscientious. When the choice between data sharing or protecting private data directly impacts coverage affordability, consumers, carriers and regulators will have to decide: Can you put a price on privacy?”

No doubt that putting consumers to a decision between policy price and the risks of sharing personal data will come with incremental regulatory scrutiny. Nevertheless, these programs will provide consumers crucial choices regarding their data privacy, a trend that has been gaining momentum in financial services and beyond for some time.

And the question about putting a price on data privacy? While written for an insurance audience, it is equally pertinent to banks and other financial services firms. Leaders across financial services already know the price of data privacy is much more than the dollars and cents of protecting and adequately managing and governing customer data – or the fines and reputational damage incurred when data privacy is breached. Falling short of customers’ expectations in this area comes at the cost of trust that, once lost, is exceedingly hard to earn back.

The critical role of synthetic data in protecting data privacy

As Roberts noted, synthetic data generation is an aspect of GenAI that can help financial services organizations bolster data privacy. In fact, synthetic data generation has emerged as a game-changer in safeguarding sensitive information while enabling innovation.

Harry Keen, a synthetic data expert at SAS, put the technology into perspective:

Working with synthetic data? Ask these 6 questions first

“Many organizations already have stores of data that are critical for driving innovation with AI. But often that data is difficult to use securely because of its sensitive nature. That’s when organizations may turn to synthetic data – artificially created data that’s based on real-world datasets. Synthetic data puts a stop to the battle between privacy compliance and AI innovation.”

Brett Wujek, Senior Research and Development Manager at SAS, added additional context:

“Organizations need data to feed AI. However, very often organizations are restricted from using the data for AI development because of privacy issues. With synthetic data generation techniques, privacy concerns can be avoided by generating highly representative data that cannot be traced back to the real data. Moreover, synthetic data can be used to attain balance among all represented groups, which is critical to ensuring AI models are fair and unbiased.”

One area where financial services firms can immediately benefit from using synthetic data is marketing, according to Jonathan Moran, Head of MarTech Solutions Marketing at SAS:

"Marketers are drowning in data, but privacy concerns can restrict how they use it to help personalize and target customer communications. Synthetic data can help marketers expand customer audiences, augment data sets, and develop accurate and effective AI and machine learning models without exposing private, identifiable or restricted information, therefore mitigating risks associated with real data."

Whether synthetic data is used for innovation, marketing, or financial crime detection, where modeling on rare events has long challenged financial services firms, synthetic data will secure a significant role in both the AI and data privacy landscapes.

Making data-sharing a win-win

A parting thought: When banks and insurance companies ask their customers, context is everything. What’s in it for the customer?

SAS research shows that data sharing can be a win-win for consumers and financial firms alike. For example, SAS’ Faces of Fraud consumer fraud study found that, among 13,500 people surveyed, 70% were willing to share more personal data with service providers to boost fraud protection.

In the realm of credit underwriting, a small but growing number of people are actively sharing their rent and utility payment data to build their credit scores. Increasing the collection and use of “alternative data” of this kind is a trend that could help increase global financial inclusion.

Safeguarding customers’ sensitive data with robust security and governance is always first and foremost. But finding and focusing on customers' benefits is also essential to creating data-driven service and decisioning models that foster trust and loyalty across the business.

Data privacy for the win!

This article was originally published on Finextra and is republished here with permission.

Read more stories from SAS bloggers on data privacy

Share

About Author

Stu Bradley

Senior Vice President, Fraud and Security Intelligence Practices, SAS

As Senior Vice President of Risk, Fraud and Compliance Solutions at SAS, Stu Bradley leads a diverse team of 700 technology and domain experts in more than two dozen countries in the Americas, Europe, the Middle East, and Asia-Pacific. He and his team help commercial and public organizations leverage the most advanced analytic technologies in the arenas of risk management, AML/CFT compliance, financial services fraud and financial crimes, government benefits program integrity, tax compliance, and public security. Bradley’s risk management and anti-fraud career spans more than two decades. Since joining SAS in 2009, he has served in leadership roles advancing the Risk and Fraud portfolio across four main pillars: Risk Management, Industry Fraud, AML Compliance, and Public Security. He’s declared it his personal mission to help organizations implement a modern approach to stopping crime before it happens.

Leave A Reply

Back to Top