On May 6th, hosted by Hashpower Think Tank, co-hosted by the Big Data Center of Shanghai Modern Service Industry Federation, and supported by Privacy Computing Alliance and Lingyu Open Source Community [Post-Regulatory Era, Opening up a New Paradigm of Financial Data Compliance and Governance] Hashpower " The "private" salon has come to a successful conclusion. Experts and business representatives from the financial and technology industries conducted in-depth discussions on data governance and regulatory compliance issues in financial scenarios, clarifying the triangular game and coordination of regulation, technology and law, aiming to further promote the ecological perfection and healthy development of the financial data industry .
In the era of digital financial regulation, data is not only the core asset of financial institutions, but also an important basis for regulators to make regulatory judgments and take corresponding regulatory measures. With the implementation and implementation of basic data legal frameworks such as the "Network Security Law", "Data Security Law" and "Personal Information Protection Law", data governance has become a "must-have homework and important examination questions" that all walks of life have to face .
In 2022, with the implementation of the latest "Credit Reporting Business Management Measures" and the promulgation of multiple paper documents and policies by the China Banking and Insurance Regulatory Commission, financial institutions ushered in the "most stringent in history" post-regulatory era, and the data governance of financial institutions Ability puts forward higher requirements. Under the "heavy code", many financial institutions have also tasted the bitter fruit of "data violations". High fines followed one after another, and the lack of data governance capabilities was fully exposed. Obviously, the issue of data security and compliance governance is no longer just an "instrumental empowerment" for the digital transformation of financial institutions and cost reduction and efficiency enhancement at the business level, but has become the "lifeblood" that is critical to the longevity of the foundation. In this context, how can the financial industry "reform in time" and find the "best way out" for data security and compliance governance?
Is data an asset or a liability?
Data governance capability is a watershed
Under the double drive of regulation and business, the data governance of financial institutions has to face the difficulties.
Liu Shiping, a professor at the University of Chinese Academy of Sciences, director of the Financial Technology Research Center, and chairman of Gibec, mentioned in his keynote speech "Data Governance Empowers Inclusive Finance" that data governance is the basis for realizing the digital transformation of financial institutions and a must for the digital transformation of banks. through the road.
Liu Shiping mentioned that if the data cannot be effectively managed, not only will it not become an asset of the enterprise, but it may become a burden for the enterprise. Data governance is an important measure to effectively manage enterprise data. It is of great significance to improve the efficiency and innovation of enterprise business operations. Ability to manage decision making and other value.
"The digital transformation of banks is the main starting point to promote the transformation of the banking industry from high-speed growth to high-quality development. It can promote banks to expand new businesses, tap new momentum, improve service capabilities, and improve the efficiency of operation and management. In this process, there is no data governance. , so we can’t talk about promoting the construction of digital banks.” Liu Shiping believes that only by doing a good job in data governance can we carry out accurate customer marketing, risk management, operation management and realize the process of deepening from data to value. The key elements of data governance are to build a unified data governance structure, formulate systematic systems and standards, and empower businesses to maximize the value of data.
Compared with other industries, the financial industry has its own natural particularity. The data volume is huge, the data structure is complex, and the data is highly sensitive. It often involves personal behavior data and credit information, so the difficulty level of data governance is also increasing. Gao, how to effectively activate the "data gene" of the financial industry?
Lin Jianan, deputy general manager of Ant Group's Digital Financial Risk Management Department, delivered a keynote speech on "Data Security and Sharing Balance in the Financial Sector", saying that the production of alternative data comes from scenarios, and there are constant changes in scenarios and new scenarios. The demise of old scenes determines that not all data can appear in a standard form.
"Privacy computing technology can achieve a balance between privacy protection and commercial value protection, thereby breaking through the data islands brought about by removing commercial barriers to a certain extent; but if there are many privacy computing platforms and different standards, new data islands will be formed. For data Users will always have a higher cost.” Lin Jianan hopes that through technology integration and business cooperation, on the premise of legal compliance, the circulation of data value between different institutions and technology platforms can be achieved, so that data can be used efficiently. The level of inclusive financial services has been improved.
Wu Zushun, general manager of the Market Cooperation Department of Shenzhen National Financial Technology Evaluation Center, also believed in the speech "Financial Technology Evaluation Helps Financial Data Security Sharing" that private computing is the main technical means to achieve data security circulation and sharing, and it is moving towards multi-party secure computing and federated learning. The development of the combination of trusted execution environment and blockchain technology.
"Different technical routes make it difficult for privacy computing platforms to achieve interconnection, which leads to data sharing from data islands to data archipelagos." Wu Zushun believes that financial industry standards provide normative guidelines for financial applications of technologies such as multi-party secure computing and blockchain. Financial technology assessment is an effective means to promote the implementation of financial industry standards.
Referring to the role of privacy computing in data governance, experts from Blue Elephant Zhilian said that there are still a lot of obstacles in the flow of data. Privacy computing technology is the premise and necessary premise to ensure that data can deeply exert business value under the premise of protecting privacy, safety and compliance. The data circulation of business departments; the sharing of blacklists among financial institutions may become possible; the connection between financial institutions and external data and the construction of an ecosystem of data elements can greatly improve the business data capabilities of financial institutions. Through data construction Competitive barriers to create more possibilities.
Strong regulation will benefit the market in the long run
, but regulatory details need to be further clarified
In the era of digital economy, those who get "data" can get the world. As the popularity and importance of "data" continue to heat up, the number of data security incidents is also rising simultaneously. After the barbaric growth, there will be supervision. At present, the post-financial regulatory era of "data-based, strict regulation is becoming more and more normalized" is coming.
Talking about the impact of regulation on the industry, the guests participating in the topic discussion agreed that regulation is good in the long run.
Shi Xingtian, senior director of data at ZhongAn Insurance Data Technology Application Center, said that regulation has put forward higher requirements for institutions in terms of user privacy protection, data use, and cooperation. With the deepening of supervision, industry bubbles can also be squeezed out, which is conducive to the ecological development of the industry, and it is a very good opportunity for licensed institutions.
"In the short term, strong regulation has had a certain impact on organizations' businesses such as customer acquisition, media cooperation, and user privacy authorization. At present, everyone is more cautious, so slow execution efficiency has become a big problem." Shi Xingtian said that in the fast-paced operation In an environment with fast iterations and continuous innovation of models, data security involves business backstage and operation managers, who takes the lead and who is responsible. Organizations need to coordinate a link between data security and use. Looking forward to more valuable practical cases in terms of industry and supervision.
Chen Lei, vice president of Xinye Technology, believes that the successive introduction of regulatory policies has set benchmarks and drawn red lines for the complex data circulation market. At the same time, the promulgation of the "Credit Management Measures" has a greater impact on the industry.
"The "Measures for the Administration of Credit Investigation" requires that alternative data be included in the supervision and must be accessed from credit agencies, but the credit agencies have not yet fully covered the relevant alternative data." It will take a certain amount of time to gradually complete it. In addition, the main coverage of data by credit agencies will bring new opportunities. For example, it is more likely to form industry-standardized data products based on multiple data sources.
An Li, deputy director of the blockchain products of the open platform of the Jiama Business Department of OneConnect, said that the regulatory policy has put forward specific requirements for digital transformation. He also mentioned that data transformation is mainly reflected in the use of data to open up data collaboration between people, institutions and institutions, and people and institutions. Especially for collaboration between domestic and overseas financial institutions, different technical architectures and regulatory systems need to be considered, and data transformation is a rigid requirement.
Wu Wanda, head of data science at Relais Intelligence, believes that regulation is good for data governance and the privacy computing industry. One is to standardize the order, which is conducive to the compliant circulation of data; the other is in the field of privacy computing, which greatly promotes the development of the privacy computing industry and taps the underlying value of data.
User authorization is the biggest problem for organizations,
and regulation is still the last mile
The digital transformation of the financial industry is the general trend. From the current point of view, what are the main difficulties and bottlenecks in data governance of financial institutions?
Under the new regulations, how do institutions balance regulation and business? Crossing the river by feeling the stones is the common mentality of the guests participating in the discussion.
"We found in data governance that the role of the data owner, that is, the data subject, is out of position, and it is impossible to grasp the whereabouts of the information. It is recommended that financial institutions, data providers, platforms, and technology parties seriously consider how to deal with the data owned by the data subject. Realize I am the master of my data, authorize the data through the mechanism, and let the data subject participate in it." An Li said that industry practitioners should establish a consensus to jointly promote the implementation of regulatory enforcement rules.
Wu Wanda said that after the introduction of the new regulations, the banking compliance department (legal affairs) is mainly on the sidelines with caution, and the industry expects more practical cases to provide strong reference. In addition, the new regulations have had a greater impact on the original data collection and use authorization links of various institutions, and the failure of individual scenarios is a major dilemma at present.
"Currently, there are certain differences in the requirements of various regulatory agencies. Under this premise, the application of privacy computing needs to be carried out under the framework of laws and regulations, such as obtaining user authorization." Wu Wanda mentioned that Ruilai Wisdom has cooperated with law firms from At the level of laws and regulations, customers are provided with a complete set of interpretation of compliant authorization links, which realizes the compliance of privacy-preserving computing applications.
Chen Lei believes that the data ecology is complex, and the data of the same organization is also uneven. How to better adapt to supervision, first of all, it is necessary to do a good job in data classification and classification. The second is that a professional team is responsible for data collection, improving compliance capabilities and automation capabilities.
Experts from Blue Elephant Zhilian also believe that the completion of platform data closure within the enterprise is very helpful to data governance. At the same time, it is mentioned that whether the docking of the privacy computing de-labeling level is included in the supervision needs to be further clarified.
"Based on compliance requirements, the financial industry involves many regulatory applications. In the long run, the standardization of financial regulation is a necessary and necessary project. However, limited by the initial stage, this road is still long. Regulators, The regulated parties need to constantly adjust and try, and finally find a correct path." Shi Xingtian said that financial institutions have many problems with their historical data, and the standards for reporting data need to be unified. Finding the balance between the two is also a difficult problem at present. .
Under the new regulations, Anli said that at present, try to choose to walk on the rocks out of the water, to avoid regulatory risks to a certain extent; or build a bridge, by establishing standardization, improving technology, and forming a consensus with regulation; Legs should be longer, improve applicability in data application and other aspects, increase verification mechanism, and be able to self-certify innocence.