How to ensure compliance and privacy in AI-based digital banking solutions

AI-based financial solutions face many compliance and legal requirements, especially when dealing with sensitive personal banking information like account and credit card numbers.

Having an AI chatbot that provides precise, customer-specific responses, is extremely important. We’ve already seen how AI is changing how people interact with their providers in the insurance and banking sectors. General-purpose AI models, such as OpenAI’s ChatGPT, aren’t designed to meet the individual compliance aspects needed in specific use cases. This is why, at Netcetera, we’ve built our own AI-enabled chatbot that enables bank clients to interact with their financial data both effectively and securely while staying fully compliant.

There’s also potential for integrating an AI compliance agent. AI-based agents can make a chatbot even better at handling complex privacy challenges. This integration would not only improve compliance but also add an extra layer of security, making sure that every interaction remains within privacy regulations and standards.

Other legal requirements, such as making sure there’s secure access to sensitive financial information, must be addressed too. In addition to compliance requirements, an AI-based agent must therefore align with frameworks, such as PSD2 (Payment Services Directive - a European regulation for electronic payment services). This is a prime example of security supporting AI use in action. It would make it highly proficient at spotting situations when authentication is required, like when a customer requests to transfer money.

Depending on the preferences of the financial institution or customer, this might also involve validating a customer’s identity using advanced methods such as FIDO (Fast Identity Online - a set of security rules for strong authentication) or mobile biometrics.
 

Given the sensitive nature of financial data, it’s essential for financial institutions to maintain the highest standards of confidentiality and security in Digital Banking. So it’s also essential to incorporate robust privacy measures in AI-based solutions to protect customer data.

Additionally, tokenization (an existing industry approach that can be mirrored in AI-enhanced solutions), which turns sensitive data into unidentifiable values, can be used to protect sensitive personal data like names, account numbers, and IBANs (International Bank Account Numbers). This method ensures that AI applications, including chatbots, process data in a way that keeps real customer details confidential.

There are many ways to make an AI-based application more secure. AI chatbots can also be hosted on premise by the developing company, to maintain control over data privacy. We use all these approaches at Netcetera. When we built our chatbot on OpenAI technology, we built in a security layer implementing tokenization. This allows the chatbot to generate suitable responses using confidential customer information without the risk of exposing or compromising that information. In the future, once financial institutions are more comfortable with this technology, it’s likely that they’ll host AI-enabled systems themselves to gain even more control over how data is handled.

Another way to boost data privacy is by adding a separate detection layer to the system to protect sensitive information. This layer would work as a safety net, checking that information passed from the LLM (Large Language Model - an AI algorithm designed to understand, generate and respond to human language) to the customer in case it is sensitive is addressed  accordingly.

While the concerns around compliance and privacy in AI-based Digital Banking solutions are important and valid, they shouldn’t be seen as roadblocks. All these challenges can be addressed with the right approach. Rather than picking one over the other, building a new and exciting solution that customers value can be done at the same time as making that solution compliant and secure.