About the bank
This universal bank provides personal and corporate banking services to millions of customers worldwide. Its broker-dealer (BD) business line offers execution services to institutional clients, requiring routine handling of sensitive and confidential data from multiple sources. With tens of billions in annual revenue and dozens of high profile clients, implementing comprehensive data privacy and security measures is paramount in delivering the top-notch service customers have come to expect.
Challenge
The bank’s BD is legally responsible for ensuring controls are in place to manage conflicts of interest and prevent traders from misusing confidential client information for personal or
corporate gain. Regulators require that information barriers exist between different trading desks or business units, but many institutional clients demand additional safeguards to ensure orders and trades remain confidential. BDs must ensure sufficient controls are in place to comply with these contractual provisions.
However, since they rely on a combination of human and machine execution channels, and each execution varies based on market conditions, client requirements and cost, it was difficult for BDs to apply controls that would reliably and adequately protect sensitive data,
particularly at scale.
The bank’s electronic trading teams used a common data science platform to develop tools allowing it to act both for its own benefit as a principal and on behalf of its clients in an agency capacity. In doing so, they had to manage the inherent conflicts of interest, which further complicated the data access control application and privacy assurance.
Solution
To help data engineers efficiently manage conflicts of interest, minimize risk at scale, prevent the misuse of client information and adhere to strict contractual and licensing agreements, the bank needed an all-in-one solution — not a patchwork collection of disparate tools.
To meet these strict regulatory and contractual requirements, the bank enlisted Immuta to help with the following:
To ensure that analytical processes for principal and agency activities never cross paths, the bank relied on Projects, Immuta’s controlled workspaces, for collaboration. With Projects, data engineers could segregate, manage and audit analytical activities, allowing a data science team to work across both principal and agency projects without raising conflicts of interest.
Traders are prohibited from seeing pending client orders, but in order to continuously monitor and refine electronic trading model algorithms, the electronic trading desks need anonymized client transaction data. Immuta’s combination of attribute- and purpose-based access control dynamically applied anonymization techniques and time-based controls of client execution data, enabling ongoing risk management and model optimization.
Immuta’s dynamic access controls were also used to shield clients’ identities to ensure information was shared only on a need-to-know basis and to avoid conflicts of interest through order execution.
For clients who opted out of allowing their transaction data to be included in published aggregate trading volumes or in data sets used to refine electronic trading models, data engineers implemented Immuta’s row-level redaction functionality.
The bank’s electronic trading groups continuously receive and store market data, which is subject to licensing arrangements dictating its use and distribution. Using Immuta’s unified audit logs and automated reports to monitor and show who accessed what data, when and for what purpose was key to proving compliance both from a regulatory and a contractual standpoint.
Results
Before implementing Immuta, this bank relied on two separate data science teams to mitigate conflicts of interest between its agency and principal activities. With Immuta, data engineers could segregate data sets and apply dynamic protections, allowing the bank to combine the data science teams and reduce costs while increasing data science productivity by 100%.