Synechron is assessing capabilities of GenAI’s code generation that could bring tangible monetary benefits to our clients: Uday Chaudhari, Senior Director – Technology, Synechron

The new era of Generative AI promises to open newer opportunities and avenues for driving innovation and reinvention across the financial sector. However, while embracing this technology is critical, it is equally important to ensure the protection of customer data from any potential risks. Uday Chaudhari Senior Director – Technology, Synechron explains how banks can foster collaboration with technology partners to explore methods of utilizing AI tools while safeguarding user data.

1. What are the data security framework that banks can adopt while using GenAI?

When banks use generative AI, it is crucial to implement robust data security frameworks. These frameworks help protect sensitive information, ensure authorized access, address vulnerabilities, monitor system activities, and maintain regulatory compliance. Here are some key data security frameworks that banks can adopt while utilizing generative AI:

• Encryption: Implement strong encryption mechanisms to protect data both in transit and at rest. Encryption ensures that even if unauthorized individuals gain access to the data, they cannot decipher it without the encryption keys.
• Access Control: Implement strict access control measures to restrict data access based on user roles and privileges. Limit access to sensitive data is provided to only authorized personnel and regular review and update access privileges as needed.
• Anonymization and De-identification: Before using customer data in generative AI models, ensure that personally identifiable information (PII) is anonymized or de-identified. This helps protect customer privacy by preventing the identification of individuals through generated data.
• Data Minimization: Only collect and retain the minimum amount of data necessary for generative AI processes. Avoid storing excessive customer data that is not directly relevant to the AI models, reducing potential risk exposure.
• Secure Data Storage: Ensure the data storage infrastructure is secure, employ industry-standard measures such as firewalls, intrusion detection systems, and regular security audits. Consider adopting cloud services with strong security practices and data encryption capabilities.
• Regular Audits and Monitoring: Conduct regular security audits to identify vulnerabilities and gaps in the data security framework. Implement real-time monitoring systems to detect and respond to any unauthorized access attempts or suspicious activities promptly.
• Training and Awareness: Train employees on data security best practices and the potential risks associated with generative AI. Foster a culture of data security awareness, emphasizing the importance of maintaining confidentiality and integrity.
• Compliance with Regulations: Stay updated with relevant data protection and privacy regulations such as the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS). Ensure that the data security framework aligns with the regulatory requirements.
• Vendor Due Diligence: If partnering with third-party vendors or AI solution providers, perform due diligence to ensure they have robust data security measures in place. Contracts and agreements should clearly outline security responsibilities and obligations.
• Incident Response Plan: Develop a comprehensive incident response plan that outlines the steps to be taken in case of a data breach or security incident. This plan should include strategies for containment, investigation, customer notification, and mitigation.

2. How can IT companies help banks in setting up such frameworks?

IT companies come with a unique set of experience and knowledge that banks can leverage to adapt to new-age technologies such as Generative AI without compromising data security. Banks work in a highly regulated and controlled environment. Banks must ensure that these AI solutions are familiar with the nuances of the banking industry and aligned with the needs of internal stakeholders. IT companies play a key role here. They can help banks set up robust data security frameworks for generative AI usage by offering expertise, cutting-edge solutions, customization, scalability, continuous monitoring, and cost-effectiveness. Here are some ways IT companies can assist banks in this process:

• Security Assessment: IT companies can conduct comprehensive security assessments to identify potential vulnerabilities and risks in the bank’s existing infrastructure and data management practices. This assessment can include reviewing network architecture, access controls, encryption mechanisms, and data storage practices.
• Customized Solutions: IT companies can provide customized solutions tailored to the specific needs and regulatory requirements of the bank. They can help design and implement data security frameworks that align with industry best practices and address the unique challenges faced by the bank.
• Encryption and Access Control Implementation: IT companies can assist banks in implementing strong encryption mechanisms and access control systems. They can recommend and deploy encryption technologies and access control solutions that protect data both at rest and in transit. This includes setting up role-based access control (RBAC) and multi-factor authentication (MFA) systems.
• Anonymization and De-identification Techniques: IT companies can guide banks in implementing effective techniques for anonymizing or de-identifying customer data before it is used in generative AI models. They can provide expertise on data masking, tokenization, and other methods to protect customer privacy while ensuring the usability of the data for AI applications.
• Infrastructure and Cloud Security: IT companies can assist banks in strengthening their infrastructure and cloud security. They can help design secure network architectures, deploy firewalls, intrusion detection systems, and perform regular security audits. Additionally, they can provide guidance on selecting secure cloud service providers and configuring appropriate security measures within the cloud environment.
• Training and Awareness Programs: IT companies can offer training programs and workshops for bank employees to raise awareness about data security best practices. This includes educating employees on recognizing and responding to potential security threats, emphasizing the importance of maintaining data confidentiality, and providing guidelines for secure data handling.
• Compliance Monitoring and Reporting: IT companies can support banks in monitoring and ensuring compliance with relevant data protection regulations. They can assist in implementing monitoring systems that detect and report any non-compliance issues, as well as help banks establish processes for regular reporting and documentation to regulatory authorities.
• Incident Response Planning: IT companies can collaborate with banks to develop robust incident response plans. They can help banks establish protocols for handling security incidents, including incident detection, containment, investigation, and communication. This ensures that the bank is prepared to respond effectively in the event of a data breach or security incident.
• Ongoing Support and Maintenance: IT companies can provide ongoing support and maintenance services to banks, including regular security updates, patch management, and vulnerability assessments. They can also offer proactive monitoring and threat intelligence services to detect and mitigate emerging security risks.

3. What are the advantages and disadvantages of using public GenAI platform?

Using public Generative AI platforms, such as OpenAI’s GPT-3, Google BARD, etc., can offer several advantages, but they also come with certain risks that cannot be overlooked. Here are some of the key points to consider:

Advantages of using public Generative AI platforms:

• Accessibility: Public Generative AI platforms provide access to powerful AI models and technologies that were previously limited to experts and researchers. This democratization allows a broader range of users to leverage the capabilities of Generative AI without requiring extensive technical expertise.
• Cost-effective: Public platforms can offer cost-effective solutions compared to developing and maintaining proprietary AI infrastructure. Users can pay for the services on a usage-based model, eliminating the need for significant upfront investments in hardware and software.
• Pre-trained models: Public Generative AI platforms often come with pre-trained models that have learned from vast amounts of data. These models can be used as a starting point for various tasks, saving time and effort in training from scratch.
• Rapid prototyping: With public platforms, users can quickly prototype and experiment with different AI-driven applications without spending significant resources on infrastructure or development. This agility allows for faster iteration and validation of ideas.

Disadvantages/Risks of using public Generative AI platforms:

• Limited customization: Public platforms may have limitations on customizing the underlying AI models or architecture. Users may not have full control over fine-tuning or modifying the models to suit specific requirements.
• Data privacy and security: When using public platforms, there may be privacy and security concerns. Users need to carefully consider the sensitivity of the data being processed and ensure compliance with privacy regulations.
• Dependency and availability: Relying on public Generative AI platforms means being dependent on their availability and uptime. If the platform experiences downtime or changes its terms of service, it could impact the continuity and accessibility of your AI applications.
• Intellectual property concerns: Public platforms often retain the rights to the models and data generated by users. This can raise concerns about ownership and control over intellectual property, particularly if you are working on proprietary or sensitive projects.

4. How can upskilling employees aid in protecting user data?

Upskilling employees will play a vital role in protecting user data by enhancing their knowledge, skills, and awareness regarding data security and privacy. With proper training, employees gain a better understanding of privacy regulations, best practices for data management, and emerging threats. They are equipped to identify potential vulnerabilities and promptly flag with relevant security teams to thwart any cybersecurity incidents. By empowering employees with the necessary skills, organizations can create a strong line of defense against data breaches, mitigate risks, and foster a proactive approach to safeguarding user data. Below are some of the ways:

• Awareness of security best practices: By providing training and upskilling opportunities, employees can become more familiar with industry best practices for data security.
• Understanding regulatory compliance: Upskilling programs can educate employees about relevant data protection regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).
• Recognizing social engineering and phishing attempts: Upskilling can train employees to identify and respond to social engineering attacks and phishing attempts.
• Implementing secure development practices: Upskilling employees in secure software development practices, such as secure coding and secure development lifecycle (SDLC), can minimize vulnerabilities that could be exploited by attackers.
• Incident response and mitigation: Upskilling programs can include training on incident response procedures and protocols.
• Data handling and access controls: Upskilling can help employees understand the importance of data classification, access controls, and data handling procedures.
• Privacy by design: Upskilling can promote a privacy-centric mindset among employees. By understanding the principles of privacy by design, employees can incorporate privacy considerations into their work processes and product development lifecycle.

5. How Synechron has been assisting financial services clients in the GenAI journey?

Synechron is focussed on Banking and Financial services sector, and we have several top notch financial services clients across the globe. Since GenAI is available in public domain, we have assisted our clients in identifying business areas in which they can implement this new technology.

The technology is useful, specifically after accentuating the input space with financial services data available with our clients, generates valuable insights and can be used in answering customer queries on wide variety of topics.

We are experimenting with creation of portfolios, identifying next best action and other service offerings that can be developed with customers data available with our financial services clients. Needless to mention, the code generation part of GenAI that can improve the productivity of our client’s software development teams.

While we are identifying and developing adoption of GenAI in various areas, we are mindful of the limitations of GenAI; either already documented or experienced during our exploration are shared with clients. This is important in financial services as the industry is highly regulated, involves financial exposure and reputational risks.

6. Can you take us through some of the solutions or use case that Synechron has worked on?

Most of the use cases, at present, are in analysing and providing responses to customer queries related to service or product offerings of our clients. Synechron, much like industry leading service providers across the globe, is accessing capabilities of GenAI’s code generation that could bring tangible monetary benefits to our clients. Observing the growing popularity and strong demand for Generative AI, we also have an AI focused practice that exclusively aims at leveraging the potential of Generative AI.

GenAI technology is evolving very rapidly, and the marketplace is flooded with purpose-built plug-ins and at present, the trend seems to continue for the foreseeable future. Synechron, being a BFSI focussed services organization, is closely monitoring the development and our R&D teams are continuously working towards finding innovative applications of the technology. We are also identifying and developing GenAI solutions in collaboration with our clients from business and technology perspective to bring solutions to production in shortest time possible.