Entry Date:
May 30, 2012

Privacy-Preserving Methods for Sharing Financial Risk Exposures


While there is still considerable controversy over the root causes of the Financial Crisis of 2007–2009, there is little dispute that regulators, policymakers, and the financial industry did not have ready access to information with which early warning signals could have been generated. For example, prior to the Dodd-Frank Act of 2010, even systemically important financial institutions such as AIG and Lehman Brothers were not obligated to report their amount of financial leverage, asset illiquidity, counterparty risk exposures, market share, and other critical risk data to any regulatory agency. If aggregated over the entire financial industry, such data could have played a critical role in providing regulators and investors with advance notice of AIG’s unusually concentrated position in credit default swaps, as well as the exposure of money market funds to Lehman bonds. Of course, such information is currently considered proprietary and highly confidential, and releasing it into the public domain would clearly disadvantage certain companies and benefit their competitors. But without this information, regulators and Privacy-Preserving Methods for Sharing Financial Risk Exposures investors cannot react in a timely and measured fashion to growing threats to financial stability, thereby assuring their realization.

At the heart of this vexing challenge is privacy. Unlike other industries in which intellectual property is protected by patents, the financial industry consists primarily of “business processes” that the US Patent Office has deemed unpatentable, at least until recently. Therefore, trade secrecy has become the preferred method by which financial institutions protect the vast majority of their intellectual property, hence their need to limit disclosure of their business processes, methods, and data. Forcing a financial institution to publicly disclose its proprietary information—and without the quid pro quo of 17-year exclusivity that a patent affords—will obviously discourage innovation, which benefits no one. Accordingly, government policy has tread carefully on the financial industry’s disclosure requirements.

In this paper, we propose a new approach to financial systemic risk management and monitoring via cryptographic computational methods in which the two seemingly irreconcilable objectives of protecting trade secrets and providing the public with systemic risk transparency can be achieved simultaneously. To accomplish these goals, we develop protocols for securely computing aggregate risk measures. The protocols are constructed using secure multiparty computation tools (Yao 1982; Goldreich, Micali, and Wigderson 1987; Ben-Or, Goldwasser, and Wigderson 1988; Chaum, Crépeau, and Damgard 1988; Beaver, Micali, and Rogaway 1990; Cramer et al. 1999), specifically using secret sharing (Shamir 1979). It is well known that general Boolean functions can be securely computed using “ circuit evaluation protocols” (Goldreich, Micali, and Wigderson 1987; 66 AEA PAPERS AND PROCEEDINGS MAY 2012 Ben-Or, Goldwasser, and Wigderson 1988), and because computing any function on real-valued data is approximated arbitrarily well by computing a function on quantized (or binary) data, in principle such protocols can also be used for real-valued functions. For arbitrary functions and high precision, however, the resulting protocols may be computationally too demanding and therefore impractical.

We show that for computing aggregate risk measures based on standard sample moments such as means, variances, and covariances—the typical building blocks of financial risk measures (see for example, Bisias et al. 2012)—simple and efficient protocols can be developed. Using these methods, it is possible to compute the aggregate risk exposures of a group of financial institutions—for example, a concentration (or “Herfindahl”) index of the credit default swaps market, the aggregate leverage of the hedge fund industry, or the margin-to-equity ratio of all futures brokers—without jeopardizing the privacy of any individual institution. More importantly, these protocols will enable regulators and the public to accurately measure and monitor the amount of risk in the financial system while preserving the intellectual property and privacy of individual financial institutions.

Privacy-preserving risk measures may also facilitate the ability of the financial industry to regulate itself more effectively. Despite the long history of “self-regulatory organizations” (SROs) in financial services, the efficacy of self-regulation has been sorely tested by the recent financial crisis. SROs may, however, be considerably more effective if they had access to timely and accurate information about systemic risk that did not place any single stakeholder at a competitive disadvantage. The broad dissemination of privacy-preserving systemic risk measures will enable the public to respond appropriately as well, reducing general risk-taking activity as the threat of losses looms larger due to increasing systemic exposures. Truly sustainable financial stability is more likely to be achieved by such self-correcting feedback loops than by any set of regulatory measures.