ALL Metrics
-
Views
-
Downloads
Get PDF
Get XML
Cite
Export
Track
Research Article

Orchestration of autonomous trusted third-party banking

[version 1; peer review: 2 approved, 1 approved with reservations]
PUBLISHED 08 Sep 2021
Author details Author details
OPEN PEER REVIEW
REVIEWER STATUS

This article is included in the Research Synergy Foundation gateway.

Abstract

Background
Digital transformation is changing the structure and landscape of future banking needs with much emphasis on value creation. Autonomous banking solutions must incorporate on-the-fly processing for risky transactions to create this value. In an autonomous environment, access control with role and trust delegation has been said to be highly relevant. The aim of this research is to provide an end to end working solution that will enable autonomous transaction and task processing for banking.

Method
We illustrate the use case for task delegation with the aid of risk graphs, risk bands and finite state machines. This paper also highlights a step by step task delegation process using a risk ordering relation methodology that can be embedded into smart contracts.

Results
Task delegation with risk ordering relation is illustrated with six process owners that share immutable ledgers. Task delegation properties using Multi Agent Systems (MAS) is used to eliminate barriers for autonomous transaction processing. Secondly, the application of risk graph and risk ordering relation with reference to delegation of tasks is a novel approach that is nonexistent in RBAC.

Conclusion
The novelty of this study is the logic for task delegation and task policies for autonomous execution on autonomous banking platforms akin to the idea of federated ID (Liberty Alliance).

Keywords

Autonomous banking, RkBAC, RBAC, task delegation, risk ordering relation, role based, risk band, risk graph

Introduction

Digital transformation has been changing the landscape of banking and the future of banking will be very much different from what it is today. Faced with enormous competition, consumer expectations and new business models’ banks are required to put in place process automation that will gain confidence of its customers. With much negative publicity from recent events such as Enron, Madoff Investment Securities and WorldCom, the financial sector is becoming the least trusted sector. This is constantly highlighted in the Edelman Trust Barometer report. From 2011 until 2017, among eight industries financial services that incudes baking has been reported as the least trusted. In 2011 the sector scored 37% and in 2017 it scored 54%. The percentage increase is negligible compared to the other industries as shown in Figure 1. Financial services must embrace trust in its core business model in order to overcome this negative perception. Future of banking will include autonomous systems that must ensure trust at it’s core processing. In this paper we present a Multi Agent System (MAS) approach that is based on the Blockchain technology to facilitate data exchange, loan processing, withdrawals, loan inquiry, third party transfers, wallet activation and much more.

dbaeda49-943f-4ef4-914c-b706e5847e4e_figure1.gif

Figure 1. Edelman and Trust Report on Trusted Industries (2011 to 2017).

This is to ensure customer confidence and trust is ensured1. The core of this technology ensures provenance, data integrity, auditability and trust2. The decentralized trust embedded system has been illustrated with the Trusted Third Party (TTP) principle3.

Trust attributes

Trusted systems are defined as systems that rely upon upholding or enforcing trust in relation to transaction processing, integrity, data provenance, auditability and adherence to policy. In an autonomous banking system trust attributes can also be defined as compliance, data provenance as well as true and fairness. The purpose of statutory audit is to ensure compliance and rigor for check and balance. Blockchain technology is useful in this context to enable a unified vision that is agreeable and verifiable by all entities involved in the trusted network3,4. As mentioned earlier to facilitate Tasks (t1, t2…,.tn) that refer to specific task descriptions highlighted in Table 1, we propose evaluation of Exposure Analysis (EA) and Risk Band (RB)5. The idea is to specifically incorporate trust factor into the distributed ledgers via smart contracts that will provide required governance for all transactions illustrated in Figure 2 below.

Table 1. Automated Risk Band (RB) Output.

Tasks (T)RR (Risk Rating) %EA (Exposure Analysis)EL (Expected Loss)RB (Risk Band)
T179%USD $ 6,300USD$ 4977High risk
T270%USD $ 5,500USD$ 3850High risk
T369%USD $ 5,800USD$ 4002Medium risk
T459%USD $ 7,000USD$ 4130High risk
T557%USD $ 6,800USD$ 3876Medium risk
T650%USD $ 5,900USD$ 2950Medium risk
T742%USD $ 4,500USD$ 1890Low risk
T839%USD $ 4,300USD$ 1677Low risk
T935%USD $ 3,900USD$ 1365Low risk
T1033%USD $ 3,500USD$ 1155Low risk
dbaeda49-943f-4ef4-914c-b706e5847e4e_figure2.gif

Figure 2. Shared Immutable Ledger (Muthaiyah, 2019).

In this instance, we highlight a transaction that is shared across six process owners. The immutable ledgers will evaluate individually for each process owners i.e. 1) opening account, 2) loan approval, 3) e-wallet activation, 4) fund transfer, 5) facility check and 6) wire transfer.

Methods

In this study, the RR, EA and EL analytical data model below was used to rank order to determine Risk Band (RB) based on ISO31000 standards. Multi Agent Systems (MAS) will execute and update RB into respective immutable ledgers shown in Figure 2.

Statecharts

State charts or state chart diagrams can be used to define processes that are dynamic. It is used to define state changes that are triggered by events6. As depicted in Figure 3, there are thirteen states that are being triggered one after the other. Task 1 (t1) triggers task 2 (t2) until all thirteen states are completed for a particular transaction. As mentioned earlier, these tasks are transaction based such as a third-party fund transfer. Since the banking system is designed to be autonomous the MAS will coordinate the automated transaction processing without human intervention.

dbaeda49-943f-4ef4-914c-b706e5847e4e_figure3.gif

Figure 3. State chart diagram.

Table 2 illustrates nine tasks with relation to banking transactions without trust delegation. Description of the tasks (T) and relative Risk Bands (RB) have also been listed. RB can be grouped into five groups of risks, 1) Low risk, 2) Low to Medium, 3) Medium risk, 4) Medium to High risk and 5) High risk. Risks are identified by RB and the risk levels are indicated numerically from 1 to 6 as shown in Figure 4. Low level of risk is indicated by RB5 and RB6 that maps to T2 (statement request) and T1 (opening account). High level of risk is indicated by RB1 that maps to T8 as well as T10. In the Figure 1 below, there are nine KYPs (t1…t9), which are tagged to company platforms available on the P2P platform.

Table 2. Automated Transaction.

Tasks (T)Description / ProcessRisk Band (RB)
T1Opening accountLow risk
T2Statement requestLow risk
T3Personal loan approvalLow to medium risk
T4Cheque status inquiryMedium risk
T5E-Wallet activationMedium to high risk
T6Stop cheque requestMedium to high risk
T7Fund transferMedium to high risk
T8Loan facility approvalHigh risk
T9Loan facility increaseHigh risk
T10International foreign currency wire transferHigh risk
dbaeda49-943f-4ef4-914c-b706e5847e4e_figure4.gif

Figure 4. Risk Graph associated with Risk Band (RB).

Analysis from RA and EA calculations show that Risk band 6 (RB = 6) includes t1, t2, and t4, which are high risk platforms. Risk band 1 (RB = 1) includes t7, t8 and t9, which are relatively low risk platforms. Overall, we can compare the risk bands to show relative risks between (t1 to t9). For example, t9, will have the same level of risk as t8, which are compatible in terms of risk band. T8 refers to Loan Facility Approval and T10 refers to international foreign currency wire transfer. Comparable risks are for tasks (T6, T7 and T9) which all fall under RB2. Similarly, T1 and T3 also share the same RB which is RB5. Whereas non-comparable RBs are those such as different tiers such as T9 and T10.

Trust attributes and risk band

Risk scales for automated transaction are embedded into our proposed autonomous banking system for enabling a trust-based network. The main objective of this study is to determine access rights based on risk bands. The idea is to use risk-based assessment for better control measure and execution. Intuitively, the larger the risk, the greater the risk band and the higher the scrutiny. Before rights to access is granted, detailed access control permissions are allocated based on risk bands. However, trust delegation for transactions can also be dealt with in this methodology. This sis explained further in the next section.

Trust delegation

Trust delegation in principle refers to any task (t) where the role of approval can be delegated or transferred personnel within boundaries of process owners7.

Figure 5 highlights the proposed trust based autonomous banking platform where trust delegation is included. A total of nine tasks (t1…t9), for autonomous banking is illustrated. Risk band 6 (RB6) includes high risk tasks (t1, t2 and t4). (RB1) includes low risk tasks (t7, t8 and t9). Risk band 3 (RB3) includes average risk tasks (t3, t5 and t6).

dbaeda49-943f-4ef4-914c-b706e5847e4e_figure5.gif

Figure 5. Risk Graph with Trust Delegation (Muthaiyah, 2020).

For example, if a process owner executes t9, the process owner will have the same level of risk as t8, which are compatible in terms of risk band. Any task that has a higher risk than RB = 1, more scrutiny will be applied to grant permission for that task.

This flexibility is crucial for tasks that are dynamic in the context of autonomous banking. In this manner post evaluation for the transactions can be executed this enabling risk levels to move up or down depending on the RB. Intuitively, the larger the gap between the RB, the higher the risk7. As such, Tasks t1, t2, and t4 belong to the same level of risk (RB = 6). Securing transaction threats by accessing risks associated with them can reduce likelihood of liabilities however the risk assessment process should not be ambiguous, inconsistent and have omissions. Therefore, the mathematical formulation below is necessary to add rigor to the assessment7.

In a Multi Agent System (MAS) platform for autonomous systems in this case “agents”, there is a need to have the agent systems programmed with a certain logic or algorithm so that they can execute these transactions seamlessly. As such we illustrate the following mathematical expression for developing the logic for risk ordering and risk bands. We have implemented a detailed algorithm using the Foundation of Intelligent Physical Agents (FIPA) standard shown in Figure 6.

  • 1) Subject (S) – all possible users as well as non-human entities (i.e. FSMs)

  • 2) Object (O) – entities being accessed by subject

  • 3) Operation (Op) – operation performed on object (i.e. loan processing)

  • 4) Role (R) – Capacity in which subjects access the rights to objects

  • 5) Task (T) – Operation * Object (Op * O)

  • 6) Permission (P) – Role (R) → P Task (T) (Note : P denotes power set operand)

    • - gives a set of tasks authorized for each role (R).

    • - task has a token and when task is over the token would expire.

  • 7) Subject Roles (SR) – Subject (S) → P Role

  • 8) PERM is a subset of Role * Task (R*T)

dbaeda49-943f-4ef4-914c-b706e5847e4e_figure6.gif

Figure 6. Agent Systems for autonomous platforms (Muthaiyah, 2020).

However, this paper’s focus is only on developing the logic for trust delegation at this stage. More detailed transaction logic will be implemented it in the near future to accommodate transactions that are not listed in Table 2. Figure 6, illustrates autonomous banking trust delegation for task execution workflow5. The concept is based on a Multi Agent Systems (MAS) platform assumed by the functional architecture proposed by FIPA, an Agents Working Group. MAS can be thought of multitude autonomous entities, that execute processes one through seven shown below. This paper presents an implementation of an autonomous banking platform providing transparent interaction between process owners that are represented by agent systems.

Conclusion

Autonomous Trusted Third-Party orchestration for banking systems must be self-auditing by its design. In order to ensure that the banking ecosystem will entail trust which will be the key to drive of its success. Technological advancements will be able to create value by quickly aggregating data which can be deployed using agent systems. In our future work we would like to investigate how control procedures can be embedded within the Blockchain technology to make autonomous banking platforms more robust.

Data availability

No data associated with this article.

Ethics

Ethical Approval Number: EA1202021

Ethical approval was obtained from the research management center at the university. Researchers had to first submit the title of the project, what the author planned to do for the interviews and details of study objectives. The officer at the research management center after reviewing the documents will then issue a letter of clearance for the data collection to be carried out. The approval letter was then obtained, and the reference number of this letter is EA1202021.

Comments on this article Comments (0)

Version 1
VERSION 1 PUBLISHED 08 Sep 2021
Comment
Author details Author details
Competing interests
Grant information
Copyright
Download
 
Export To
metrics
Views Downloads
F1000Research - -
PubMed Central
Data from PMC are received and updated monthly.
- -
Citations
CITE
how to cite this article
Muthaiyah S, Anbananthen KSM and Phuong Lan NT. Orchestration of autonomous trusted third-party banking [version 1; peer review: 2 approved, 1 approved with reservations]. F1000Research 2021, 10:899 (https://doi.org/10.12688/f1000research.72987.1)
NOTE: If applicable, it is important to ensure the information in square brackets after the title is included in all citations of this article.
track
receive updates on this article
Track an article to receive email alerts on any updates to this article.

Open Peer Review

Current Reviewer Status: ?
Key to Reviewer Statuses VIEW
ApprovedThe paper is scientifically sound in its current form and only minor, if any, improvements are suggested
Approved with reservations A number of small changes, sometimes more significant revisions are required to address specific details and improve the papers academic merit.
Not approvedFundamental flaws in the paper seriously undermine the findings and conclusions
Version 1
VERSION 1
PUBLISHED 08 Sep 2021
Views
10
Cite
Reviewer Report 16 Nov 2021
Kadambini Katke, Dayananda Sagar Institutions, Bangalore, Karnataka, India 
Approved with Reservations
VIEWS 10
1. Industry relevant research area which can contribute towards digitization of banking services 

2. Paper can be improved with a few more added references to support the research findings

3. Self-citations out of a ... Continue reading
CITE
CITE
HOW TO CITE THIS REPORT
Katke K. Reviewer Report For: Orchestration of autonomous trusted third-party banking [version 1; peer review: 2 approved, 1 approved with reservations]. F1000Research 2021, 10:899 (https://doi.org/10.5256/f1000research.76604.r96360)
NOTE: it is important to ensure the information in square brackets after the title is included in all citations of this article.
Views
14
Cite
Reviewer Report 22 Oct 2021
Noor Ismawati Jaafar, Department of Operations and MIS, Faculty of Business and Accountancy, University of Malaya, Kuala Lumpur, Malaysia 
Approved
VIEWS 14
In general, this may be a good start to more interesting research and findings. The context and focus of the research are very interesting and have huge potential to make an impact on society's application of IT, especially in the ... Continue reading
CITE
CITE
HOW TO CITE THIS REPORT
Jaafar NI. Reviewer Report For: Orchestration of autonomous trusted third-party banking [version 1; peer review: 2 approved, 1 approved with reservations]. F1000Research 2021, 10:899 (https://doi.org/10.5256/f1000research.76604.r96362)
NOTE: it is important to ensure the information in square brackets after the title is included in all citations of this article.
Views
21
Cite
Reviewer Report 12 Oct 2021
Indrawati Sambas, Faculty Economics & Business, Telkom University, Bandung, Indonesia 
Approved
VIEWS 21
I think this paper is a good and important addition to the literature. I really like the conceptualization of how autonomous Trusted Third-Party orchestration for banking systems must be self-auditing by its design which I think is very important in ... Continue reading
CITE
CITE
HOW TO CITE THIS REPORT
Sambas I. Reviewer Report For: Orchestration of autonomous trusted third-party banking [version 1; peer review: 2 approved, 1 approved with reservations]. F1000Research 2021, 10:899 (https://doi.org/10.5256/f1000research.76604.r93739)
NOTE: it is important to ensure the information in square brackets after the title is included in all citations of this article.

Comments on this article Comments (0)

Version 1
VERSION 1 PUBLISHED 08 Sep 2021
Comment
Alongside their report, reviewers assign a status to the article:
Approved - the paper is scientifically sound in its current form and only minor, if any, improvements are suggested
Approved with reservations - A number of small changes, sometimes more significant revisions are required to address specific details and improve the papers academic merit.
Not approved - fundamental flaws in the paper seriously undermine the findings and conclusions
Sign In
If you've forgotten your password, please enter your email address below and we'll send you instructions on how to reset your password.

The email address should be the one you originally registered with F1000.

Email address not valid, please try again

You registered with F1000 via Google, so we cannot reset your password.

To sign in, please click here.

If you still need help with your Google account password, please click here.

You registered with F1000 via Facebook, so we cannot reset your password.

To sign in, please click here.

If you still need help with your Facebook account password, please click here.

Code not correct, please try again
Email us for further assistance.
Server error, please try again.