Multi‑Party Secure Risk Control: Challenges, Architecture, and Practice

With financial scenarios becoming increasingly complex and involving many cross‑entity events, risk control and regulatory compliance have become critical challenges. This talk shares Ant Group's multi‑party secure risk‑control strategies and practical implementations.

Risk scenario pain points

Two typical fraud cases are presented: (1) legitimate merchants unintentionally selling stolen high‑value goods through coordinated gang activities, using either compromised delivery accounts or payment‑link QR codes; (2) fraudulent online stores that leak user information and exploit it for large‑scale financial loss. Both scenarios suffer from fragmented data across platforms, making comprehensive risk detection difficult.

Privacy protection regulatory landscape

Over 130 of the world’s 190+ major economies have enacted privacy legislation, including China’s Cybersecurity Law, the EU’s GDPR, and China’s Personal Information Protection Law. Enforcement fines are rising, highlighting the need to balance privacy safeguards with effective risk control.

Regulations require data processors to obtain user consent, anonymize or de‑identify personal data, and protect privacy during computation, as outlined in China’s Multi‑Party Secure Computing Financial Technical Specification.

Technical architecture of multi‑party secure risk control

The architecture consists of three layers: the privacy‑protection view layer (data compliance ingestion, privacy protection, privacy risk identification), the computation framework layer (a unified base supporting cloud and on‑premise deployments, with same‑network and cross‑network secure computation engines), and the risk service layer (open platform, cross‑entity joint risk, industry solutions).

Key capabilities include secure data sharing, joint perception, risk profiling, anonymous queries, and industry‑specific solutions for banking, public security, and government.

Practice cases

Anti‑gambling and anti‑fraud collaborations with police and banks use multi‑party secure computation to process privacy‑preserving data, create contracts, de‑identify identifiers, add noise, and enforce access controls.

External client scenarios apply joint modeling with authorized user data, producing risk scores that are de‑sensitized and protected by cryptographic techniques, achieving over 20% accuracy improvement and 10% recall increase compared to single‑party models.

Thoughts and outlook

Challenges include meeting millisecond‑level latency for real‑time risk scoring, reducing computational overhead of secure protocols, and enhancing explainability for regulatory audits. Future work aims to accelerate computation, improve performance, and provide transparent, regulator‑friendly explanations while maintaining high privacy guarantees.

Thank you for listening.