As banks scramble to keep pace with the latest advancements in artificial intelligence, an emerging tool known as DeepSeek is making waves in the industry. This sophisticated model, renowned for its prowess in data processing, natural language understanding, and logical reasoning, is gradually embedding itself into various core operational scenarios such as credit assessments, contract management, and customer service. However, the increasing incorporation of such technologies is accompanied by heightened concerns regarding data security, model risks, and regulatory compliance, which have become focal points for financial institutions.

In a recent interview with China Business Journal, Liu Tong, Deputy General Manager of the Product Center at the China Financial Certification Authority (CFCA), highlighted that while DeepSeek offers banks a path towards intelligent solutions with manageable risks, its implementation necessitates a careful balance between technological innovation and security compliance. Banks need to leverage the advantage of AI while simultaneously reinforcing the financial security framework.

The journey for banks is shifting from solely enhancing efficiency to reconstructing their operational ecosystem. Numerous banks have recently deployed DeepSeek models locally, utilizing them across a variety of applications including intelligent contract management, risk control, asset custody, valuation reconciliation, customer service assistants, and advisory roles.

However, there are significant pain points hindering banks' AI applications. These include imbalances in training costs versus energy efficiency, a deficiency in the ability to generalize across long-tail situations, and engineering challenges associated with edge-side deployment. Liu Tong contends that DeepSeek is breaking through these barriers by optimizing cost structures and integrating domestic technology stacks.

He provided various examples of how DeepSeek enhances efficiency, accuracy, and risk control capabilities in the banking sector, driving upgrades to smart financial infrastructure. In credit evaluations, the traditional processes that depend heavily on human handling of unstructured data are time-consuming and prone to errors. In contrast, DeepSeek's exceptional capabilities in understanding Chinese language nuances and logical reasoning significantly streamline the automated parsing of loan materials, thereby enhancing the efficiency of credit reviews. When it comes to contract management, DeepSeek employs natural language processing to accurately identify contract terms while leveraging legal knowledge bases for compliance checks. In customer service scenarios, the model can tailor personalized assistance based on clients’ transaction histories and preferences. For asset custody and valuation, DeepSeek's powerful data processing abilities facilitate the automated parsing and comparative analysis of transaction and valuation data.

According to Liu Tong, the implementation of DeepSeek is contributing to diminished 'Matthew effect' in the banking technology ecosystem. With the adoption of DeepSeek, banks can achieve intelligent applications across multiple scenarios while keeping risks under check. This enables smaller banks to bridge the technological gap with larger institutions, which, in turn, can cultivate a more robust fintech ecosystem.

Nevertheless, questions arise regarding the accuracy of DeepSeek as an AI decision-making system in the context of risk assessment. Liu suggests that banks can ensure DeepSeek’s accuracy through rigorous measures at the data, model, and technological layers. When asked about the necessity of establishing a third-party audit mechanism to prevent model biases or black-box decision-making risks, he pointed out that DeepSeek's open-source model offers public transparency through shared model code and training methodologies. This transparency allows banks and related entities to scrutinize and validate the model, thereby potentially mitigating some of the risks associated with third-party audits and enhancing the integrity of the decision-making process.

Despite the promising applications of DeepSeek, the risks it introduces cannot be taken lightly. Liu emphasizes that banks must prioritize three major areas of risk: model attacks, algorithmic biases, and sensitive data breaches.

To counteract risks from model attacks, banks may enhance model robustness utilizing methods such as adversarial training and data augmentation. Liu elucidates that while attackers might forge loan documents to deceive the system, fusion of results from multiple models can significantly reduce the rate of misjudgment.

Algorithmic bias poses additional concerns, with potential repercussions for compliance and reputation. Liu insists that banks should proactively address this through diverse data collection, fairness constraints on algorithms, and dynamic feedback mechanisms to initiate corrections.

In tackling the threat of sensitive data breaches, Liu acknowledges that localized deployment of DeepSeek can minimize the risk of data outflow. However, the model's operation still necessitates interaction with vast amounts of user data during training and inference, which, if mishandled, could infringe on user privacy, eroding trust and possibly leading to compliance issues.

In recent years, there’s been a push towards providing explanations regarding how data influences decision-making outcomes and ensuring information disclosure, alongside real-time monitoring of automated processes and resulting system behaviors. Banks are also advised to develop risk mitigation measures for AI applications, including crafting alternative exit strategies and emergency protocols for security threats with ongoing drills for preparedness.

When dealing with the risks associated with data, Liu advocates for employing desensitization techniques, access control measures, and monitoring/auditing technologies to safeguard customer sensitive financial information while leveraging DeepSeek.

For data desensitization, he outlines two core strategies: first, implementing specific encoding rules that render sensitive data unrecognizable without specialized algorithms; and second, encrypting financial data such as transaction passwords and national ID numbers, granting decrypt access solely to authorized users through secure key mechanisms.

Regarding access control measures, Liu explains that banks should utilize multifactor authentication methods—like usernames and passwords, digital certificates, rotating tokens, and biometric verification—to secure access to sensitive financial data. For instance, CFCA's digital identity system employs various technologies such as ID cards, bank cards, phone numbers, and facial recognition to substantiate user authenticity. Furthermore, role-based access should be established according to job responsibilities, adhering to the principle of least privilege to minimize access to only what's necessary for task fulfillment.

In terms of monitoring and auditing technologies, banks can adopt data monitoring tools to swiftly detect anomalous behaviors and data breach risks. This involves analyzing traffic flows of data transfers to create models for identifying abnormal transmission patterns and meticulously documenting all actions involving sensitive financial data for post-audit traceability, regularly reviewing compliance with regulations and internal banking policies regarding desensitization practices.

Notably, Liu addressed the complexities entailed when systems require interaction with external data sources, highlighting the necessity of establishing safeguards against data leaks or unauthorized scraping. He suggests a multifaceted approach encompassing access control, data encryption, and security monitoring to safeguard against such risks.