Summary Analysis

Opportunity at stake: 5
Potential harm: 4
Capability to mitigate risks: 4

Scale: 1 = Low,  5 = High

Should banks control your money?

We use Xempli’s Responsible Banking Framework to analyse Rosie.

New revenue: as cybercrime continues to grow, both in terms of the number of incidents and media mentions, there is a high probability that Polidor will attract and win market share with this product.

Margin: could Polidor charge a fee for the service? Likely.

Loss Avoidance: if the technology works, Polidor is likely to have a massive reduction in credit card fraud. This is a boon for customers and merchants, and it will be a relief to card investigations operations teams.

Social Good: Rosie’s promise is to protect hard earned wealth (particularly the wealth of those who are most vulnerable to scams, such as the elderly).

Potential Harm

Indignity: could some customers suffer reputation damage (e.g. if payments are blocked or if family members are falsely accused of attempting to defraud their elderly parents)?

Financial loss: if Rosie made a mistake and blocked legitimate transactions, and resulted in financial loss to

customers (e.g. loss of deposit for the purchase of a product), could the customer sue the Polidor?

Fraud: the nature of crime is that it will adapt and overcome new security measures – including AI. Is there a risk that Polidor exposes itself to severe losses given it’s undertaking to protect customers?

Restraint on freedom: how would customers feel about empowering Rosie to block certain transactions?

Loss of anonymity: how would customers feel about an agent, albeit a computer, watching over all their financial transactions?

Vulnerability to evil: what if highly advanced spy agencies found a way to tap into Rosie’s brain to see what she sees? To access all transaction and customer data?


Minimum data: Rosie appears to be an all-seeing, all-knowing AI. Does Rosie need to be all-knowing and all-seeing to achieve the same result? Could Rosie be designed to consider a limited set of data (e.g. transactions over $100), and only dive deeper when certain criteria is triggered (e.g. facial recognition software is used only when certain criteria is met)?

Storage limitation: Could Rosie be designed to store no data records at all, thereby limiting the risk of data falling into the wrong hands?

Consent: Not all customers will want this “Big Brother” style intrusion into their financial affairs. To avoid losing customers, Polidor might offer different products to different segments e.g. “Rosie-lite” for customers who want some security but less intrusion, or no Rosie at all. The important thing is that Polidor informs customers of their choices, and gives them the opportunity to opt in or out at anytime. As far as possible, Rosie should seek the consent of customers before taking interventionist action such as holding up a transaction.

Transparency: Bank customers hate monthly fees that appear to deliver no value. Polidor can demonstrate value by giving customers a regular update on What is Rosie up to and why?

Explainable: When an action is taken, it’s important that Rosie can explain the reasons behind the action (what data was considered, what were the triggers, etc)

Anonymity: As far as possible, Rosie should anonymise the data by encrypting or removing personally identifiable information.

Benefits sharing: Customers may be more tolerable of breaches in privacy if they can see the financial benefit. Polidor could share some of the savings from a reduction in credit card fraud by lowering credit card fees.

Accuracy: Is it likely that Rosie will learn from it’s mistakes and get better at separating out legitimate from fraudulent transactions?


At first appearance, Rosie appears to be a blatant breach of privacy. If Polidor were able to put in place the risk mitigation strategies outlined above, would customers relax their privacy concerns? It comes down to one thing: trust.

We agree with Polidor’s President: “In the olden days people put their money in banks because banks had bigger safes and were better at protecting money from gun-toting criminals. But the nature of money has changed, and so has the nature of crime.” Is there an opportunity for banks to assume an even higher duty of care than they already have today?

What do you think? Do you agree? Please share your thoughts on LinkedIn by clicking the LinkedIn logo below.

Enter Team Code