SCR Calculator User Manual

Version Last modified 2024-3-21

Data Confidentiality

Strict User Data Confidentiality

Maintaining the confidentiality of financial information, such as client porfolio holdings, transaction history, etc. is vital to the regulatory compliance and fiduciary responsibilities of financial institutions.

The Privacy Policy already explains the strict User Data Confidentiality policy adopted by the SCR Calculator software. Here we reiterate this point and give a bit more explanation.

Advantage of the Traditional Desktop Architecture in Protecting User Data

The SCR Calculator is constructed using a traditional desktop application architecture. What this means is that the 'frontend', i.e. the actual software installed and running on the user's office computer, does the actual computation. This might sound trivial, but nowadays many such computations are actually performed on the 'server side' if it were a web application.

A web application has the advantage that installations and updates are done centrally on the 'server side', so that users are not troubled or even noticing. However, a 'web application' has weaknesses:

  • It cannot maintain strict user data confidentiality, unless the user data is encrypted for transmission and storage in a regulatorily-approved format. Sometimes this is not possible.
  • It usually exhibits some latency (delay in reaction to user commands by a fraction of a second), especially if the server is located in a different part of the world.
  • For heavy computations, such as multiple users performing bond optimisation of [portfolio + index space] each involving adjusting the weights of thousands of line items, the server can be clogged or slow to respond. Putting the computing in the 'cloud' does not always solve this problem.

For comparison, a traditional 'desktop application'

  • Can easily implement user data confidentiality, as long as no user data is allowed to be transmitted from the frontend to the server.
  • There is no latency, because all the computations are local.
  • Heavy computations will be carried out leveraging all the computing power available on the user's office computer.
These characteristics are ideal for the operational environment required by a medium-sized application with strict user data confidentiality requirements.