Federated Learning for Privacy-Preserving Analytics
Cathay Bank wanted a fraud detection model that could learn from transaction data across multiple jurisdictions. CCPA and PIPL made it illegal to move raw customer records across borders, so centralised training on pooled data was out. The project built the mathematical and engineering foundations to close that gap.
Architecture
Each jurisdiction trains locally. Only gradient updates, clipped and noise-added before they leave the node, travel to the aggregation server. No raw data moves.
The full mathematical treatment is published: Mathematical Foundations of Federated Learning for Privacy-Preserving Analytics
Non-IID convergence
Fraud patterns differ across branches. Naive gradient averaging under non-IID data causes client drift: the global model gets pulled toward incompatible local optima. Rather than tuning the local update frequency empirically, the optimal number of local steps before aggregation was derived analytically from the FedAvg convergence bound. The bound relates loss gap to gradient variance across clients, data heterogeneity, and local step count. Differentiating with respect to local steps and solving yields a closed-form expression: predictable behaviour across distribution shifts, no hyperparameter search needed.
Differential privacy
Each client clips its gradient update to a maximum L2 norm, then adds Gaussian noise calibrated to σ before the server aggregates. Privacy budget is tracked across rounds using the RDP moments accountant. The system satisfied both CCPA and PIPL data residency requirements simultaneously.
Robust aggregation
A Byzantine client can steer the global model by sending large adversarial updates. The system uses a hybrid mean by default, with automatic fallback to coordinate-wise median when the variance of incoming updates exceeds a threshold. The median is resistant to outliers by construction: adversarial values cannot shift it outside the range of honest inputs.
Results
| Utility | With differential privacy at regulatory thresholds (ε < 8), the model reached 98%+ AUC on fraud detection, within 2% of centralised training. |
| Residency | Zero raw customer data crossed a border at any point. CCPA and PIPL data residency requirements satisfied simultaneously. |
What's next
The model trained on Cathay's data is frozen, it cannot be released for the same data residency reasons the project was built to address. What's being built now is an open framework: bring any tabular fraud dataset, run it through the FL pipeline with differential privacy and Byzantine robustness, get a trained model with a verifiable privacy certificate. The plan is to host on Hugging Face with a Colab demo once real-data validation is complete.
Python · PyTorch · PySyft · RDP composition · Byzantine-robust aggregation