FSL-BDP: Federated Survival Learning with Bayesian Differential Privacy for Credit Risk Modeling
Sultan Amed, Tanmay Sen, Sayantan Banerjee
TL;DR
This work tackles time-to-default credit risk modeling under strict data privacy by proposing FSL-BDP, a federated survival learning framework with Bayesian differential privacy. It models discrete-time hazards across loan tenures, enabling distinction between early and late defaulters while training across non-IID institutions without sharing raw data. Empirical results on LendingClub, SBA, and Bondora show that Bayesian DP outperforms classical DP in federated settings and, importantly, that privacy-utility rankings depend on deployment architecture, with federation substantially amplifying BD P utility (about a +7.0% gain on average) versus +1.4% for classical DP. The findings offer practical guidance for privacy-preserving, multi-institution credit risk analytics, highlighting calibration, regulatory alignment, and the need to evaluate privacy mechanisms in the intended deployment environment.
Abstract
Credit risk models are a critical decision-support tool for financial institutions, yet tightening data-protection rules (e.g., GDPR, CCPA) increasingly prohibit cross-border sharing of borrower data, even as these models benefit from cross-institution learning. Traditional default prediction suffers from two limitations: binary classification ignores default timing, treating early defaulters (high loss) equivalently to late defaulters (low loss), and centralized training violates emerging regulatory constraints. We propose a Federated Survival Learning framework with Bayesian Differential Privacy (FSL-BDP) that models time-to-default trajectories without centralizing sensitive data. The framework provides Bayesian (data-dependent) differential privacy (DP) guarantees while enabling institutions to jointly learn risk dynamics. Experiments on three real-world credit datasets (LendingClub, SBA, Bondora) show that federation fundamentally alters the relative effectiveness of privacy mechanisms. While classical DP performs better than Bayesian DP in centralized settings, the latter benefits substantially more from federation (+7.0\% vs +1.4\%), achieving near parity of non-private performance and outperforming classical DP in the majority of participating clients. This ranking reversal yields a key decision-support insight: privacy mechanism selection should be evaluated in the target deployment architecture, rather than centralized benchmarks. These findings provide actionable guidance for practitioners designing privacy-preserving decision support systems in regulated, multi-institutional environments.
