Lecture 10: Flipped — RegTech, Cybersecurity & Privacy-Preserving Compute
Group presentations · token allocation · discussion
10.1 Course objectives
- 10.1 Course objectives
- 10.2 Recap: RegTech, Cybersecurity & Privacy-Preserving Compute
- 10.3 Session agenda
- 10.5 Token allocation
- 10.6 Lecturer reflection
- 10.7 Wrap-up & next steps
Welcome to Emerging Technology & Finance
- This is a flipped-classroom Bachelor course: every regular lecture (odd weeks) is followed by a flipped session (even weeks) where all groups present on the same topic. There is no exam to register for — sign up on the course Moodle page by 15 October 2026 so you receive announcements and the token-allocation quiz links.
- Form a group of 4 by the end of Week 1 (Moodle sign-up sheet). Stragglers will be allocated by the lecturers.
- Grading is 100% cumulative across the 6 flipped sessions: each session = 50% peer-allocated tokens + 50% lecturer evaluation. Each group gets 20 fresh tokens every flipped week to allocate to other groups via a Moodle quiz within 5 minutes of the session ending.
- Submission per session: upload your slide PDF to Moodle before each flipped session starts. Ask questions during or right after each session — that is the preferred channel.
- Admin / studies / exam-eligibility questions go to the registrar’s office (Studiensekretariat) at studiensekretariat@uni-ulm.de.
- Course-content questions outside class: email oliver.padmaperuma@uni-ulm.de, CC andre.guettler@uni-ulm.de.
- We also recommend the student advisory service.
Course Objective
Scope
We will:
- Survey six emerging-technology modules at the cutting edge of finance: agentic AI · blockchain & DeFi · fintech business models · RegTech & cybersecurity · CBDCs
- Pair every regular lecture with a flipped session in which every group presents their angle on the topic
- Train critical evaluation, presentation, and peer-judgment skills via a transparent token-based peer-grading mechanic
- Place the technologies in a real-world business and regulatory context (PSD2/3, MiCA, EU AI Act, post-quantum standards)
We will NOT:
- Build production-grade fintech systems or trade live capital
- Cover deep technical implementations (we treat code as supplement, not core)
- Run a separate written exam or final-pitch competition — the cumulative flipped-session grade is the entire grade
Approach
Flipped-classroom alternation (12 weeks)
- Odd weeks (W1, W3, W5, W7, W9, W11): regular lecture introducing the topic
- Even weeks (W2, W4, W6, W8, W10, W12): flipped session — all groups present and allocate tokens
- Groups of 4, formed by end of Week 1
Token mechanic (the grading vehicle)
- 20 tokens per group per flipped session
- Each group allocates them to other groups, weighing insight · originality · clarity · critical depth
- Cumulative across 6 sessions = 50% of final grade · lecturer evaluation = 50%
Course at a glance (1/3)
Foundations of Digital Disruption in Financial Services
What is ‘emerging tech in finance’, how did we get here, where is it going
- Three waves of digital disruption in finance
- Today’s actors: incumbents, challengers, Big Tech, infrastructure
- Regulatory backdrop: PSD2, MiCA, EU AI Act
- Why now: structural drivers
- What this course will cover
Flipped — Digital Disruption in Financial Services
Group presentations · token allocation · discussion
- Recap of the foundations lecture
- Group presentations on digital disruption
- Token allocation & next steps
Agentic AI & LLMs in Finance
From LLMs to agents · applications · failure modes · EU AI Act
- LLMs in finance: architecture, training, capabilities
- Agentic AI: from answers to actions
- Applications: RAG, robo-advisors, AML, trading agents
- Failure modes: hallucination, drift, prompt injection
- Governance: EU AI Act and high-risk obligations
Flipped — Agentic AI & LLMs in Finance
Group presentations · token allocation · discussion
- Recap of the agentic AI lecture
- Group presentations on real LLM and agent deployments
- Token allocation & next steps
Blockchain, Crypto, DeFi & Tokenisation
From distributed ledgers to MiCA-regulated markets
- Blockchain primer: ledgers, consensus, smart contracts
- Crypto markets: BTC, ETH, stablecoins
- DeFi primitives: AMMs, lending, derivatives
- Tokenisation of real-world assets
- MiCA framework and EU enforcement
Course at a glance (2/3)
Flipped — Blockchain, Crypto, DeFi & Tokenisation
Group presentations · token allocation · discussion
- Recap of the blockchain & DeFi lecture
- Group presentations on real protocols and deployments
- Token allocation & next steps
Fintech Business Models
Neobanks, embedded finance, BNPL, Open Banking, Big Tech in finance
- Neobanks: N26, Revolut, Monzo, Chime
- Embedded finance & BaaS
- BNPL: Klarna, Affirm, regulatory pushback
- Open Banking & PSD2 outcomes
- Big Tech in finance
Flipped — Fintech Business Models
Neobanks, embedded finance, BNPL · group presentations · token allocation
- Recap of the fintech business-models lecture
- Group presentations on real companies and unit economics
- Token allocation & next steps
RegTech, Cybersecurity & Privacy-Preserving Compute
Industrialising compliance · cyber-threat landscape · ZKPs, MPC, federated learning · post-quantum
- RegTech overview: industrialising compliance
- KYC/AML automation in production
- Cybersecurity threats in finance
- Privacy-preserving compute: ZKPs, MPC, federated learning
- Post-quantum cryptography & the migration
Flipped — RegTech, Cybersecurity & Privacy-Preserving Compute
Group presentations · token allocation · discussion
- Recap of the RegTech & security lecture
- Group presentations on vendors, incidents, and emerging tech
- Token allocation & next steps
Course at a glance (3/3)
CBDCs & the Future of Money
Wholesale vs retail design · Digital Euro · e-CNY · programmable money
- What’s a CBDC: wholesale vs retail
- The Digital Euro state of play
- China’s e-CNY and small-country implementations
- Programmable money: feature, threat, or both
- Stablecoins as private money: tension with CBDCs
Flipped — CBDCs & the Future of Money
Final session · group presentations · token allocation · course wrap-up
- Recap of the CBDCs lecture
- Group presentations on real CBDC projects
- Token allocation, final standings, and course retrospective
Assignments / Exams
Flipped-Classroom Presentation Series 100% of your grade
Six in-class group presentations across six emerging-tech topics, graded cumulatively. Each session: 50% peer-allocated tokens + 50% lecturer evaluation.
Group of up to 4.
Submit by emailing oliver.padmaperuma@uni-ulm.de, CC andre.guettler@uni-ulm.de. Subject pattern: Emerging Technology & Finance_assignment-1-flipped-classroom-presentations_surname1_surname2_…
21 January 2027
10.2 Recap: RegTech, Cybersecurity & Privacy-Preserving Compute
- 10.1 Course objectives
- 10.2 Recap: RegTech, Cybersecurity & Privacy-Preserving Compute
- 10.3 Session agenda
- 10.5 Token allocation
- 10.6 Lecturer reflection
- 10.7 Wrap-up & next steps
What we covered last week
- RegTech overview — using technology to industrialise compliance: KYC, AML, transaction monitoring, regulatory reporting (Arner, Barberis, and Buckley 2017).
- AI-assisted AML/KYC — what false-positive and false-negative rates actually look like in production; the human-review backlog problem.
- Cybersecurity threats in finance — APT actors targeting banks (Lazarus, FIN7), ransomware, supply-chain attacks (e.g. SolarWinds, MOVEit).
- Privacy-preserving compute — zero-knowledge proofs (Goldwasser, Micali, and Rackoff 1989), multi-party computation, federated learning (McMahan et al. 2017) — when each one matters.
- Post-quantum cryptography — NIST’s standards (National Institute of Standards and Technology 2024) and the financial-system migration timeline.
Notes
The thread last week was that “compliance” used to be a back-office cost centre; in 2026 it is a tech-driven competitive moat. The leading banks have invested years industrialising their compliance stack; the laggards face EU operational-resilience deadlines and post-quantum-migration deadlines simultaneously. Tonight, find specific evidence of who is moving and who is not.
Open questions to dig into today
- Can AI actually close the AML detection gap, or does it just shift its mistakes to a different segment?
- Is the post-quantum transition genuinely urgent for finance, or a hypothetical that’s being over-marketed?
- Privacy-preserving compute has been “5 years away” for 25 years. When does it actually deploy at scale?
- What does DORA (Digital Operational Resilience Act, in force January 2025) actually change inside an EU bank?
Notes
The temptation in this topic is to drift into vendor jargon. Stay concrete: a specific bank, a specific deployment, a specific number — not “advanced AI-powered solutions.”
10.3 Session agenda
- 10.1 Course objectives
- 10.2 Recap: RegTech, Cybersecurity & Privacy-Preserving Compute
- 10.3 Session agenda
- 10.5 Token allocation
- 10.6 Lecturer reflection
- 10.7 Wrap-up & next steps
Today’s flow
- 14:00 — Welcome & recap (5 min)
- 14:05 — Group presentations (6 min + 2 min Q&A each)
- 15:00 — Lecturer reflection (10 min)
- 15:10 — Token allocation (5 min on Moodle)
- 15:15 — Wrap-up & prep for next regular lecture (5 min)
Notes
Standard flow.
Group presentation order
- Angle: A KYC / AML RegTech vendor (ComplyAdvantage · Chainalysis · TRM · Feedzai)
- Slot: 14:05–14:13
- Angle: A major cyber incident in finance — postmortem and lessons
- Slot: 14:13–14:21
- Angle: Zero-knowledge proofs in finance — real deployments (zkRollups · zkKYC)
- Slot: 14:21–14:29
- Angle: Federated learning case (Apple · Google · WeBank · J.P. Morgan)
- Slot: 14:29–14:37
- Angle: Post-quantum migration plan — concrete bank or infrastructure example
- Slot: 14:37–14:45
- Angle: DORA in practice — what changed inside an EU bank since January 2025
- Slot: 14:45–14:53
What groups present today
6 min + 2 min Q&A. Each presentation must include:
- One specific vendor / incident / standard / regulation.
- Measurable evidence — false-positive rates, incident impact ($), audit findings, public statements.
- The critical view — what’s overclaimed, what’s hard, what’s not yet solved.
- 1–2 discussion prompts.
10.4 Group presentations
Group 1 — KYC / AML RegTech vendor
- Pick one. Bring: what they actually do (rule-based vs ML), customer list, an honest false-positive rate.
- The strongest version compares them to the bank’s own internal stack.
Notes
Live-fill slide.
Group 2 — Major cyber incident in finance
- Candidates: Capital One 2019, SolarWinds 2020, MOVEit 2023, ICBC 2023 ransomware, recent supply-chain compromises.
- Bring: timeline, root cause, customers affected, the regulatory response.
- The strongest version generalises one transferable lesson to today’s defenders.
Notes
Live-fill slide.
Group 3 — Zero-knowledge proofs in finance
- Candidates: zkRollups (Polygon, Starknet, zkSync), zkKYC pilots, on-chain audit attestations.
- Bring: the privacy claim, what is genuinely zero-knowledge, what is just on-chain commitments.
- The strongest version explains where ZKPs add value over plain encryption.
Notes
Live-fill slide.
Group 4 — Federated learning case
- Candidates: Apple on-device ML, Google Gboard, WeBank FATE, J.P. Morgan inter-bank fraud detection.
- Bring: who participates, what is exchanged, what is not exchanged, and the privacy threat model.
- The strongest version is honest about how strong the privacy guarantee actually is in production.
Notes
Live-fill slide.
Group 5 — Post-quantum migration
- Candidates: HSBC’s quantum-safe pilot, SWIFT’s PQC roadmap, BIS Innovation Hub Project Leap.
- Bring: which crypto primitives are being swapped, on what timeline, with what cost.
- The strongest version answers “what breaks first if a cryptographically-relevant quantum computer arrives in 2030?”
Notes
Live-fill slide.
Group 6 — DORA in practice
- Bring: which categories of EU financial institutions are in scope, the four pillars (ICT-risk, incident reporting, resilience testing, third-party-risk), and an example bank’s published response.
- The strongest version names what concrete operation now runs differently.
Notes
Live-fill slide.
10.5 Token allocation
- 10.1 Course objectives
- 10.2 Recap: RegTech, Cybersecurity & Privacy-Preserving Compute
- 10.3 Session agenda
- 10.5 Token allocation
- 10.6 Lecturer reflection
- 10.7 Wrap-up & next steps
How tokens work
- 20 fresh tokens per group per session.
- Other groups only — no self-allocation. Total = 20.
- Moodle quiz opens for 5 minutes after the last presentation.
Notes
Standard rules.
Allocation rubric
- Insight — taught you something new?
- Originality — fresh angle?
- Clarity — followable?
- Critical depth — honest appraisal?
Notes
Topic-specific: tonight reward groups that distinguished cryptographically meaningful claims from marketing-grade claims. This topic generates the most jargon-dense vendor slides in finance.
Tonight’s leaderboard
| Group | Tokens this week | Cumulative |
|---|---|---|
| Group 1 | — | — |
| Group 2 | — | — |
| Group 3 | — | — |
| Group 4 | — | — |
| Group 5 | — | — |
| Group 6 | — | — |
- We’re in the final third — Weeks 10 and 12 still ahead.
- Token spreads tend to narrow as groups learn from each other.
10.6 Lecturer reflection
- 10.1 Course objectives
- 10.2 Recap: RegTech, Cybersecurity & Privacy-Preserving Compute
- 10.3 Session agenda
- 10.5 Token allocation
- 10.6 Lecturer reflection
- 10.7 Wrap-up & next steps
Standout insights & common gaps
- Standouts (live-fill): groups that grounded a technical claim in a measurable production reality.
- Common gaps (live-fill): typically — (a) confused “uses cryptography” with “uses ZKPs”; (b) accepted vendor false-positive claims without source; (c) treated DORA as a paper exercise rather than an operational change.
Notes
The hardest discipline tonight is distinguishing what is new from what is rebranded. Many “RegTech” products are old rule engines with a UI. Many “AI” features are simple anomaly detectors. The signal is in production metrics, not slide decks.
Concepts to revisit next regular lecture
- The privacy / surveillance trade-off we touched on (federated learning, ZKPs) returns in CBDCs — the same trade-off, now applied at central-bank scale.
- The post-quantum thread also bridges to CBDCs: any CBDC design has a 30-year horizon and must consider quantum-safe primitives from day one.
Notes
Lecture 11 picks up exactly the technologies we surveyed tonight, applied to the most consequential design choice in central banking right now: a CBDC.
10.7 Wrap-up & next steps
- 10.1 Course objectives
- 10.2 Recap: RegTech, Cybersecurity & Privacy-Preserving Compute
- 10.3 Session agenda
- 10.5 Token allocation
- 10.6 Lecturer reflection
- 10.7 Wrap-up & next steps
Course at a glance (1/3)
Foundations of Digital Disruption in Financial Services
What is ‘emerging tech in finance’, how did we get here, where is it going
- Three waves of digital disruption in finance
- Today’s actors: incumbents, challengers, Big Tech, infrastructure
- Regulatory backdrop: PSD2, MiCA, EU AI Act
- Why now: structural drivers
- What this course will cover
Flipped — Digital Disruption in Financial Services
Group presentations · token allocation · discussion
- Recap of the foundations lecture
- Group presentations on digital disruption
- Token allocation & next steps
Agentic AI & LLMs in Finance
From LLMs to agents · applications · failure modes · EU AI Act
- LLMs in finance: architecture, training, capabilities
- Agentic AI: from answers to actions
- Applications: RAG, robo-advisors, AML, trading agents
- Failure modes: hallucination, drift, prompt injection
- Governance: EU AI Act and high-risk obligations
Flipped — Agentic AI & LLMs in Finance
Group presentations · token allocation · discussion
- Recap of the agentic AI lecture
- Group presentations on real LLM and agent deployments
- Token allocation & next steps
Blockchain, Crypto, DeFi & Tokenisation
From distributed ledgers to MiCA-regulated markets
- Blockchain primer: ledgers, consensus, smart contracts
- Crypto markets: BTC, ETH, stablecoins
- DeFi primitives: AMMs, lending, derivatives
- Tokenisation of real-world assets
- MiCA framework and EU enforcement
Course at a glance (2/3)
Flipped — Blockchain, Crypto, DeFi & Tokenisation
Group presentations · token allocation · discussion
- Recap of the blockchain & DeFi lecture
- Group presentations on real protocols and deployments
- Token allocation & next steps
Fintech Business Models
Neobanks, embedded finance, BNPL, Open Banking, Big Tech in finance
- Neobanks: N26, Revolut, Monzo, Chime
- Embedded finance & BaaS
- BNPL: Klarna, Affirm, regulatory pushback
- Open Banking & PSD2 outcomes
- Big Tech in finance
Flipped — Fintech Business Models
Neobanks, embedded finance, BNPL · group presentations · token allocation
- Recap of the fintech business-models lecture
- Group presentations on real companies and unit economics
- Token allocation & next steps
RegTech, Cybersecurity & Privacy-Preserving Compute
Industrialising compliance · cyber-threat landscape · ZKPs, MPC, federated learning · post-quantum
- RegTech overview: industrialising compliance
- KYC/AML automation in production
- Cybersecurity threats in finance
- Privacy-preserving compute: ZKPs, MPC, federated learning
- Post-quantum cryptography & the migration
Flipped — RegTech, Cybersecurity & Privacy-Preserving Compute
Group presentations · token allocation · discussion
- Recap of the RegTech & security lecture
- Group presentations on vendors, incidents, and emerging tech
- Token allocation & next steps
Course at a glance (3/3)
CBDCs & the Future of Money
Wholesale vs retail design · Digital Euro · e-CNY · programmable money
- What’s a CBDC: wholesale vs retail
- The Digital Euro state of play
- China’s e-CNY and small-country implementations
- Programmable money: feature, threat, or both
- Stablecoins as private money: tension with CBDCs
Flipped — CBDCs & the Future of Money
Final session · group presentations · token allocation · course wrap-up
- Recap of the CBDCs lecture
- Group presentations on real CBDC projects
- Token allocation, final standings, and course retrospective
Prepare for next regular lecture
- Skim Brunnermeier, James, and Landau (2019) (NBER WP, 25 pages) — the framing piece on money digitalisation.
- Read Auer and Böhme (2020) (BIS Quarterly, 15 pages) — retail CBDC design taxonomy.
- Pick a country whose CBDC you’ll dig into for Week 12: ECB Digital Euro, China e-CNY, Sweden e-krona, Bahamas Sand Dollar, Nigeria eNaira.
Notes
Lecture 11 is the last regular lecture; Lecture 12 is the final flipped session. Both are dense — read ahead.
See you next time
- Token allocation: Moodle quiz open now — 5 minutes.
- Slide PDFs archived under Week 10.
- Lecture 11 (next Thursday): CBDCs & the Future of Money — wholesale vs retail design, the Digital Euro state of play, programmable money.