Document is current

Article History

Received: 1 September 2025

Accepted: 13 October 2025

First Online: 18 November 2025

Declarations

:

: The authors declare no competing interests.

: This study was conducted in full compliance with institutional ethical guidelines and international data protection regulations. The research protocol received approval from the Guangxi International Business Vocational College Institutional Review Board (IRB approval number: GIBVC-2023-FIN-047, approved March 15, 2023, valid through March 14, 2026).

: All three participating grain enterprises provided written informed consent following comprehensive briefings on: (1) data collection scope and methods; (2) intended research purposes and potential publications; (3) data retention periods (5 years post-publication); (4) participant rights to withdraw (exercisable until data anonymization completion); (5) potential risks including re-identification attacks despite anonymization measures. Consent documents included explicit authorization for academic publication of aggregated results. Enterprise legal representatives and data protection officers co-signed consent forms.

: Multi-layered anonymization protected enterprise identities and individual financial records. Enterprise names were replaced with random identifiers (ENT-A, ENT-B, ENT-C) with mapping tables stored separately under encryption. Personally identifiable information (PII) including employee names, customer identities, and specific counterparty details were stripped prior to analysis. Financial amounts were scaled by random enterprise-specific constants (1.0 ± 0.15) to prevent absolute value identification while preserving relative patterns and ratios. Geographic locations were generalized to provincial level. Temporal data were aggregated to monthly granularity for reporting (daily resolution retained internally). K-anonymity (k ≥ 5) was verified for all published statistics to prevent individual record identification. Differential privacy noise (ε = 1.0) was added to aggregate statistics where applicable.

: Data handling protocols adhered to multiple regulatory frameworks: (1) GDPR compliance (applicable to EU-based counterparty data): lawful basis established as legitimate interest for research purposes; data minimization principles applied; processing impact assessments conducted; data subject rights mechanisms implemented. (2) China Personal Information Protection Law (PIPL): obtained explicit consent for cross-border data transfers; appointed data protection officer; maintained processing activity records. (3) Financial industry standards: followed PCI-DSS requirements for payment card data; adhered to Basel Committee operational risk management guidelines; complied with local securities regulator data governance rules.

: Technical safeguards included: AES-256 encryption for data at rest; TLS 1.3 for data in transit; role-based access control with multi-factor authentication; audit logging of all data access events; secure on-premise computing infrastructure (no cloud storage of raw data); regular penetration testing and vulnerability assessments; incident response plan with 24-h notification protocols. All research personnel completed data protection training and signed confidentiality agreements.

: The deployment of AI decision support systems raised specific ethical concerns that were addressed through: (1) Fairness audits: tested for algorithmic bias across enterprise size, geographic regions, and transaction types, finding no significant disparities (p > 0.05 for all protected attributes); (2) Transparency mechanisms: implemented SHAP-based explanation generation for all automated decisions; (3) Human oversight: maintained human-in-the-loop requirements for high-stakes decisions (transactions > $100K, regulatory flagged events); (4) Accountability structures: established clear responsibility chains for AI-assisted decisions; (5) Continuous monitoring: deployed bias detection dashboards tracking fairness metrics in production.

: Despite robust measures, we acknowledge that complete re-identification risk elimination is theoretically impossible. Residual risks include: (1) potential linkage attacks combining our published results with external datasets; (2) inference attacks exploiting correlations between published variables; (3) membership inference determining if specific enterprises participated. We mitigated these through: conservative suppression of small-cell counts; top-coding extreme values; adding controlled noise; limiting published model granularity.