The retirement of Laurence Eastham as our
illustrious, long-standing Editor provides a poignant opportunity to consider
the likely developments in law and technology that will cause us to miss his
insightful, acerbic observations. And from where I sit – gazing out over a
savannah dotted with weary financial beasts migrating to their doom, plagued by
eager challengers nipping at their hindmost, private equity vultures circling
on the thermals and the odd, pathetic pot-shot from the regulators – there will
be many.
Brexit, Distributed Finance and the Role of
Irish Law
No wistful gaze into a future deserving of
acerbic wit could fail to be drawn immediately to the flailing Brexit beast,
scattering European HQs and 5,476 ‘outbound’ passporting financial firms from
the UK into the remaining EU27 Member States.
The days of the Double Irish with a Dutch
Sandwich might be numbered from a tax standpoint, but they’ll be consumed
aplenty by UK lawyers and IT professionals in their travels to and from the
EEA.
Political timelines are irrelevant, operationally
speaking. The gross uncertainty over the UK’s trade status means we have passed
the point of no return for UK businesses anxious to preserve and grow their
relationships with customers in the remaining EU27 countries, as well as in
non-EU markets accessed under EU trade arrangements. The time for reassuring
announcements is over, and firms are already acting to keep their operations
running smoothly up to and beyond 29 March 2019. New entities must be
established, authorised or appointed as agents; local bank accounts opened;
offices leased; management and staff relocated or employed; equipment, stock or
assets, and related licenses purchased; IT and process changes developed and
tested; and contracts with customers and suppliers novated.
These preparations raise numerous tax,
legal and accounting issues in their own right. But the choice of law under
which each new entity contracts with customers and suppliers, and which courts
will govern disputes, are critical to making the transition less difficult.
Customers and suppliers who contract under
English law will probably want the contractual terms to remain broadly the
same, even if certain aspects might need to change, such as billing and payment
details, currency and pricing and the legal basis for sharing EEA-residents’
personal data with UK operations. There won’t be an EU ‘adequacy decision’ on
the UK’s data protection standards before April 2019 and no timetable can even
be agreed for reaching one unless and until the UK has actually left the EU.
In these circumstances, choosing Irish law
to govern at least the commercial aspects of new contracts in the EU27 becomes
a no-brainer. Irish law is substantively very similar to the law of England
& Wales, and Ireland will be the only purely common-law jurisdiction in the
EEA. The few differences can be either simply flagged and understood or
explicitly accommodated if necessary. So, while the counterparties are well
advised to run a final check of the contract with local Irish counsel, they do
not face the comparatively awkward and expensive exercise in understanding the
numerous substantive differences between English common law and the codified,
civil law system of other EU Member States.
Ireland is also the easiest EU27
jurisdiction in which UK lawyers can re-certify, as might well be the case for
the many other types of licensed professionals whose qualifications will no
longer be recognised by the EU after Brexit.
Ireland should also represent a very useful
partner through which to engage with EU regulatory developments.
Annual Conference in Dublin, anyone?
EMD/PSD3, MiFID III, CryptoAssets,
Algorithms and the Next Financial Crisis
While we remain firmly in the grip of the
last financial crisis, the next one looms large. But from which direction will it
come?
Over-hyped (and over-ICO’d), distributed
ledger technology does have its use-cases and the technology is gradually being
adopted in ways that are both responsible and desperately mundane (think
tracing supermarket supply chains and international freight). Meanwhile the
prediction of mass consumer adoption, and even the adoption of DLT in wholesale
financial markets appears to have suffered from overestimates in terms of
timing (the ‘planning fallacy’) and potential impact. For context, the Bank of England
notes that the total value of ‘crypto-assets’ at the highest peak to date
(January 2018) equated to less than 1% of global GDP, while the peak valuation
of US tech stocks in the dot.com bubble peaked at nearly a third of GDP and the
value of credit default swaps reached 100% of GDP before the financial crisis
hit home in 2008.[1]
So, crypto-assets may have grabbed some
headlines with their volatility and use by criminals and speculators, but they
are not the big game in town.
No – innovators are still relying on the
rapid evolution of existing technology to challenge the regulatory frameworks
designed to govern the more traditional methods of paying, moving money and
trading in investment assets.
In particular, the use of algorithms in the
financial markets has evolved steadily since the initial ‘computerization’ of
order flows in the 1970s, program trading in the 1980s, the sudden deregulation
of financial markets, or ‘Big Bang’ in 1986 which ended various restrictive
practices of the London Stock Exchange brought electronic trading; electronic
communication networks that enabled trading in fractions of stock to improve
liquidity; and ‘dark pools’ in private trading systems. Now we have icebergs,
sharks, pinging and low-latency to facilitate high frequency trading at speeds
blockchainers can only dream about. The devastating ‘runs’ of the 2008
financial crisis were on money market funds and broker dealers – not bank
deposits. And if you think loose processing of personal data had nothing to do
with that, consider that US lenders were foreclosing on mortgages they no
longer even owned! The scale of financial intermediation that still occurs outside
depository banks, or ‘shadow banking’ (a term only coined in 2007 as concerns
about its growth began to be expressed in central banks), is said to be
‘stable’ at about 25% of all financial assets and 120% of global GDP[2] or $45 trillion
in 2016 money.[3] And following
the sovereign debt crisis earlier this decade, many of the ‘quantum easing’
measures implemented to protect the global financial system remain in place.
So, the global financial system remains hooked on cheap money that is
feverishly seeking high returns while shuffling risk like a pack of cards.
Meanwhile, the deployment of algorithms has
become cheaper they’ve bled into retail credit, marketing and politics. The
gullible have become besieged by online lenders, fake news, phishermen and
populist politicians all at once – and at a time when UK household finances are
worse than at any time on record.[4]
While many of the major events that shape
our history are ‘Black Swans’ – surprises that we attempt to rationalize by
hindsight – it’s no great stretch to suggest that the catalyst for the next
financial meltdown could prove to have been the ‘successful’ deployment of algorithms
and behavioural targeting in support of the nefarious ‘Leave’ campaign. That
result, and the ensuing political paralysis, has already up-ended the UK’s
global trading relationships, regardless of what happens on March 2019. Just as
manufacturers who depend on EU country of origin are moving their processes and
supplier relationships, the promised end to financial services ‘passporting’
means UK firms and their customers are already relocating their interconnection
with the world’s largest trade bloc at a time when we are still in the grip of
the previous financial crisis.
Against this background, financial
regulation has moved at a snail’s pace. Not only are regulatory frameworks
anchored to the past, they are also desperately slow to adapt to the type of
seismic shifts that have put the adoption of cryptocurrencies to shame.
The solvency of Europe’s insurance
companies was first addressed in 1973 with the Solvency Directive. The Basel
Committee was only established in 1974 to enhance financial stability by
improving the quality of banking supervision worldwide.[5]
International co-operation on investment activity, in Europe at least, only
really took off with the Investment Services Directive in 1993 (and the UK
didn’t consolidate its financial sector regulators until 2000). The first
attempt to carve-out payment services from the European banking monopoly
occurred in the form of the first E-money Directive in 2000, but had little
impact. Cue a seemingly endless process of rule-and-law-making that has utterly
failed to keep pace with market developments. The directive on markets in
financial instruments (MiFID) arrived in 2004-2006 just in time for critical
weaknesses to be exposed during 2007-2008. The next attempt to liberate
payments from the cold, dead hands of European banks only came with the first
Payment Services Directive in 2007-2009. Solvency II was passed in 2009 to
shore-up insurers but was not implemented for another seven years. MiFID II
evolved during 2010-2014 but implementation was delayed until 2018. PSD2 was
passed in 2015 but only implemented in 2018. A decade after costly bank
bailouts, the UK is yet to implement all its promised changes.
And it has taken 25 years for legislators
to even begin to properly address successive revolutions in the processing of
personal data, and even those efforts failed to prevent the Cambridge Analytica
scandal.
At any rate, it’s hard to see why pure financial
regulation will be any defence to an algorithmically driven financial crisis.
But perhaps there’s another way to approach
that type of risk…
GDPR2, Adtech and Ethics in Artificial
Intelligence
To understand the rationale for the
deployment of retail algorithms involves a descent into the opaque world of
‘adtech’
The erosion of privacy and dissemination of
fake news and scams amongst the gullible are among the worse externalities of
the social media/networking services and their ad-based revenue model.
For me, one of the key promises of the
‘semantic web’ where machines talk to machines has been the gradual decline of
advertising altogether.
I see no technological reason why our
powerful consumer devices cannot host personalized applications that search
suppliers’ systems for what we need or want, and buy automatically with minimal
human intervention. In that scenario, products would be designed and optimized
according to actual customer demand, rather than suppliers’ fantasy humans.
The requirements for privacy by default and
by design in GDPR are also consistent with such a human-driven model, as are
concerns that long-term, loyal but disengaged customers pay more for goods and
services (what Citizens Advice calls ‘the loyalty penalty’ in its wide-ranging
super-complaint to the Competition and Markets Authority).[6]
The Department for Business, Energy and Industrial Strategy has also launched a
Smart Data Review to accelerate the development and use of data-driven
technologies to make it easier for consumers to get good deals on essentials
and put an end to unjustifiable loyalty premiums.[7]
Yet the ‘adtech’ industry is
still persuading retail CFOs to channel vast fortunes into formulating merely
probabilistic, supplier-driven customer profiles; and ad campaigns that that
are then necessary to attempt to find people who appear to fit, or can be
persuaded to aspire to, those profiles. Indeed, I’ve often wondered
how well these CFOs understand the distinction between data that is normally
distributed (human physiology) and data that is not (human behaviour). No
matter that untold amounts leak out of this process through click-fraud, ghost
sites, stacking and click farms; or that no one seems to actually click on ads
anyway. Ironically, the dominant search engine for consumers – which is
perfectly placed to enable consumer machines to interrogate supplier machines –
is actually among the largest advertising platforms and other intermediaries
which feed on the fees paid by suppliers to serve ads at prices determined by
auctions in which bids are based on competing analysis of the value to each
advertiser of a given user data and profile. And rather than reverse the model
to put consumers in control, the industry doubles-down on ever more intrusive
processing of consumers’ personal data, with the result that the consumer’s
device will eventually become open to suppliers’ machines and those of the
their advertising intermediaries, many layers away from humans in suppliers’
marketing departments.
You might scoff at the importance of these
distinctions in a discussion about washing powder ads. But you feel less
comfortable as the conversation turns to who determines the price of everything
you buy or who runs your country and how it trades with the world.
This represents the triumph of the
‘institutional narrative’ over the human narrative.
Regulation has not helped at all. Perhaps
our awareness has been heightened by the long-anticipated arrival of GDPR, but
the interference with the EU referendum process and the ensuing destruction of
the UK’s favourable trade arrangements has shown that the ethical issues go far
beyond privacy concerns.
Yet the current UK government, for example,
does not accept that the Leave campaign or Cambridge Analytica did anything
‘wrong’ with people’s data by using adtech to deliver ‘fake news’, false
promises, outright lies and distorted messages to the gullible (no doubt
wasting a large proportion of illegal donations in the process, but that is
slim consolation). Senior Brexiteers say the illegality resulting in fines by
the Electoral Commission and ongoing investigation by the ICO and the police
are merely politically motivated ‘allegations’ by do-good ‘Remoaners’. Ministers
have dismissed their own false ‘promises’ as merely ‘a series of possibilities’[8]. Anyone who
challenges that result is ‘ignoring the will of the people’ and ‘undermining
democracy’ as if both were somehow locked in a vault forever by a single
advisory referendum in 2016.
This is not to say that the current adtech
model or the breakout of anti-rationalism and populism from its usual
constraints will last terribly long. But getting these genies back in their
bottles is no trivial exercise, and society will need to remain on guard in future.
But which brand of ethics should govern the
use of algorithms and AI? What types of decisions should be made ‘artificially’
or automatically?
The answer partly depends on your preferred
flavour of ethics – utilitarianism, Kantian ethics, natural law and so on – and
probably your politics. And what should be decided automatically is hard to
determine when you can’t ‘see’ the content that the algorithms are posting to
each person’s Facebook feed.
Efforts to instil ethics in artificial
intelligence have snowballed to the point where not only is there a House of
Lords Select Committee on Artificial Intelligence, but it has surveilled the
landscape in detail and already reported this year.[9]
The SCL began its own focus on ‘keeping
humans at the heart of technology’ in 2016 and Lord Clement-Jones hosted a
panel on the Lords’ Select Committee report at this year’s Annual Conference.
Some talk of responsible innovation and
proactive governance with all stakeholders’ needs represented from the outset,
while society can choose which ethical principles apply.[10]
And this should work so long as the vast majority regard the mechanism for
choosing (eg referenda or elections) as fair.
Yet we also need to take very practical
steps to ensure transparency for those who are ultimately affected by the
deployment of artificial intelligence, which tends to occur a long way
‘upstream’ in the adtech or credit scoring processes, for example. We need
functional specifications of what AI will and will not do; and these have to be
presented to end-users and consumers in a way that is consumable.
Other commentators optimistically point to
the fact that we have evolved already successfully prospective ethical
governance programmes for genetics and certain types of armaments.[11] These
programmes are backed by regulation and sanctions that reflect those principles
and can be used against bad actors (subject to UN vetoes).
We can balance more targeted sanctions for
failing to honour ethical requirements related to adtech and consumer finance,
for example – and foster innovation and competition – by making it a defence
(as it is in payments regulation) for the accused to show that they took all
reasonable precautions and exercised all due diligence to avoid committing the
offence.
But these efforts will only work if we
embed ethical principles in the development of artificial intelligence in the
first place.
Simon Deane-Johns is a consultant solicitor
with Keystone Law and Chair of the SCL Advisory Board.
[1] Cited on p 6 of the
House of Commons Treasury Select Committee report on Crypto-assets, 12
September 2018.
[2] According to the Bank
of England’s Financial Stability Board:
http://www.fsb.org/wp-content/uploads/r_141030.pdf
[3] https://www.bloomberg.com/quicktake/shadow-banking
[4] https://www.theguardian.com/money/2018/jul/26/household-debt-in-uk-worse-than-at-any-time-on-record
[6]
https://www.citizensadvice.org.uk/about-us/policy/policy-research-topics/consumer-policy-research/consumer-policy-research/excessive-prices-for-disengaged-consumers-a-super-complaint-to-the-competition-and-markets-authority/
[7]
https://www.gov.uk/government/news/smart-data-to-protect-consumers-from-rip-off-tariffs
[8] https://www.theguardian.com/politics/2016/jun/27/eu-referendum-reality-check-leave-campaign-promises
[9] ‘AI in the UK: ready,
willing and able? https://publications.parliament.uk/pa/ld201719/ldselect/ldai/100/100.pdf
[10] Professor Marina
Jirotka at the SCL Annual Conference 2018
[11] Duncan Card at the SCL
Annual Conference 2018