FinTech, Data Governance and Ethics
By Dr Jane Thomason
Data, data, data.
FinTech automates and improves the delivery of financial services, through algorithms and specialized software to manage financial processes and operations. FinTechs collect and use vast amounts of user data and need to keep that data safe. As users of financial data, they are very attractive to cyber crime.
To illustrate recent data breaches include Capital One, Mastercard, Sberbank, Fiserv, and JP Morgan Chase, and the financial sector has been named as the second largest source of data breaches by the Australian information regulator. The World Economic Forum’s Global Risk 2016 report, identified cybersecurity as one of the top risks to commercial activity. Businesses worldwide spend approximately US$84 billion in defending data breaches that cost them $2 trillion USD in damages and this could increase to $90 trillion USD by 2030 if cyber-attacks remain unchecked. FinTechs are at high risk of third party security, malware attacks, application security risk, money laundering risk, digital identity risks, and cloud based security risks.
What are the Ethical Issues?
Brett Scott, in Hard Coding Ethics into Fintech, raises some powerful ethical questions related to automation.
Does automation reduce the ethical awareness and responsibility of financial professionals?
Does automation reduce customer awareness of ethics?
Does automation lead to financial surveillance?
Scott makes the point: “Financial data reveals very deep insights into how people act in the world, and–when combined with other data sets–potentially allows institutions to know you better than you know yourself.” Put simply, this opens the potential for unethical use of your data to influence you to make financial decisions. Rory Macmillan points out consumer vulnerability when the seller knows far more about a consumer than they know about the seller, the product or, in some cases, even their own habits and interests.
So if you consider proximity, the closer decisions makers are to the issue, the more ownership and accountability they are likely to take. However, as cloud computing is abstract and decision makers are often distant from the technology and control mechanisms, they are at risk of having less ownership and accountability for technical details.
Philippe Lopez , Head of Cyber and Resilience, Asia Pacific, HSBC, outlined five key ethical principles for FinTechs – Trust, Accountability, Proximity, Cultural Lag and Privacy.
Trust is vital and must be earned. FinTechs rely on third party cloud computer providers – can they be sure that the data is protected appropriately, that third-parties maintain appropriate access (or no access) to sensitive data, and that data is retained and disposed of appropriately?
Accountability is also a grey area in cloud computing. Service providers avoid risk and legal liability through a “shared responsibility model”. Consumers need assurance that the controls for the Fintech cloud ecosystem are implemented and maintained, and are addressed through a mature technology and cyber risk management framework.
Proximity Procedural controls such as data handling, business/system ownership governance, and risk reporting work should encourage and maintain a proximate relationship between the system stakeholders and the assets that are being maintained. A highly proximate relationship will strengthen accountability when things go wrong.
Cultural Lag means it takes time for company and consumer culture to catch up with technological innovations.
Privacy Cloud computing has triggered a transformational change for the financial services industry from over-the-counter transactions to purely digital transactions that may also be guided by Robotic Process Automation. This changes the way the industry does business, but also the way that customers interact with the business.
Manisha Patel cites three key ethical concerns in digital finance; bias, accountability and transparency. The data sets upon which they work may not be a good representative sample. There may be low samples from certain minority segments, and some of bad data points. The data sets used will contain the biases in the social system. Transparency on what data is used by an algorithm is important first, to check whether an algorithm is discriminating on inappropriate grounds (e.g. based on a person’s ethnicity or religion). Second, to ensure that an algorithm could not be using a proxy measure to infer personal details from other data (e.g. guessing someone’s religion based on their name or country of origin). Third, to ensure the data being used are those that customers would deem acceptable.
Algorithms are made by humans and there should be accountability. The designers of the algorithm should put in place sufficient controls to make sure the algorithm performs as expected.
When an algorithmically generated recommendations form part of a decision-making process, consideration should be given: to determine whether the data on which the algorithm was trained match the circumstances of the current situation; the identification of situations where the output is likely to be flawed; where individual rights and freedoms are under consideration.
The decision-making process should preserve the human discretion to assess ‘un-thought of’ relevant factors, and to assess whether the decision is the one for which the algorithm was designed.
Nesta have published a code of standards for public sector algorithmic decision making. Several of these include some questions that have ethical relevance for FinTech. (i) Algorithms should be accompanied with a description of their function, objectives and intended impact, made available to those who use it. (ii) Organisations should publish details describing the data on which an algorithm was (or is continuously) trained, and the assumptions used in its creation, together with a risk assessment for mitigating potential biases. (iii) A list of all the inputs used by an algorithm to make a decision should be published. (iv) Customers should be informed when their treatment has been informed wholly or in part by an algorithm. (v) A named member of senior staff (or their job role) should be held formally responsible for any actions taken as a result of an algorithmic decision. Ethics by design as a growing trend. Agrafioti reports that RBC is already employing this methodology, conducting an ethics review of every product, even before research begins. “
In the end, FinTech management is responsible when things go wrong. The people behind the system must be truly responsible and ensure that the system protects customer data.
In considering FinTech ethics, we can learn from banking and finance. Linklaters on ethics in banking and finance outline three major aspects for ensuring ethical practices – the role of the Board in articulating a culture of risk awareness and ethical behaviour; how leadership and staff at all levels can shape the culture of an organization; and how the risk management and control framework embed and monitor ethical values within an organisation.These factors need to be considered by FinTech CEOs and Boards.
You need to know the right thing is being done with your data. People need to understand how their personal data will be managed and what their rights are.
González-Páramo suggests that customers could be provided a log containing information on how their personal data has been used. Customers should be able to disable the use of personal data, allowing FinTech’s to use certain types of data and prohibiting them to use other types of data.
Consent also remains a major issue. “Notice I’m saying valid consent, not informed consent, because what we’ve also learned that consent has three parts to it. One of them is, I must be adequately informed. Two, I must be able to make a decision. And three, I need to be able to understand and appreciate the information to make that decision”. Dr Kenneth Goodman
Singapore has long been a trend setter in terms of digital innovation and this remains the case in considering ethics in financial services. The Monetary Authority of Singapore, in conjunction with domestic financial institutions and Microsoft and Amazon Web Services, launched its fairness, ethics, accountability and transparency (Feat) principles for the use of AI and data analytics in decision making in 2018. They sought to develop this as a co-creation with industry . Singapore has taken a high-level, principles-based approach because it was targeting the whole financial ecosystem, regulated and non-regulated entities, from the smallest fintech start-ups to the large banks and tech giants.
FinTechs who can demonstrate a real commitment to ethical practice and leadership will hold the competitive advantage. CEOs and boards must lead the way.
Join us in Upcoming Free Webinar
“Ethics, Data Governance and Fintech”
𝐍𝐨𝐯𝐞𝐦𝐛𝐞𝐫 𝟏𝟕𝐭𝐡, 𝟐𝟎𝟐𝟎, 𝐓𝐮𝐞𝐬𝐝𝐚𝐲
𝟒:𝟎𝟎 𝐩𝐦- 𝟓:𝟎𝟎 𝐩𝐦, 𝐒𝐲𝐝𝐧𝐞𝐲
𝟑:𝟎𝟎 𝐩𝐦 -𝟒:𝟎𝟎 𝐩𝐦 ,𝐁𝐫𝐢𝐬𝐛𝐚𝐧𝐞
𝟗:𝟎𝟎 𝐚𝐦- 𝟏𝟎:𝟎𝟎 𝐚𝐦 ,𝐔𝐀𝐄
Registration link Click here: