Search This Blog

Thursday 21 June 2012

Innovation Meets The Financial Services Bill

Embedded below is a set of amendments to the Financial Services Bill which I've prepared with the help of a colleague, Tony Watts, at the invitation of several Peers to aid in their review of the Bill. The paper builds on a submission to the UK government in January.

The aim is to require the authorities to encourage responsible innovation in retail financial services generally and, as a case in point, to clear the way for the growth of peer-to-peer platforms - transparent, low cost services that are open to all but which don't tie up vast amounts of capital or require a public guarantee.

Specifically, these amendments will:
  1. Generally oblige the financial authorities to look outside the regulated markets when assessing whether there is adequate competition within those markets;  
  2. Remove the uncertainty, cost and delay in launching new peer-to-peer platforms, by creating a clear set of rules by which they must operate, regardless of the type of instruments available (reflecting the carve-out for retail payment services from the historic ‘banking monopoly’); 
  3. Enable the inclusion of peer-to-peer loans and investments within the small range of assets currently available to ordinary people via ISAs.
  4. Enable the same process of evolution towards cost-efficient and transparent financial services that we have already seen in other online retail markets.
The document is still in draft, and comments are welcome.

Saturday 16 June 2012

Rethinking Personal Data

On Thursday I joined a World Economic Forum 'tiger team' focused on rethinking personal data, a process that aims to build on reports revealing personal data as a new asset class, and meeting the challenges this evolution brings. My thanks to Liz Brandt at Ctrl Shift for inviting me along. Apparently, as one non-legal delegate put it, "there are not enough lawyers at these sorts of events."

In essence, we are moving from a world where data about each of us is compiled into large national databases by corporations and governments (since they are the only ones with the vast resources required to do it); to a world where personal data is highly distributed and grows with every interaction with or about each of us, so that no one can keep up with it, let alone store it in a single place. 

It's therefore important to understand that a "personal data store" is not envisaged as your own personal database of all personal information about you. "Store" is not used here in the sense of 'storage' but in the retail sense of controlling what is offered or sold (which is also not exactly appropriate but does the job for now). So a 'personal data store' is really just a set of rules that determine whether and how data about you can be used - wherever that data sits. It's another type of 'personal information management service'.

The WEF process involves first 'unpacking' the big notions of 'identity', 'privacy' and the imagined benefits to be gained from sharing personal data. These concepts are too static, theoretical - and too emotive - to use as the basis for establishing detailed rules for the responsible use of personal data. The significance and value of personal data can't be captured in a single dollar amount or 'yes'/'no' answer to whether it can be used. Instead, the value and utility of personal data is a hugely complex dynamic that varies by: 
  • the context or the activity we are engaged in, 
  • which persona we are using at that moment, 
  • the actual data being used or provided, 
  • the permissions given, 
  • the rights that flow from those permissions, and 
  • the various parties involved.
So in order to ensure that our transactions and other day-to-day activities are as frictionless and seamless as possible, we need a global set of rules that are flexible enough to address all these variables, with the protection of a person's rights at the centre. And those rules must be readable at various levels by humans, lawyers (legislature, courts, regulators, governance panels) and machines (computers, microchips).  

A previous tiger team session identified business, legal and technology as the three primary stakeholders or perspectives in agreeing such a set of rules. The business rules must first be established clearly at the outset, then vetted from a legal and governance standpoint, then coded in such a way that everyone can be confident machines will handle the data in accordance with the rules.

The current ambition is to agree a 'simple' set of common licences or sets of permissions which any individual can nominate to govern the use of their data in a given context (like the creative commons copyright system). The technological solution is a 'personal data mark-up language' that will enable anyone holding the consumer's data to 'mark-up' items of data in their existing databases to correspond to the permissions they've been given.

The legal aspect of this breaks down into a set of rights and duties from which liability and accountability can flow in a way that doesn't represent a deal-breaker for anyone in the overall process. Those rights and duties will obviously vary according to whether you are the individual data subject, the provider of a personal data store/service, a business customer relying on data about the individual or acting in a governance role. They must be compatible with public law, yet fill in many gaps where rights and duties are missing or unclear.

An earlier tiger team had proposed a useful set of rights and duties from the standpoint of the data subject. So we focused on the rights and duties of the service provider operating the personal data store on that data subject's behalf. We also made a start on the rights and duties for the governance role. The full write-up is due in the next few weeks, but some of the key issues we covered were: 
  • the need for transparency as to whether the provider of a personal data store is acting as a full agent in the fiduciary sense or as a lesser form of agent or broker; 
  • the need to ensure co-operation in the timeliness, accuracy, integrity and authenticity of the personal data accessible via the service; and
  • security protocols for data access and sharing. 
From a governance standpoint, it seemed critical to have both the public and private sector represented on the governance panel - just as they were both represented in the tiger team process itself - to ensure not only that the public laws are obeyed at a minimum, but that official guidance can support the additional contractual standards that are agreed to 'fill in the gaps'.

The most immediate next steps would be to flesh out the governance aspects and to address the rights and duties of businesses relying on the data. Having allocated all the necessary rights and duties amongst each of the participants should make the final step of determining the liability and accountability for each of the participants a far less combative process than I've seen in other forums ;-)

Overall, I'm very optimistic that a cohesive global framework for the responsible use of personal data is achievable. Specifically, it was very encouraging to witness how much easier it is to address the overall personal data challenge when you commit to 'unpacking' the big notions of identity, privacy and public benefit, as described above. It was also a huge relief to hear that it is considered feasible by those who've introduced data standards previously to implement a personal data mark-up language to link the flow of personal data to a set of permissions and rules. I'm also hoping this can help achieve dynamic, momentary user identification that minimises the need for large, vulnerable repositories of personal identity material.

Of course, political and commercial acceptance and 'take-up' are where all this rubber hits the road. But the fact the discussions are taking place globally via the WEF is clearly very helpful. 

Monday 11 June 2012

Why Flog A Dead Bank?

I'm currently drafting some amendments to the Financial Services Bill designed to encourage the growth of non-bank, alternative financial services. However, I've declined the opportunity to help with banking reform.

Now don't get me wrong. I've been very public in pointing out that retail banks are failing to enable the cost efficient flow of surplus funds from ordinary savers and investors to creditworthy people and businesses who need finance. But that's not to say I wish to spend any time discussing the reform of retail banking.

I prefer encouraging the growth of alternative financial services to flogging a dead horse. 

Banks have proved themselves to be too capital intensive and too expensive to manage and operate for them to be worthy repositories of consumers' surplus cash. They also have a proud history of being fined. Indeed, recent analysis by the Financial Times has demonstrated (lest you were in any doubt) that banks exist primarily to solve their own remuneration challenges at the expense of their customers and shareholders. 

That's why I prefer encouraging the growth of alternative financial services.

Banks might have a role to play in the infrastructure of future retail financial services. Providing segregated account services for peer-to-peer finance platforms, for instance, or enabling retail payments.  But that shouldn't mean banks get to treat the money in those accounts as part of their own assets, any more than peer-to-peer finance platforms or payment instutions can. Such funds should remain safeguarded even in the banks' hands, especially when the consumers and small businesses involved in those scenarios are not intentionally investing their money with a bank in the first place. But that's not so much a matter of banking reform, as ensuring banks play according to the same rules as everyone else in the growing array of markets for non-banking services.


Image from Worth1000.