Credit: Lightspring/Shutterstock.comDisruptive Technology, Part 2: Where's the Risk?
The financial services industry is embracing disruptive technology, but executives are also aware of the potential risks it can bring.
July 12, 2019 at 01:00 PM
8 minute read
This article is the second in a three-part series exploring executives' perspectives on disruptive technologies in the financial services industry. The first installment looked at how the industry is using these technologies.
The financial services industry is embracing disruptive technology, but executives are also aware of the potential risks it can bring, according to a study conducted by ALM's Corporate Counsel on behalf of Winston & Strawn.
The survey found that the level of perceived legal risk depends on the specific technology in question. AI is the area of greatest concern, with 51% of companies seeing it as a significant source of risk. Slightly fewer (50%) cited social banking and P2P lending, which bring the potential for shifting business models, while 42% cited blockchain, where there is still a lot to learn. “With distributed ledger and blockchain, there is a lot of promise and investment, but few successful use cases,” says Michael Loesch, co-chair of Winston's Disruptive Technology Task Force. On the other end of the spectrum, only 34% see significant risk in facial recognition and biosecurity technologies, and 18% see no risk at all in that area.
Concerns about AI risk may stem from the fact that AI is a high-profile technology but one that still holds a number of unknowns—which may be troubling for companies that see it having an increasingly significant role throughout the business. In particular, bias in AI-enabled loan underwriting was cited by 45% of respondents as a risk—presumably because financial services companies are aware of studies that have shown that bias can creep into AI loan underwriting, highlighting the potential for unintended consequences with a powerful technology. They also know that it can be difficult to explain how AI systems—which are often opaque, “black box” technologies—produce their recommendations, which is likely to gain the attention of regulators.
Meanwhile, it is not always clear how evolving regulatory frameworks will affect the use of AI. For example, with AI-enabled personal assistants for customers, “banks are still asking what the restrictions are going to be on what the personal assistant can do,” says Winston litigation partner Danielle Williams. “Are they just able to read and relay account information? Will they execute transactions? There could be regulatory issues with every aspect of that.” AI used in internal processes, such as robotic process automation, could also increase legal risk if the way it is programmed introduces errors into back-office work.
“The ways in which AI is being deployed in the financial space, however, is of lower risk than in other industries where we are trusting AI to make potentially life-altering or threatening decisions,” remarked Kathi Vidal, Winston's Silicon Valley managing partner and a former AI developer. “In the financial space, AI not only has the potential to replicate human decision making but also to improve it. In fraud detection, credit analysis, and other applications, we can train neural networks and other AI systems to better, and more blindly, analyze big data to render more accurate but also more equitable predictions,” concluded Vidal.
In time, more familiarity with disruptive technologies may actually increase awareness of potential risks. “Some institutions just aren't using disruptive technologies to their fullest capacities yet,” says Basil Godellas, head of Winston's Financial Services Regulatory Practice. “For example, respondents had fairly low concern about facial recognition, biometrics, and biosecurity solutions. But most institutions are just dipping their toes in the water with these technologies—and I think their concerns about risk may grow as they have more exposure to them.” Evolving legal frameworks may also increase those concerns. The 2008 Illinois Biometric Information Protection Act, for example, regulates how companies collect biometric information, such as fingerprints and retinal scans. More recently, a number of other states have passed or proposed similar biometric data privacy laws.
Beyond any specific technology, financial services companies clearly see risk in the cybersecurity and data privacy realm. (As mentioned above, respondents cited this as a top barrier to implementing disruptive technology.) The industry has long experience with the challenges of keeping sensitive data safe, as well as with the legal and regulatory costs of failing to do so. But disruptive technologies raise the security bar significantly because they rely on large amounts of quality data—often sensitive data about customers—to operate, provide services, and create insights. And that data has to be managed, protected, and shared safely with a growing number of applications.
At the same time, regulations around data privacy and cybersecurity are evolving. Take, for example, the EU's General Data Protection Regulation, which went into effect last year and significantly strengthened privacy regulations—and penalties for noncompliance. Or consider the California Consumer Privacy Act of 2018, slated to go into effect in 2020, which has some of the most stringent privacy mandates in the United States. Such regulations, coupled with the advent of disruptive technologies, only make compliance more complex.
|Regulators: Looking at Disruptive Technology
Executives worry about fintech and disruptive technologies bringing unwanted attention from a variety of legal and regulatory sources—indeed, 41% of respondents point to investigations and civil enforcement actions by federal agencies as the largest technology-related legal/regulatory threat. Many worry about actions by industry groups (32%), state regulators (28%), DOJ and state attorneys general (26%), and private civil plaintiffs (24%).
Meanwhile, nearly half say they are concerned with technology-related antitrust issues and the possibility of antitrust enforcement—driven in part by a sense that the rules are lagging behind advancing technology. “In financial services, there is an overarching concern that the antitrust laws as they are drafted today might not be sophisticated enough or flexible enough to deal with new disruptive technologies,” says Susannah Torpey, a partner at Winston & Strawn.
There are other antitrust implications to consider as well. In a technology-driven world, collaboration and working in partner ecosystems are both easier and more important. When setting up blockchain consortia or working with others in the industry to set technology standards, “you have to be very careful that this increase in coordination is well managed, so that you don't find yourself exchanging information with your competitors that leads to anti-competitive effects in the market place,” commented Torpey.
Disruptive technologies essentially increase the importance of data in business, and AI specifically makes it easier to gather and use data from a wide variety of internal and external sources. Thus, these new technologies may increase the risk that regulators will consider data a source of market power when assessing mergers and acquisitions. And because disruptive technologies can drive innovations that quickly alter competitive dynamics, companies that succeed with new approaches may find themselves under increased scrutiny. “A startup financial services company that does something new might quickly gain dominant share of a niche market, which could put them at a much higher risk of an antitrust violation,” says Torpey.
In general, fintech and disruptive technology are moving quickly, and regulators sometimes struggle to keep up—which itself presents challenges to financial services companies trying to balance innovation and compliance. But regulators are paying close attention to these technologies. The U.S. Commodity Futures Trading Commission, for example, has established a LabTechCFTC program designed to keep the commission in close touch with technology innovators—and other agencies have set up similar programs. Perhaps with an eye toward those efforts, nearly seven out of 10 financial services companies believe that regulators are keeping up with the use of disruptive technologies in the industry. But in reality, that can be a challenge. “Regulators are doing positive things like LabTech to keep up with technology, but they are often still playing catch-up,” says Loesch. “They have to use the tools and laws that they have, and sometimes those are not fit for purposes in the disruptive technology space. There are tensions because the normal regulatory framework doesn't always fit precisely with how the new technology operates. And that can lead to costly investigations and even enforcement actions.”
The next installment in this series examines strategies for managing technology-driven risk.
Amanda Groves is co-chair of Winston's Complex Commercial Litigation Practice. She has successfully represented consumer product companies, national retailers, and lending institutions in consumer protection cases since 1996.
|This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
A Blueprint for Targeted Enhancements to Corporate Compliance Programs
7 minute read
Three Legal Technology Trends That Can Maximize Legal Team Efficiency and Productivity
Corporate Confidentiality Unlocked: Leveraging Common Interest Privilege for Effective Collaboration
11 minute readTrending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
