News

by Adam Jackson, Director of Policy, Innovate Finance
The UK Government recently published its approach to regulation of Artificial Intelligence (AI) and a draft law (the Data Protection and Digital Information Bill) which will introduce a new UK data protection regime (amending the UK General Data Protection Regulation (UK GDPR)), new objectives for the data regulator (the Information Commissioner’s Office (ICO)), powers to mandate open data in sectors of the economy (as per open banking), and rules to enable the introduction of digital ID.  Here’s a summary of these proposals, what they mean for FinTech and what’s next.
<ol>
<li> Artificial Intelligence:  </li>
</ol>
The UK Government published a statement of its regulatory approach to AI on 18 July 2022 (you can read it <a href="https://www.gov.uk/government/publications/establishing-a-pro-innovation-approach-to-regulating-ai/establishing-a-pro-innovation-approach-to-regulating-ai-policy-statement">here</a>). This sets out a ’pro innovation’ approach to AI regulation. It does not follow the EU approach of ‘horizontal’ regulations that cover all applications of AI – instead it proposes a set of principles that individual sectors and other UK regulators should apply in their own areas.
 
The core principles require developers and users to:
<ul>
<li style="font-weight: 400;" aria-level="1">Ensure that AI is used safely;</li>
<li style="font-weight: 400;" aria-level="1">Ensure that AI is technically secure and functions as designed;</li>
<li style="font-weight: 400;" aria-level="1">Make sure that AI is appropriately transparent and explainable;</li>
<li style="font-weight: 400;" aria-level="1">Consider fairness;</li>
<li style="font-weight: 400;" aria-level="1">Identify a legal person to be responsible for AI; and</li>
<li style="font-weight: 400;" aria-level="1">Clarify routes to redress or contestability.</li>
</ul>
Regulators - such as the Prudential Regulation Authority (PRA), the Competition and Markets Authority (CMA), the ICO and the Financial Conduct Authority (FCA) - will be asked to interpret and implement the principles.
For the FinTech sector, this means that the work already underway by the FCA and Bank of England (BoE) will form the basis for regulating AI.  The FCA and BoE have published a final report (read it <a href="https://www.bankofengland.co.uk/research/fintech/ai-public-private-forum">here</a>) by the Artificial Intelligence Public-Private Forum (AIPPF) and will shortly be publishing a Discussion Paper to provide clarity around the current regulatory framework and how it applies to AI, ask questions about how policy can best support further safe AI adoption, and give stakeholders an opportunity to share their views. 
The FCA and BoE will also be running a survey on use of machine learning in financial services.  In terms of supporting the development of AI services, the FCA recently consulted on the use of synthetic data, which Innovate Finance responded to [here - link to our response] and we can expect more detail on the FCA’s next steps to follow.  
&nbsp;
<ol start="2">
<li> Data Protection and Digital Information Bill</li>
</ol>
The UK Government also introduced legislative proposals in Parliament on 18 July for data and digital information – see <a href="https://questions-statements.parliament.uk/written-statements/detail/2022-07-18/hcws210">here for the Government announcement</a>. A full copy of the draft Bill can be found <a href="https://bills.parliament.uk/bills/3322">here</a>. This proposed legislation includes powers to establish digital ID and to extend the principles of open banking to other areas of finance and industries, which should enable further data-led innovation. Here at Innovate Finance we have been calling for both of these, and this takes forward two recommendations of the Kalifa Review. The Bill also includes a new innovation objective for the data protection regulator and reforms to data protection rules which could support innovation, provided they do not jeopardise cross-border data transfer with the EU. Looking at each area in turn:
Digital ID:  the Bill would establish a regulatory framework for the provision of digital identity verification services in the UK and enable public authorities to disclose personal information to trusted digital identity providers for the purpose of identity and eligibility verification. This will enable the introduction of digital ID schemes, including some trust frameworks currently being piloted, and should create new opportunities for innovation including easier customer take-on, addressing financial exclusion and providing greater security for existing and new products. Digital ID is also emerging as an important component of the future roll-out of a Central Bank Digital Currency.
Smart data scheme:  The powers included in the Bill allow Government departments to establish sector-based Smart Data schemes with supporting regulation, to ensure consumer and business protection. This is the secure and consented sharing of customer data with authorised third-party providers.
They will enable Government to require suppliers of goods, services and digital content specified in the regulations, and other persons who process the relevant data, to provide customers or their authorised representatives with access to data relating to that customer (customer data) and contextual information relating to the goods, services or digital content provided by the supplier (business data).
This could support the development of open finance in sectors other than banking (e.g. insurance) as well as enabling use of data in other sectors for financial applications (eg retail or search engine data to support credit decisioning or anti-fraud and Environmental, Social and Governance (ESG) products that connect environmental and social impact to financial services).
Data protection: The Government’s approach has been outlined recently <a href="https://www.gov.uk/government/consultations/data-a-new-direction/outcome/data-a-new-direction-government-response-to-consultation">here</a>. 
This seeks a more proportionate approach to the existing UK GDPR regime. This may bring benefits for some firms, notably those who operate only in the UK. For firms transferring data between the UK and EU, the key question is whether the EU considers the reformed approach ‘adequate’ for the purpose of cross-border data sharing. It’s worth noting that ‘adequacy’ is ultimately a political not a technical decision – so any EU decision may depend on the climate of UK-EU relations at the relevant point in time.
Information Commissioner’s Office:   the ICO will have increased investigatory powers to help it keep pace with changing practices. It will be given new strategic objectives, with an emphasis on economic growth and innovation. This is welcome and should provide the basis for further engagement between the ICO and FinTechs.
&nbsp;
Next steps
This Bill will now be scrutinised by a committee of MPs in the House of Commons over the autumn and then further scrutiny in the House of Lords. It should be finalised and adopted in 2023, with implementation dates (when it comes into force) to be set after that by Ministers.
&nbsp;
Get involved
At Innovate Finance we will be engaging with policy makers and regulators on these issues to shape the development of these proposals and provide insight for our members.  If you are an Innovate Finance member and have ideas or views to share or any questions, please do not hesitate to get in touch at <a href="mailto:policy@innovatefinance.com">policy@innovatefinance.com</a>. 
&nbsp;
If you are not yet an Innovate Finance member why not consider one of our membership packages: <a href="https://www.innovatefinance.com/membership/">https://www.innovatefinance.com/membership/</a>
&nbsp;
And if you would like to get updates on this and other FinTech-related public and regulatory policy issues and insights, you can sign up <a href="https://share.hsforms.com/10-tl0wXlRFSUGUQnTEXKiQ32t14?__hstc=189906676.5a24361b8700c5a0a227f215a05ec074.1645800866366.1658501935792.1658504077265.86&amp;__hssc=189906676.3.1658504077265&amp;__hsfp=812266229">here</a> to our policy newsletters.
&nbsp;