Ethics articles

Michael Diviney and Níall Fitzgerald explore the ethical challenges arising from artificial intelligence (AI), particularly ‘narrow’ AI, and highlight the importance of ethics and professional competence in its deployment Earlier this year, artificial intelligence (AI) industry leaders, leading researchers and influencers signed a succinct statement and warning: “Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war.” Was this a publicity stunt? Well, probably not, as the generative AI ChatGPT was already the fastest-adopted application in history.  Was this an over-the-top, alarmist statement by a group possibly trying to steal a march on self-regulation of a rapidly emerging technology and growing industry?  Again, this is unlikely if one considers the warnings of pioneer thinkers like Nick Bostrom, Max Tegmark, Stephen Hawking and Astronomer Royal Martin Rees. They concur that there is an existential threat to humankind if human-level or ‘general’ AI is developed and the ‘singularity’ is reached when AI surpasses human intelligence.  Autonomous weapons and targeting are a clear risk, but more broadly, unless we can ensure that the goals of a future superintelligence are aligned and remain aligned with our goals, we may be considered superfluous and dispensable by that superintelligence.  As well as the extinction threat, general AI presents other potential ethical challenges.  For example, if AI attains subjective consciousness and is capable of suffering, does it then acquire rights? Do we have the right to interfere with these, including the right to attempt to switch it off and end its digital life?  Will AI become a legal entity and have property rights? After all, much of our economy is owned by companies, another form of artificial ‘person’. Ethical challenges from ‘narrow’ AI Until general AI is here, however – and there is informed scepticism about its possibility – the AI tools currently in use are weak or ‘narrow’ AI. They are designed to perform a specific task or a group of related tasks and rely on algorithms to process data on which they have been trained.  Narrow AI presents various ethical challenges:  Unfairness arising from bias and opacity (e.g. AI used in the initial screening of job candidates include a gender bias based on historical data – in the past more men were hired); The right to privacy (AI trained with data without the consent of the data subjects); Threats to physical safety (e.g. self-driving vehicles); Intellectual property and moral rights, plagiarism and passing-off issues in the use of generative AI like ChatGPT and Bard; and Threats to human dignity from the hollowing out of work and loss of purpose. Regulation vs. ethics Such issues arising from the use of AI, particularly related to personal data, mean that regulation is inevitable.  We can see this, for example, with the EU’s landmark AI Act, due to apply by the end of 2025, which aims to regulate AI’s potential to cause harm and to hold companies accountable for how their systems are used. However, as Professor Pat Barker explained at a recent Consultative Committee of Accountancy Bodies (CCAB) webinar, until such laws are in place, and in the absence of clear rules, ethics are required for deciding on the right way to use AI.  Even when the regulation is in place, there are likely to be cases and dilemmas that it has not anticipated or about which it is unclear. Legal compliance should not be assumed to have all the ethical issues covered, and as AI is evolving so quickly, new ethical issues and choices will inevitably emerge.  Ethics involves the application of a decision-making framework to a dilemma or choice about the right thing to do. While such a framework or philosophy can reflect one’s values, it must also be objective, considered, universalisable and not just based on an instinctual response or what may be expedient. Established ethics frameworks include: the consequentialist or utilitarian approach – in the case of AI, does it maximise benefits for the greatest number of people?; and the deontological approach, which is based on first principles, such as the inalienable rights of the individual (an underlying philosophy of the EU’s AI Act). (The Institute’s Ethics Quick Reference Guide, found on the charteredaccountants.ie website, outlines five steps to prepare for ethical dilemmas and decision-making.)  A practical approach While such philosophical approaches are effective for questions like “Should we do this?” and “Is it good for society”, as Reid Blackman argues in Harvard Business Review, businesses and professionals may need a more practical approach, asking: “Given that we are going to [use AI], how can we do it without making ourselves vulnerable to ethical risks?”  Clear protocols, policies, due diligence and an emphasis on ethical risk management and mitigation are required, for example responsible AI clauses in agreements with suppliers. In this respect, accountants have an arguably competitive advantage in being members of a profession; they can access and apply an existing ethical framework, which is evolving and adapting as the technology, its opportunities and challenges change.  The Code of Ethics The International Ethics Standards Board for Accountants (IESBA) recently revised the Code of Ethics for Professional Accountants (Code) to reflect the impact of technology, including AI, on the profession. The Chartered Accountants Ireland Code of Ethics will ultimately reflect these revisions.  IESBA has identified the two types of AI likely to have the most impact on the ethical behaviour of accountants:  Assisted intelligence or robotic process automation (RPA) in which machines carry out tasks previously done by humans, who continue to make decisions; and  Augmented intelligence, which involves collaboration between human and machine in decision-making. The revisions also include guidance on how accountants might address the risks presented by AI to ethical behaviour and decision-making in performing their role and responsibilities.  Professional competence and due care The Code requires an accountant to ensure they have an appropriate level of understanding relevant to their role and responsibilities and the work they undertake. The revisions acknowledge that the accountant’s role is evolving and that many of the activities they undertake can be impacted by AI.  The degree of competency required in relation to AI will be commensurate with the extent of an accountant’s use of and/or reliance on it. While programming AI may be beyond the competency of many accountants, they have the skill set to:  identify and articulate the problem the AI is being used to solve;  understand the type, source and integrity of the data required; and assess the utility and reasonableness of the output.  This makes accountants well placed to advise on aspects of the use of AI. The Code provides some examples of risks and considerations to be managed by professional accountants using AI, including: The data available might not be sufficient for the effective use of the AI tool. The accountant needs to consider the appropriateness of the source data (e.g. relevance, completeness and integrity) and other inputs, such as the decisions and assumptions being used as inputs by the AI. This includes identifying any underlying bias so that it can be addressed in final decision-making. The AI might not be appropriate for the purpose for which the organisation intends to use it. Is it the right tool for the job and designed for that particular purpose? Are users of the AI tool authorised and trained in its correct use within the organisation’s control framework? (One chief technology officer has suggested not only considering the capabilities of the AI tool but also its limitations to be better aware of the risks of something going wrong or where its use may not be appropriate.) The accountant may not have the ability, or have access to an expert with that ability, to understand and explain the AI and its appropriate use.  If the AI has been appropriately tested and evaluated for the purpose intended. The controls relating to the source data and the AI’s design, implementation and use, including user access. So, how does the accountant apply their skills and expertise in this context?  It is expected that accountants will use many of the established skills for which the profession is known to assess the input and interpret the output of an AI tool, including interpersonal, communication and organisational skills, but also technical knowledge relevant to the activity they are performing, whether it is an accounting, tax, auditing, compliance, strategic or operational business decision that is being made.  Data and confidentiality According to the Code, when an accountant receives or acquires confidential information, their duty of confidentiality begins. AI requires data, usually lots of it, with which it is trained. It also requires decisions by individuals in relation to how the AI should work (programming), when it should be used, how its use should be controlled, etc.  The use of confidential information with AI presents several confidentiality challenges for accountants. The Code includes several considerations for accountants in this regard, including: Obtaining authorisation from the source (e.g. clients or customers) for the use of confidential information, whether anonymised or otherwise, for purposes other than those for which it was provided. This includes whether the information can be used for training AI tools.  Considering controls to safeguard confidentiality, including anonymising data, encryption and access controls, and security policies to protect against data leaks.  Ensuring controls are in place for the coding and updating of the AI used in the organisation. Outdated code, bugs and irregular updates to the software can pose a security risk. Reviewing the security certification of the AI tool and ensuring it is up to date can offer some comfort.  Many data breaches result from human error, e.g. inputting confidential information into an open-access web-based application is a confidentiality breach if that information is saved, stored and later used by that application. Staff need to be trained in the correct use and purpose of AI applications and the safeguarding of confidential information. Dealing with complexity The Code acknowledges that technology, including AI, can help manage complexity.  AI tools can be particularly useful for performing complex analysis or financial modelling to inform decision-making or alerting the accountant to any developments or changes that require a re-assessment of a situation. In doing so, vast amounts of data are collected and used by AI, and the ability to check and verify the integrity of the data introduces another level of complexity.  The Code makes frequent reference to “relevancy” in relation to the analysis of information, scenarios, variables, relationships, etc., and highlights the importance of ensuring that data is relevant to the problem or issue being addressed. IESBA was mindful, when revising the Code, that there are various conceivable ways AI tools can be designed and developed to use and interpret data.  For example, objectivity can be challenged when faced with the complexity of divergent views supported by data, making it difficult to come to a decision. AI can present additional complexity for accountants, but the considerations set out in the Code are useful reminders of the essential skills necessary to manage complexity. Changing how we work As well as its hugely beneficial applications in, for example, healthcare and science, AI is proving to be transformative as a source of business value.  With a range of significant new tools launched daily, from personal effectiveness to analysis and process optimisation, AI is changing how we work. These are powerful tools, but with power comes responsibility. For the professional accountant, certain skills will be brought to the fore, including adaptability, change and risk management, and leadership amidst rapidly evolving work practices and business models. Accountants are well placed to provide these skills and support the responsible and ethical use of AI.  Rather than fearing being replaced by AI, accountants can prepare to meet expectations to provide added value and be at the helm of using AI tools for finance, management, strategic decision-making and other opportunities. Michael Diviney is Executive Head of Thought Leadership at Chartered Accountants Ireland Níall Fitzgerald is Head of Ethics and Governance at Chartered Accountants Ireland

With the Central Bank of Ireland’s consultation on the Individual Accountability Framework drawing to a close later this month, Níall Fitzgerald reviews the scope and effectiveness of similar regimes already in place in other parts of the world Following the 2008 financial crisis, global governance and regulatory reforms in the financial services sector have had a significant impact on how financial institutions, such as banks, insurance companies and investment firms, are run.  The EU has been at the forefront of regulatory change in financial services in Ireland since the creation of the Banking Union, which includes the European Supervisory Mechanism, and significant regulatory developments from rule-setters such as the European Banking Authority.  The Central Bank of Ireland has also put in place governance requirements for all financial institutions and implemented fitness and probity standards. These have included regulations requiring minimum competencies for individuals working in certain roles and, in some cases, regulatory pre-approval before individuals can be appointed to certain management positions, such as – to name just a few – board director, head of compliance, head of internal audit and chief risk officer. The proposed Central Bank of Ireland Individual Accountability Framework (IAF) is an extension of the current suite of regulations and efforts to address cultural failings and ensure better governance, performance and accountability among financial services firms.  The IAF is not the first of its kind, however, and while it has some unique features, it also shares similarities with regimes of this nature operating in other parts of the world.  UK: Senior Managers and Certification Regime The UK introduced the Senior Managers and Certification Regime (SM&CR) in 2016. Following a three-phase roll-out over three years, the SM&CR now applies to banks, insurance companies and a large portion of the remaining regulated financial services firms in the UK. This regime introduced: Prescribed responsibilities for certain roles; Requirements for firms to follow when allocating those roles to individuals, including: applying a certification process (up to obtaining pre-approval from the Regulator for an appointment to a role); and  the introduction of individual conduct rules. Hong Kong: Manager-in-Charge Regime In Hong Kong, The Securities and Futures Commission introduced the Manager-in-Charge (MIC) Regime for licensed corporations in 2017.  The regime did not bring in any new sanctions and was implemented by way of circular, rather than legislation, but it provided the regulator with additional powers of enforcement and the ability to hold individuals to account. A key objective of the MIC regime is to enable Hong Kong’s Securities and Futures Commission to assess culture within the licensed organisation.  The regulator attributes non-compliance with elements of the regime – e.g. failure to assess whether individuals have discharged their responsibilities appropriately, as evidence of cultural failings. Australia: Banking Executive Accountability Regime  Australia’s Banking Executive Accountability Regime (BEAR) came into effect in 2018, applying to the directors of, and the most senior and influential executives within, banks and authorised deposit-taking institutions (ADIs). The regime introduced prescribed responsibilities for certain roles, an accountability framework, and a list of accountability obligations, which look a lot like conduct rules.  The regime also introduced a requirement for relevant firms to defer a portion of the variable remuneration of any person found to be non-compliant with the regime until an investigation concludes, whether or not any or all of the remuneration is subject to clawback.  Singapore: Individual Accountability and Conduct Guidelines  The Individual Accountability and Conduct (IAC) Guidelines were introduced in Singapore in 2021. Like the MIC regime in Hong Kong, Singapore’s IAC Guidelines are not supported by underlying legislation and are described as “best practice standards”.  The level of adherence to IAC Guidelines among the financial institutions will impact the Monetary Authority of Singapore’s overall risk assessment of the relevant organisation or individual.  These guidelines focus on embedding a strong culture of responsibility and ethical behaviour by ensuring individual accountability and a supportive governance framework within regulated organisations.  Prevention is better than cure While there are similarities between the accountability regimes outlined above, none is the same.  The instances of enforcement action taken under these regimes are very low and, if prevention is better than cure, this may be a good measure of success.  Just one enforcement action was taken against an individual for non-compliance during the first four years of the UK’s SM&CR, for example. Following a review of Australia’s Banking Executive Accountability Regime, and amid public criticism citing the lack of enforcement action, the Australian government is currently proposing the wider reaching Financial Accountability Regime (FAR).  The FAR contains additional requirements and extends the regime beyond banks to other financial service providers regulated by the Australian Prudential Regulation Authority.  Elsewhere, the United Arab Emirates does not have a specific accountability regime. However, its laws and regulations, which pre-date 2016, give financial services regulators enforcement powers to hold individuals to account and apply sanctions.  Looking at just one member of the United Arab Emirates, Dubai, the Dubai Financial Services Authority has taken enforcement action against 32 individuals since 2016. The majority of these cases have related to individuals providing investment services.  Perhaps it is still too early to reliably judge the effectiveness of these various models of individual accountability regimes.  Sometimes, there is a benefit in not being first past the post in introducing a regime of this nature and being able to stand back and learn from global experiences.  With our Individual Accountability Framework, Ireland is building on a solid foundation of banking regulations and governance requirements. The IAF is only one of many regulatory changes impacting financial services providers. Other requirements on the way include the EU’s Digital Operational Resilience Act (DORA) and the inevitable evolution of governance codes, and other regulations, addressing sustainability and other emerging risks.  World-class standards are laudable, but their true outcome is only evident when we have a high level of public trust and a financial services sector that is efficient and competitive, driving a better future for society and a prosperous economy. Níall Fitzgerald, FCA, is Head of Ethics and Governance at Chartered Accountants Ireland Impact of individual accountability on organisational culture Chartered Accountants Ireland welcomes the timely publication by the Central Bank of Ireland (CBI) of the Individual Accountability Framework (IAF) draft regulations and guidance, and the certainty of action required for Irish financial services firms, writes Níall Fitzgerald.  The framework contains measures, including conduct standards and prescribed responsibilities, designed to enhance customer-focused cultures and embed responsibility and ethical behaviour across financial services in Ireland.  While it promotes the necessity for cultural change, the CBI agrees that more is required to achieve this. Insights from the introduction of similar measures in other jurisdictions show that an individual accountability regime better impacts on organisational culture when supported by: Promoting individual accountability but emphasising collective decision-making Being accountable as individuals for actions and behaviour is not new. Professionals are accountable to codes of ethics. There are also many laws and regulations that hold individuals accountable for their roles in an organisation, such as fiduciary duties of directors. However, many organisations thrive on collaboration, teamwork and diversity, which improve collective decision-making. Individual accountability is not designed to override this, and emphasising other positive behaviours, such as these, supports the objectives of the IAF. Promoting a ‘just culture’ and avoiding a ‘blame culture’ A blame culture focuses on identifying culprit/s, penalising them, and moving forward on the assumption that the same issue/s won’t happen again, because an example has been set.  A just culture acknowledges that mistakes and underperformance can occur, but that both are better addressed by reflecting on what went wrong and focusing on what can be learned to improve future outcomes.  Individual accountability exists in both scenarios, but the latter will have a more positive impact amongst the workforce, helping to achieve the objectives of the IAF. Promoting trust and integrity Certain informal reactions to a regime such as the Individual Accountability Framework can undermine its objectives. In some jurisdictions individuals with prescribed responsibilities prepare personal compliance files, for example, privately maintained outside of the firm’s documentation system.  A ‘cover your actions’ (CYA) approach has developed in these jurisdictions, whereby there is a tendency to give advice formally (e.g. in writing), which would differ if given informally (e.g. verbally).  Notwithstanding the risk of breaching privacy and confidentiality rules, these informal practices are indicative of low levels of trust and integrity within a firm.  Embedding a culture of psychological safety can deter this risk and foster greater trust within the organisation.

A mainstay of Ireland’s financial services landscape for over 60 years, our credit unions are entering an exciting phase with recent developments presenting new opportunities to adapt and change Credit unions are an important part of the financial services landscape. With offices a common feature of cities, towns and villages throughout Ireland, they play a key role in the day-to-day finances of many Irish people and communities. There are more than 3.6 million credit union members on the island of Ireland.  A history of credit unions Credit unions were first established in Ireland in the late 1950s and quickly became a repository for savings and a source of loans for many people. The total value of loans extended by credit unions in the Republic of Ireland is currently around €5 billion, with total savings coming to about €16 billion.  Average sector total reserves, as a percentage of total assets, is approximately 16 percent, which serves to underpin the confidence of their members, particularly in times of uncertainty and disruptive change. These institutions are not-for-profit financial co-operatives. They are owned and controlled by their members and therefore have a different business model to retail banks. Each credit union is independent, with its own board of directors, charged with overall responsibility for running the credit union.  Because they are part of the financial services sector, credit unions are governed by legislation in Ireland, principally the Credit Union Act 1997, as amended, and regulated by the Central Bank.  Significant amendments to the 1997 Act were introduced by the Credit Union and Co-operation with Overseas Regulators Act 2012, and this is the legislative regime under which credit unions currently operate. The credit union sector has been relatively stable in terms of any legislative or government policy changes. However, two recent developments, the Credit Union (Amendment) Bill 2022 and the Retail Banking Review (November 2022), present new opportunities for credit unions to adapt and change their business models and enhance their product and service offerings to members. The Credit Union (Amendment) Bill 2022 The first major legislative change for credit unions since the 2012 Act, the Credit Union (Amendment) Bill 2022 (the Bill) was published on 30 November 2022 following over two years of stakeholder engagement, with over 100 proposals considered. Highly technical and not an easy read, the Bill is currently before the Dáil, where proposals for amendments will be considered.  There is no fixed timeline for enactment and, post-enactment, commencement of sections may occur in phases, with the Central Bank of Ireland having to amend regulations to accommodate the new provisions.  The main provisions of the Bill involve: the establishment of ‘corporate credit unions’; amending the requirements and qualifications for membership of credit unions; altering the scope of permitted investments by credit unions; changes to the governance of credit unions; maximum interest rates on loans by credit unions; provision of services by credit unions to members of other credit unions; and participation by credit unions in loans to members of other credit unions. Collaboration between credit unions The introduction of ‘corporate credit unions’ should support greater collaboration between credit unions, facilitating a pooling of resources and greater access to funding.  A new form of regulated entity, their membership would be restricted to other credit unions, with lending allowed only to those members. Further collaboration is envisaged with a provision in the Bill allowing all credit unions to refer members to other credit unions to avail of a service that the original credit union does not provide.  While such referral is not mandatory, it is a new option for making additional services available to members—for example, a current account facility where the original credit union may be reluctant to provide this service to all members based on cost or other reasons.  Another provision enabling collaboration allows a credit union to participate in a loan to a member of another credit union. This will facilitate risk sharing associated with the loan and will make it easier for an individual credit union to offer larger loans to its members.  Regarding lending to businesses, and other organisations or associations, there is a further key provision in the Bill for “bodies” (incorporated or unincorporated) to be allowed join a credit union with the same rights and obligations as a “natural person” (member).  This is, however, subject to conditions that a majority of the members of the body would be eligible to join the credit union and the body meets the common bond requirement. Ultimately, this will make it easier for credit unions to lend to such bodies and is principally focused on SMEs. While none of these changes are mandatory, they do provide new options and opportunities for credit unions. Governance changes Regarding changes in governance, two provisions stand out: the option to appoint the manager (chief executive officer) of the credit union to the board; and  reduction of the minimum number of board meetings per year to six, down from the current 10.   The extent to which these changes will be adopted remains to be seen, as many credit union boards may be content with the existing practice.   Where a credit union decides to include its manager as a board member, the Bill proposes that this will be done by their direct appointment to the board and not by election at a general meeting of members.  The term can be for any length but cannot extend beyond the individual’s term as manager.  One restriction on the manager as a board member is that they cannot sit on the nomination committee of the credit union, the membership of which is restricted to board members who have been co-opted or elected at general meetings.  Similarly, regarding the frequency of board meetings, the board may be reluctant to change the current practice of having at least one meeting per month, concluding that it cannot adequately carry out its responsibilities with only six board meetings.  Because of the voluntary ethos of credit unions, the historically close involvement of board members with the credit union, and the relatively onerous responsibilities of boards, it may take some time before six board meetings is considered the norm. Other governance changes proposed by the 2022 Bill include reducing the number of board oversight committee meetings, removing the requirement for the board oversight committee to sign the audited annual accounts, and extending from annually to every three years the review of specific policies by the board. The Credit Union (Amendment) Bill 2022 includes substantive policy change in the areas of collaboration, members’ services, and governance. It seeks to give more power to credit unions to determine strategy and, when enacted, will require consequential changes to Central Bank regulations.  To fully exploit the options and opportunities enabled by its provisions will require significant work by the sector. The Retail Banking Review 2022 In November 2022, following its approval by Government, Minister for Finance, Paschal Donohoe, and Minister of State for Financial Services, Credit Unions and Insurance, Sean Fleming, published the report of the Retail Banking Review (the Review).  Driven by the departure of two major banks, Ulster Bank and KBC, this is a broad-ranging review of the retail banking sector in Ireland, including the credit union sector.  In relation to credit unions, the Review states: “Credit unions have a strong and trusted brand, they are present in communities throughout the country, and have been developing their product offering. The credit unions are already a significant player in consumer credit, and they are making inroads in the current account, mortgages and SME segments of the market. These developments, coupled with their collectively strong levels of capital and deposit bases, leads the Review Team to believe that credit unions could play a greater role in the provision of retail banking products and services in the coming years.” Referencing the Credit Union (Amendment) Bill 2022, the Review recommends that the credit union sector develop a strategic plan to deliver business model changes that would enable it to sustainably provide a universal product offering to all credit union members. Provided directly or on a referral basis, this would continue to be community-based. The Review suggests that such a strategic plan should show how credit unions can: viably scale their business model in key product areas such as mortgages and SME lending; invest in expertise, systems, controls, and processes to deliver standard products and services across all credit unions, while managing any risks arising and continuing to protect members’ savings; provide the option of in-branch services for members of all credit unions. Both the Bill and the Review point to new opportunities for credit unions and demonstrate confidence in their future as part of the Irish financial services sector. For these opportunities to be successfully managed, however, credit unions must continue to maintain high levels of governance so that legislators, the Central Bank, their members, and the wider community can have confidence in the sector.  Credit unions have done much for many people in Ireland for more than 60 years. These developments in legislation and government policy point to their continued and increasing relevance in the years ahead. Gene Boyd, FCA, is a risk management consultant and author of The Governance of Credit Unions in Ireland