News and articles

Michael Diviney and Níall Fitzgerald explore the ethical challenges arising from artificial intelligence (AI), particularly ‘narrow’ AI, and highlight the importance of ethics and professional competence in its deployment Earlier this year, artificial intelligence (AI) industry leaders, leading researchers and influencers signed a succinct statement and warning: “Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war.” Was this a publicity stunt? Well, probably not, as the generative AI ChatGPT was already the fastest-adopted application in history.  Was this an over-the-top, alarmist statement by a group possibly trying to steal a march on self-regulation of a rapidly emerging technology and growing industry?  Again, this is unlikely if one considers the warnings of pioneer thinkers like Nick Bostrom, Max Tegmark, Stephen Hawking and Astronomer Royal Martin Rees. They concur that there is an existential threat to humankind if human-level or ‘general’ AI is developed and the ‘singularity’ is reached when AI surpasses human intelligence.  Autonomous weapons and targeting are a clear risk, but more broadly, unless we can ensure that the goals of a future superintelligence are aligned and remain aligned with our goals, we may be considered superfluous and dispensable by that superintelligence.  As well as the extinction threat, general AI presents other potential ethical challenges.  For example, if AI attains subjective consciousness and is capable of suffering, does it then acquire rights? Do we have the right to interfere with these, including the right to attempt to switch it off and end its digital life?  Will AI become a legal entity and have property rights? After all, much of our economy is owned by companies, another form of artificial ‘person’. Ethical challenges from ‘narrow’ AI Until general AI is here, however – and there is informed scepticism about its possibility – the AI tools currently in use are weak or ‘narrow’ AI. They are designed to perform a specific task or a group of related tasks and rely on algorithms to process data on which they have been trained.  Narrow AI presents various ethical challenges:  Unfairness arising from bias and opacity (e.g. AI used in the initial screening of job candidates include a gender bias based on historical data – in the past more men were hired); The right to privacy (AI trained with data without the consent of the data subjects); Threats to physical safety (e.g. self-driving vehicles); Intellectual property and moral rights, plagiarism and passing-off issues in the use of generative AI like ChatGPT and Bard; and Threats to human dignity from the hollowing out of work and loss of purpose. Regulation vs. ethics Such issues arising from the use of AI, particularly related to personal data, mean that regulation is inevitable.  We can see this, for example, with the EU’s landmark AI Act, due to apply by the end of 2025, which aims to regulate AI’s potential to cause harm and to hold companies accountable for how their systems are used. However, as Professor Pat Barker explained at a recent Consultative Committee of Accountancy Bodies (CCAB) webinar, until such laws are in place, and in the absence of clear rules, ethics are required for deciding on the right way to use AI.  Even when the regulation is in place, there are likely to be cases and dilemmas that it has not anticipated or about which it is unclear. Legal compliance should not be assumed to have all the ethical issues covered, and as AI is evolving so quickly, new ethical issues and choices will inevitably emerge.  Ethics involves the application of a decision-making framework to a dilemma or choice about the right thing to do. While such a framework or philosophy can reflect one’s values, it must also be objective, considered, universalisable and not just based on an instinctual response or what may be expedient. Established ethics frameworks include: the consequentialist or utilitarian approach – in the case of AI, does it maximise benefits for the greatest number of people?; and the deontological approach, which is based on first principles, such as the inalienable rights of the individual (an underlying philosophy of the EU’s AI Act). (The Institute’s Ethics Quick Reference Guide, found on the charteredaccountants.ie website, outlines five steps to prepare for ethical dilemmas and decision-making.)  A practical approach While such philosophical approaches are effective for questions like “Should we do this?” and “Is it good for society”, as Reid Blackman argues in Harvard Business Review, businesses and professionals may need a more practical approach, asking: “Given that we are going to [use AI], how can we do it without making ourselves vulnerable to ethical risks?”  Clear protocols, policies, due diligence and an emphasis on ethical risk management and mitigation are required, for example responsible AI clauses in agreements with suppliers. In this respect, accountants have an arguably competitive advantage in being members of a profession; they can access and apply an existing ethical framework, which is evolving and adapting as the technology, its opportunities and challenges change.  The Code of Ethics The International Ethics Standards Board for Accountants (IESBA) recently revised the Code of Ethics for Professional Accountants (Code) to reflect the impact of technology, including AI, on the profession. The Chartered Accountants Ireland Code of Ethics will ultimately reflect these revisions.  IESBA has identified the two types of AI likely to have the most impact on the ethical behaviour of accountants:  Assisted intelligence or robotic process automation (RPA) in which machines carry out tasks previously done by humans, who continue to make decisions; and  Augmented intelligence, which involves collaboration between human and machine in decision-making. The revisions also include guidance on how accountants might address the risks presented by AI to ethical behaviour and decision-making in performing their role and responsibilities.  Professional competence and due care The Code requires an accountant to ensure they have an appropriate level of understanding relevant to their role and responsibilities and the work they undertake. The revisions acknowledge that the accountant’s role is evolving and that many of the activities they undertake can be impacted by AI.  The degree of competency required in relation to AI will be commensurate with the extent of an accountant’s use of and/or reliance on it. While programming AI may be beyond the competency of many accountants, they have the skill set to:  identify and articulate the problem the AI is being used to solve;  understand the type, source and integrity of the data required; and assess the utility and reasonableness of the output.  This makes accountants well placed to advise on aspects of the use of AI. The Code provides some examples of risks and considerations to be managed by professional accountants using AI, including: The data available might not be sufficient for the effective use of the AI tool. The accountant needs to consider the appropriateness of the source data (e.g. relevance, completeness and integrity) and other inputs, such as the decisions and assumptions being used as inputs by the AI. This includes identifying any underlying bias so that it can be addressed in final decision-making. The AI might not be appropriate for the purpose for which the organisation intends to use it. Is it the right tool for the job and designed for that particular purpose? Are users of the AI tool authorised and trained in its correct use within the organisation’s control framework? (One chief technology officer has suggested not only considering the capabilities of the AI tool but also its limitations to be better aware of the risks of something going wrong or where its use may not be appropriate.) The accountant may not have the ability, or have access to an expert with that ability, to understand and explain the AI and its appropriate use.  If the AI has been appropriately tested and evaluated for the purpose intended. The controls relating to the source data and the AI’s design, implementation and use, including user access. So, how does the accountant apply their skills and expertise in this context?  It is expected that accountants will use many of the established skills for which the profession is known to assess the input and interpret the output of an AI tool, including interpersonal, communication and organisational skills, but also technical knowledge relevant to the activity they are performing, whether it is an accounting, tax, auditing, compliance, strategic or operational business decision that is being made.  Data and confidentiality According to the Code, when an accountant receives or acquires confidential information, their duty of confidentiality begins. AI requires data, usually lots of it, with which it is trained. It also requires decisions by individuals in relation to how the AI should work (programming), when it should be used, how its use should be controlled, etc.  The use of confidential information with AI presents several confidentiality challenges for accountants. The Code includes several considerations for accountants in this regard, including: Obtaining authorisation from the source (e.g. clients or customers) for the use of confidential information, whether anonymised or otherwise, for purposes other than those for which it was provided. This includes whether the information can be used for training AI tools.  Considering controls to safeguard confidentiality, including anonymising data, encryption and access controls, and security policies to protect against data leaks.  Ensuring controls are in place for the coding and updating of the AI used in the organisation. Outdated code, bugs and irregular updates to the software can pose a security risk. Reviewing the security certification of the AI tool and ensuring it is up to date can offer some comfort.  Many data breaches result from human error, e.g. inputting confidential information into an open-access web-based application is a confidentiality breach if that information is saved, stored and later used by that application. Staff need to be trained in the correct use and purpose of AI applications and the safeguarding of confidential information. Dealing with complexity The Code acknowledges that technology, including AI, can help manage complexity.  AI tools can be particularly useful for performing complex analysis or financial modelling to inform decision-making or alerting the accountant to any developments or changes that require a re-assessment of a situation. In doing so, vast amounts of data are collected and used by AI, and the ability to check and verify the integrity of the data introduces another level of complexity.  The Code makes frequent reference to “relevancy” in relation to the analysis of information, scenarios, variables, relationships, etc., and highlights the importance of ensuring that data is relevant to the problem or issue being addressed. IESBA was mindful, when revising the Code, that there are various conceivable ways AI tools can be designed and developed to use and interpret data.  For example, objectivity can be challenged when faced with the complexity of divergent views supported by data, making it difficult to come to a decision. AI can present additional complexity for accountants, but the considerations set out in the Code are useful reminders of the essential skills necessary to manage complexity. Changing how we work As well as its hugely beneficial applications in, for example, healthcare and science, AI is proving to be transformative as a source of business value.  With a range of significant new tools launched daily, from personal effectiveness to analysis and process optimisation, AI is changing how we work. These are powerful tools, but with power comes responsibility. For the professional accountant, certain skills will be brought to the fore, including adaptability, change and risk management, and leadership amidst rapidly evolving work practices and business models. Accountants are well placed to provide these skills and support the responsible and ethical use of AI.  Rather than fearing being replaced by AI, accountants can prepare to meet expectations to provide added value and be at the helm of using AI tools for finance, management, strategic decision-making and other opportunities. Michael Diviney is Executive Head of Thought Leadership at Chartered Accountants Ireland Níall Fitzgerald is Head of Ethics and Governance at Chartered Accountants Ireland

The roadmap for the EU Commission’s milestone Corporate Sustainability Reporting Directive is taking shape and now is the time to start preparing for a brave new era in non-financial reporting, writes Conor Holland With the Corporate Sustainability Reporting Directive (CSRD) now approved by the European Council, entities in the EU must begin to invest significant time and resources in preparing for the advent of a new era in non-financial reporting, which places the public disclosure of environmental, social affairs and governance matters (ESG) matters on a par with financial information. Under the CSRD, entities will have to disclose much more sustainability-related information about their business models, strategy and supply chains than they have to date. They will also need to report ESG information in a standardised format that can be assured by an independent third party. For those charged with governance, the CSRD will bring further augmented requirements. Audit committees will need to oversee new reporting processes and monitor the effectiveness of systems and controls setup. They will also have enhanced responsibilities. Along with monitoring an entity’s ESG reporting process, and evaluating the integrity of the sustainability information reported by that entity, audit committees will need to: Monitor the effectiveness of the entity’s internal quality control and risk management systems and internal audit functions; Monitor the assurance of annual and consolidated sustainability reporting; Inform the entity’s administrative or supervisory body of the outcome of the assurance of sustainability reporting; and Review and monitor the independence of the assurance provider. The CSRD stipulates the requirement for limited assurance over the reported information. However, it also includes the option for assurance requirements to evolve to reasonable assurance at a later stage. The EU estimates that 49,000 companies across the EU will fall under the requirements of the new CSRD Directive, compared to the 11,600 companies that currently have reporting obligations. The EU has confirmed that the implementation of the CSRD will take place in three stages: 1 January 2024 for companies already subject to the non-financial reporting directive (reporting in 2025 for the financial year 2024); 1 January 2025 for large companies that are not presently subject to the non-financial reporting directive (reporting in 2026 for the financial year 2025); 1 January 2026 for listed SMEs, small and non-complex credit institutions, and captive insurance undertakings (reporting in 2027 for the financial year 2026). A large undertaking is defined as an entity that exceeds at least two of the following criteria: A net turnover of €40 million A balance sheet total of €20 million 250 employees on average over the financial year The final text of the CSRD has also set timelines for when the Commission should adopt further delegated acts on reporting standards, with 30 June 2023 set as the date by which the Commission should adopt delegated acts specifying the information that undertakings will be required to report. European Financial Reporting Advisory Group In tandem, the European Financial Reporting Advisory Group (EFRAG) is working on a first set of draft sustainability reporting standards (ESRS). These draft standards will be ready for consideration by the Commission once the Parliament and Council have agreed a legislative text. The current draft standards provide an outline as to the depth and breadth of what entities will be required to report. Significantly, the ESRS should be considered as analogous to accountancy standards—with detailed disclosure requirements (qualitative and quantitative), a conceptual framework and associated application guidance. Readers should take note—the ESRS are much more than a handful of metrics supplementary to the financial statements. They represent a step change in what corporate reporting entails, moving non-financial information toward an equilibrium with financial information. Moreover, the reporting boundaries would be based on financial statements but expanded significantly for the upstream and downstream value chain, meaning an entity would need to capture material sustainability matters that are connected to the entity by its direct or indirect business relationships, regardless of its level of control over them. While the standards and associated requirements are now largely finalised, in early November 2022, EFRAG published a revised iteration to the draft ESRS, introducing certain changes to the original draft standards. While the broad requirements and content remain largely the same, some notable changes include: Structure of the reporting areas has been aligned with TCFD (Task Force on Climate-Related Financial Disclosures) and ISSB (International Sustainability Standards Board) standards – specifically, the ESRS will be tailored around “governance”, “strategy”, “management of impacts, risks and opportunities”, and “metrics and targets”. Definition of financial materiality is now more closely aligned to ISSB standards. Impact materiality is more commensurate with the GRI (Global Reporting Initiative) definition of impact materiality. Time horizons are now just a recommendation; entities may deviate and would disclose their entity-specific time horizons used. Incorporation of one governance standard into the cross-cutting standard requirements on the reporting area of governance. Slight reduction in the number of data points required within the disclosure requirements. ESRS and international standards By adopting double materiality principles, the proposed ESRS consider a wider range of stakeholders than IFRS® Sustainability Disclosure Standards or the US Securities and Exchange Commission (SEC) published proposal. Instead, they aim to meet public policy objectives as well as meeting the needs of capital markets. It is the ISSB’s aim to create a global baseline for sustainability reporting standards that allows local standard setters to add additional requirements (building blocks), rather than face a coexistence of multiple separate frameworks. The CSRD requires EFRAG to take account of global standard-setting initiatives to the greatest extent possible. In this regard, EFRAG has published a comparison with the ISSB’s proposals and committed to joining an ISSB working group to drive global alignment. However, in the short term, entities and investors may potentially have to deal with three sets of sustainability reporting standards in setting up their reporting processes, controls, and governance. Key differences The proposed ESRS list detailed disclosure requirements for all ESG topics. The proposed IFRS Sustainability Disclosure Standards would also require disclosure in relation to all relevant ESG topics, but the ISSB has to date only prepared a detailed exposure draft on climate, asking preparers to consider general requirements and other sources of information to report on other sustainability topics. The SEC focused on climate in its recent proposal. The proposed ESRS are more prescriptive, and the number of disclosure requirements significantly exceeds those in the proposed IFRS Sustainability Disclosure Standards. Whereas the proposed IFRS Sustainability Disclosure Standards are intended to focus on the information needs of capital markets, ESRS also aim to address the policy objectives of the EU by addressing wider stakeholder needs. Given the significance of the directive—and the remaining time to get ready for it—entities should now start preparing for its implementation. It is important that entities develop plans to understand the full extent of the CSRD requirements, and the implications for their reporting infrastructure. As such, they should take some immediate steps to prepare, and consider: Performing a gap analysis—i.e. what the entity reports today, contrasted with what will be required under the CSRD. This is a useful exercise to inform entities on where resources should be directed, including how management identify sustainability-related information, and what KPIs they will be required to report on. Undertaking a ‘double materiality’ analysis to identify what topics would be considered material from an impact and financial perspective—as required under the CSRD. Get ‘assurance ready’—entities will need to be comfortable that processes and controls exist to support ESG information, and that the information can ultimately be assured. The Corporate Sustainability Reporting Directive represents a fundamental change in the nature of corporate reporting—the time to act is now and the first deadline is closing in.

Chartered Accountant Eamonn Hughes is playing a leading role in Bank of Ireland’s Responsible and Sustainable Business Strategy. Hughes tells Accountancy Ireland about the four-year plan and his goals as Chief Sustainability and Investor Relations Officer  Before joining Bank of Ireland Group in February as Chief Sustainability and Investor Relations Officer, Chartered Accountant Eamonn Hughes had a longstanding career as a sell-side market analyst with more than 25 years’ experience in capital markets and domestic banking.  Having worked most recently with Goodbody, the stockbroking firm, as Irish Banks and Insurance Sector Analyst and, before that, Head of Research, Hughes also had a clear view of the swift rise in environmental, social and governance (ESG) to the top of the financial agenda worldwide. “I could see that ESG was becoming hugely important in capital markets and the financial sector. The climate crisis, in particular, is a critical threat, but also a significant opportunity,” said Hughes. “For our planet, there is no Plan B, but the discussion about sustainability is not just about climate change. It is also about creating a more sustainable business model. Our vision at Bank of Ireland is to be the national champion in Ireland, to use our balance sheet and resources to drive positive change for a better, fairer society and improve the environment. “This gives me a very strong framework to think about my role, because, if we can deliver on our ESG strategy, we can ultimately deliver a more sustainable business model for all stakeholders and positive returns for investors. “The ESG agenda also involves regulators, so disclosure and risk management are very important—and there are reporting frameworks in place, but they are evolving very quickly. This is one of the challenges we face and is also why transparency and the availability of clear data is so important.  “With my background in capital markets, I can clearly see the mobilisation in capital, and I think the banking sector has a very obvious supporting role to play in society’s sustainability transition.” Investing in tomorrow Bank of Ireland published its Responsible and Sustainable Business Strategy in March 2021, a year before Hughes joined the group.  Bank of Ireland’s four-year Investing in Tomorrow strategy set out its own goals to support the green transition, alongside two additional pillars: enabling colleagues to thrive; and enhancing customers’ financial wellbeing. The Investing in Tomorrow green transition pillar included the setting of science-based targets aligning the bank’s lending portfolios with the Paris Agreement. The international treaty on climate change, adopted in 2015 at COP 21, set out a goal to limit global warming to 1.5 degrees Celsius, compared to pre-industrial levels. “Data is key across all three pillars, because reporting is essentially an output of what we are doing in support of climate change, colleagues, customers and the organisation as a whole,” said Hughes. “We need to focus on how we interact with our stakeholders internally and externally and, in my role, investors are obviously a key priority. As investors now have to produce more disclosures themselves, they will need to engage more with us in terms of what we are doing on our own ESG journey.” Clear reporting strategy How Bank of Ireland communicates with, and reports to, stakeholders on the progress of its ESG strategy is a priority for Hughes in his role as Chief Sustainability and Investor Relations Officer. “Ultimately, we need to explain how we are meeting the targets set out in our strategy, and it is incumbent upon us to develop the capacity and skill sets we need to support reporting and strategy delivery,” he said. “My role is to support in delivering across all three pillars, which involves a lot of data-gathering internally, particularly from a regulatory and reporting perspective.” Detailed progress reports on ESG will now be a core part of Bank of Ireland’s annual reporting cycle. “We need to be able to demonstrate clearly that we are creating a sustainable business strategy, enabling colleagues to thrive in the organisation and enhancing financial well-being among customers, in addition to supporting the sustainable transition,” said Hughes. “Transparency is hugely important. There are a lot of differentials in this space, so we need to standardise our reporting; to be able to explain clearly and cohesively what we are doing and why.” Commercialisation is becoming increasingly important as Bank of Ireland continues to implement Investing in Tomorrow, Hughes said. “Like many banks, we are in the commercialisation phase of our ESG strategy with the creation of sustainable finance solutions for, and increasing engagement with, customers. We are supporting and incentivising customers through competitive rates to buy or build an energy efficient home or to retrofit their home or business to make it more energy efficient.” Sustainable finance fund Bank of Ireland recently announced a €3 billion increase in its Sustainable Finance Fund, which will bring it to €5 billion by 2024. The fund covers green propositions, including mortgages, home improvement loans and business  loans.  Bank of Ireland’s inaugural standalone Responsible and Sustainable Business Report, published in June, tracked the progress of its ESG strategy in 2021. More than €1.8 billion in mortgages, home improvement loans and business loans had been drawn down from the Sustainable Finance Fund by the end of the year, the report stated. Thirty-five percent of all mortgages provided by the bank in 2021 were green, rising to 48 percent in the first half of 2022.  Bank of Ireland was also the largest provider of wholesale finance for electric vehicles in 2021, providing finance to 13 of the 15 car manufacturer franchises. The publication of the Responsible and Sustainable Business Report marked a significant “step-change in the tracking and transparency” of the bank’s ESG reporting, Hughes noted.  “Our stakeholders—including customers, shareholders, and regulators—are demanding far greater transparency as to how we are meeting our ESG commitments,” he said. “This report provides insight into our strategic approach, appraisal of our progress to achieve our purpose, and information on the key focus areas we plan to progress in the years ahead. Being clear on ESG, and showing how you are delivering what you sign up to, is now a commercial imperative for all lenders, including Bank of Ireland.” Science-based targets Bank of Ireland has also committed to setting science-based targets across portfolios and operations to align lending practice with the low carbon ambitions set out in the Paris Agreement. “We completed two successful green bond issuances in 2021, raising €1.25 billion with the capital used to finance green buildings, renewable energy projects and clean transportation,” said Hughes. “Thirty-five per cent of the mortgages we provided in 2021 were green and we have also launched a green mortgage product in the UK.” Bank of Ireland is providing finance for the development of at least 750 megawatts of renewable wind capacity across the island of Ireland. The bank is also in the process of decarbonising its own operations—reducing absolute emissions by 88 percent between 2011 and 2021. Social and governance Although supporting the green agenda is a major part of Investing in Tomorrow, the strategy also sets goals for investing in colleagues and enhancing customers’ financial wellbeing. “We recognise the supporting role we can play in Ireland’s response to the climate crisis, but the ‘S’ and ‘G’ are equally important when we consider ESG,” Hughes said. “We have a strategy to improve the financial wellbeing of our customers and to foster a financially inclusive society.” Bank of Ireland was, Hughes said, supporting customers to become more financially confident, while also working to simplify processes, so that the “financially marginalised have easier access to banking services.” Financial health and inclusion  Bank of Ireland is one of 28 banks around the world that have signed the Commitment to Financial Health and Inclusion published in December 2021 under the United Nations Principles for Responsible Banking (PRB). A first-of-its-kind initiative aimed at promoting universal financial inclusion and health in the banking sector, its launch closely followed the publication of the UN’s PRB Collective Progress Report. The report identified financial inclusion as the third most pressing sustainability challenge facing signatory banks, behind climate mitigation and adaptation. “This UN initiative is particularly important in an environment in which we have a cost-of-living crisis and customers are facing major challenges in the medium- to long-term. The question for us is, ‘how can we deliver this particular skill set and support our customers at a time when they really need it?’” said Hughes. Bank of Ireland is also helping customers to “live more sustainably” with the recent announcement of the roll out of bio-sourced debit and credit cards. Launched in October, the initiative will over time replace all plastic debit and credit cards issued by the bank, to help support the reduction of single-use plastic. “If we are to live in a more sustainable way, we need to do things differently, including through our everyday banking. The introduction of bio-sourced cards is a very practical way we can help our customers to reduce their environmental footprint,” Hughes said. “As a bank, we are working very closely with our customers on the sustainability transition. As they deliver, we deliver. It is a symbiotic relationship and an exciting place to be.”