UK: Business Behaviour

Last Updated: 29 July 2019
Article by Peter Montagnon

Boards need to stay on top of artificial intelligence and cyber risk, whilst simultaneously making more ethical and philosophical decisions

Imagine you are on the board of a motor manufacturing company. Technology nowadays permits a level of automation in cars that will make our roads safer and lead to fewer deaths. But it will also occasionally fail, leading to spectacular accidents which the public will blame on the premature introduction of technology.

Would you approve a project to introduce the latest automatic features into your range? If you do not, more people will die on the roads, but, if you do, your company’s reputation would be trashed at the first major failure.

This is the sort of decision that companies are increasingly having to make about the use of advanced technology in their business. The choice is a difficult one, but it is only tangentially about technology. It belongs primarily in the familiar category of risk appetite and risk oversight.

One of the central conclusions of the Institute of Business Ethics latest Board briefing on Corporate Ethics in a Digital Age is that, while boards need to get on top of artificial intelligence and cyber risk, most of the decisions they will need to make are more ethical and philosophical than technical in nature.

The Ethical Dimension

Getting these decisions right will bring competitive advantage because companies will be able to exploit the new opportunities in a climate of trust, and it is not surprising that ethics is centre stage.

This is for two reasons. First, the use of big data creates an information asymmetry that confers power on those who control it over those to whom it relates. Wherever there is an imbalance of power, there is the potential for ethical risk. Second, machines may be rational but they are not moral. They are incapable of making qualitative judgements and someone has to make sure the ethical dimension is considered at critical moments.

From a governance point of view the process starts with the need to ensure that the board remains in control. In the old days, boards could wield power easily because they understood how their business functioned at the coal face. Their judgement, delivered with seniority and expertise, provided strategic direction and oversight.

Now the task is harder because data scientists, who may be technically quite junior and lacking in broader business experience, may be using their skills quietly to create risks that no rational company would be prepared to run. For example, the derivatives team that caused catastrophic losses at UBS in the run up to the banking crisis appears to have been operating beyond the reach and understanding of the board.

Yet boards remain accountable for what happens. The challenge for directors as they confront the technology revolution is to set appropriate limits and also to ensure that appropriate risk mitigation is in place.

Here values and corporate culture play an important role. If the concepts of honesty and respect for the rights of others are properly embedded in the business, then the risks that a rogue employee will put the whole enterprise at risk are smaller. Particular effort may be needed to ensure that tech teams are aware of the values and develop a habit of thinking about the broader implications of what they are doing.

Sometimes it may even be right for a board to reject a new process or product, because it is so complicated that no one can explain it to them clearly or because they cannot evaluate the risks properly. In this case – just as with the choice about the new car range discussed above – the role of the board is to recognize the need to draw the line and then to draw it in ways with which they are comfortable and which are compatible with the firm’s values.

Some basic principles apply. First, it is important for directors to ensure that there is always what one insurance executive calls ‘a human in the loop’. This is someone who can recognize when machine learning is throwing up perverse conclusions and put a halt to the use of that particular programme.

Second, it is important that the benefits of the new technology are shared. The analogy here is with Monsanto and its campaign to introduce genetically modified crops some ten years ago.

Although some people will never accept that such products are safe, even if they have been declared so by the relevant authorities, it is true that Monsanto’s seeds were potentially useful in increasing crop yields. The company undermined its case by trying to keep most of the benefits for itself through rigorous and selfish enforcement of its patent rights. Had it been prepared to share the benefits more widely, its products might have been less controversial.

So it is with AI Firms that use machine learning simply to generate advantage for themselves. They may end up incurring the wrath of the public and, if they push their advantage too far, large fines from the competition authorities. This occurred, for example, last year when the EU authorities fined Google 4.34 billion Euros for what it described as illegal practices regarding Android mobile devices to strengthen the dominance of Google’s internet search engine.

Open Businesses

One of the generally recognised characteristics of an ethical approach to business is openness. Businesses which are open about what they are doing are generally regarded as more ethical and more trustworthy. In the sphere of AI, this is particularly important because of the risk that all decision-making may seem to disappear into a black box.

For this reason financial regulators often expect firms to be able to explain how a decision is made, an expectation that may be difficult to comply with, even today because of the level of sophistication now reached by algorithms. One solution may be to abandon the use of a particular algorithm, even though the overall results may become more accurate as they become less explainable. That is another line that boards have to draw.

It can help if they oversee the way in which the algorithm is being used. They can insist that the company tests its decision-making by feeding in different data, comparing the results to see whether they are consistent and reliable and then tweaking the algorithm to correct any bias. They can keep an audit trail of the data that was used in the model creation, together with ad hoc and periodic reviews of AI deployments and decisions. Most importantly, there must be capacity to challenge or override machine-made decisions when they are clearly wrong in terms of common sense.

Client Data

One overarching requirement is the need to treat individuals fairly. Boards need to have a clear view about what is acceptable and what is not in terms of using client data to anticipate and manipulate their preferences, or in terms of overseeing their workforce, for example by secretly analyzing their keyboard use for signs of stress.

They need also to have a very clear view of what they would do if their company is subject to cyber attack and what they need to do to reduce the risk of this happening. As far as the latter is concerned, we are back to values and behaviours. Since a lot of hacking happens as a result of internal error, companies need to ensure their employees are aware of the risks to the company and to themselves of not following due process.

If they are attacked they need to be able to tell how much data has been lost. That means keeping a continuous audit of what data they hold and where. They need also to have carefully planned procedures around disclosure and crisis management.

All of these issues are now matters for boards to oversee. The origins lie in technology but most of the time they are about understanding where to draw the line on acceptability and about putting processes in place around risk mitigation. Boards need to understand what the technology does and how it is developing. For that they need reliable advice, possibly from a trusted Chief Technology Officer or a specially appointed advisory panel.

But they do not need to be technology experts themselves. Directors should not use their lack of technology expertise to shy away from the task. The qualities required of them are an ethical mindset, experience in business judgement and the management of risk, and the kind of intellectual curiosity which seeks out new opportunities.

Competitive advantage will accrue to those who are able to those who bring these qualities to bear. 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

In association with
Related Topics
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions