1. How it used to be (and still is):

Contracts:

The drafting of a contract used to depend entirely on human intervention. As long as the contract contained the fundamental elements of Cap.149, "offer", "acceptance", "consideration" an "intention to create legal relations" and was made for "lawful purpose", that contract could be enforceable by the parties, by the competent courts.

Due diligence process:

A due diligence process for the opening of a bank account, used to (and still is) a rather cumbersome process, requiring the disclosure of an applicant's personal data, such as passport copies, address details, academic and professional qualifications, income or tax statements, provided in original or certified copies, translated in a language which the financial institution understands and be ready to be disclosed under certain conditions to regulators applying anti-money laundering or anti-bribery regulations during routine checks (or otherwise).

Both processes described above, required (and still do), considerable human involvement, the undeniable genius of the human brain, inherent, however, with the inevitable human bias. The existence or not of a breach of contract would be determined by a learned human mind. In the same way a learned human mind would decide whether an applicant has complied with all know-your-client requirements and is eligible to open and operate a bank account at a specific financial institution.

2. Disruptions:

The process worked pretty well until the following happened:

  • The internet revolution, with Web 1.0 (read-only web), then Web 2.0 (more user-generated content and interaction, birth of the social media), and as of May 2022 Web 3.0 (work-in-progress);
  • The birth and advancement of distributed ledger technology (blockchain) and monetisation of digital tokens as the new currency;
  • High-profile due diligence trade scandals costing reputable financial institutions billions in damages and costs;
  • The Metaverse;
  • If there can be one Metaverse, can there be more?

3. In the cusp of a new era with an ambitious aim of creating the world's first banking platform on Web 3.0.

In June 2022, and well-within the era of "code is law" the aim of this article, is to note a transition further into technology, and further into a new arena in which commercial transactions are now taking place. There are numerous issues with contracts and due diligence procedures catching the new wave of computing, running on the blockchain, and these are faced also by a new type of companies: ones that exist and operate in Web 3.

In exploring these challenges, we draw in knowledge and information from our conversation in May 2022, in London with Richard Shearer, CEO of Tintra PLC's, a publicly listed company in London and New York, that recently announced its aim of becoming the world's first banking platform on Web 3.0.

Talking to Richard, we soon realised that to be able to understand the new commercial arena, it will be necessary to remove ourselves from pre-conceived ideas about the law, and its application. The new commercial arena runs on code (albeit still) man-made code. Many of the contracts that used to require human intervention, now run automatically on blockchain. Financial technology makes it possible to trade using adaptable algorithms and facilitate international payments instantly, regardless of one's actual location. Legacy banks appear to be falling behind these technological leaps, especially by reference to the amount of human input required at least with regards to applying due diligence procedures for authorising the opening (or not) of accounts or approving the transfer of funds.

Financial inclusivity

Technology has been taking leaps towards a new virtual reality, in the last couple of years. And yet, persons living in specific non-Western jurisdictions may not be able to access the new commercial arena, may not be able to transact in this arena because they may "lack" those pre-determined features that would make them eligible. What if, technology was inclusive, so that the "users" or bank account opening applicants were evaluated by objective (not subjective) standards and they were given the chance to transact with the same ease as if they lived in the heart of EU? What would that mean for the global economy?

4. "Code is law" -Is this the new legal norm?

Law and technology or rather, technological advancement, are now intrinsically linked with the "user". In key commercial transactions as well as regular due diligence processes, the "user" plays a central role in the negotiation of contract terms, performance of contracts, or the preparation and supply of due diligence information. The "transaction arena" has now moved almost exclusively online, soon to run on Web 3.0.

As crypto is gaining momentum with the price of Bitcoin regularly causing vertigo in the financial world, the coin is "just the tip of the spear" as reported in HBR. "Blockchain is now being deployed to new ends: for instance to create "digital deed" ownership records of unique digital objects -or nonfungible tokens."(https://hbr.org/2022/05/what-is-web3). Although the hype of NFT is colourful and adrenaline-inducing enough to catch the eye of my 11 year-old daughter, in reality, NFT's in their simplest form are embedded on basic legal concepts and terms such as "ownership rights", "property", and "contractual obligations". The scary thing about them is that they run on NFT marketplaces which represent decentralised platforms, where regulation is non-existent. So, when my daughter's newly acquired fake Board Ape Yacht Club NFT couldn't be sold, we had a problem.

Contracts on blockchain require user's input, and oftentimes little to no involvement by lawyers or even an application of traditional law. With all inherent risks. The "immutability" of blockchain, however, may not be able to apply necessary, traditional legal values, within which contractual relationships or due diligence processes can be created, operate or even be enforced.

We asked Richard, how Tintra PLC's Web 3.0 banking platform can address the immutability of blockchain, in the context of ever dynamic data such as Know-Your-Client information. "The thing that gets missed with blockchain is that if used correctly it has the potential to be a much more reliable form of KYC than asking a prospective client for information and having to trust in many cases that they are being honest. This form of compliance allows us to look backwards into a customer's history for trend lines that can assist the onboarding process. That is only part of the solution though, it only reaches its full potential if post-onboarding there is a move to always-on KYC," Richard said, which is as breakthrough as it is complex to understand, given the current regulatory framework governing data protection, anti-money laundering and anti-bribery laws as well as laws combating tax evasion and base corruption.

In an insightful analysis of whether contracts on the blockchain can form a new legal system with pre-defined self-executing, self-enforcement for contractual relationship, Dr. Michael Juenmann and Dr. Udo Milkau (https://www.twobirds.com/en/insights/2021/germany/can-code-be-law) unveiled that "code is law" carries with it an inevitable, fundamental flaw: smart contracts with a longer life-cycle will end up with unpredictable errors sooner or later, and this fact contradicts the idea of a pre-determined description of smart contracts with a deterministic behaviour". In a May 2022 article US, business litigator John B. Quinn comments that "code cannot necessarily account for every eventuality" (https://www.forbes.com/sites/forbesbusinesscouncil/2022/05/17/code-is-law-during-the-age-of-blockchain/?sh=430db6ac2adb Code Is Law' During The Age Of Blockchain).

This is particularly relevant to the personal information that users provide for the opening of bank or other financial accounts, which is subject to the change of circumstances, often even beyond the user's control such as when users become subject to sanctions or other geopolitically-driven repercussions restricting their access to legacy banks.

5. What is Web 3.0 anyway?

For lack of a legal definition, we refer to Web 3.0 advisers such as Packy McCormick as quoted in T.Stackpole's article (https://hbr.org/2022/05/what-is-web3 ) where he referred to it as "the internet owned by the builders and users, orchestrated with tokens." Moving away from the obvious use for transactions in crypto, Web 3 appears to be "using blockchain in new ways to new ends," Stackpole says. User dominance on Web 3.0 is a matter of fact, as per Jad Esber and Scott Duke Kominers "In Web 3, instead of platforms having full control of the underlying data, users typically own whatever content they have created." (May 2022 HBR). Another attempt to define this new reality, by Bernard Marr in January 2022, as published in Forbes (https://www.forbes.com/sites/bernardmarr/2022/01/24/what-is-web3-all-about-an-easy-explanation-with-examples/?sh=2e4a881a2255), Web 3.0 was described "currently a work-in-progress and isn't exactly defined yet. However, the main principle is that it will be decentralized - rather than controlled by governments and corporations, as is the case with today's internet - and, to some extent, connected to the concept of the "metaverse."

We particularly liked Davy Smith's description of Web 3.0 which he called "a version of a virtual world." And then asked us to imagine multiple virtual worlds, "in which Tintra can provide an infrastructure for users to interact in a borderless way." Davy Smith leads Tintra's AI Research Laboratory.

6. If it's unpredictable, if it's decentralised, what can be built in Web 3?

In an obvious question to an AI developer at Tintra, "how can a banking platform operate in a Web 3.0 environment", Davy described Web 3.0 as one version of a virtual world. Richard added that there can be multiple virtual worlds, "with Tintra bridging these universes enabling users to interact in a borderless, seamless way." From our experience, there is nothing seamless in fund transfers, given the application of the GDPR, the 5th EU AML Directive etc. There is a necessary long pause, which gives time to a team of professionals experienced in financial operations, to review and evaluate all parties involved and the transaction (contracts) itself, before any funds transfer can be achieved. Payments and funds' transfers as we know them depend on a thorough an up-to-date client acceptance and transaction due diligence procedure. How can a bank operate on Web 3, when a significant part of the banking process, still depends on human discretion?

The same way that contracts, still depend on bounded rationality a concept developed by Simon H.A. in 1991 ("Bounded rationality and organisational learning" Organization Science 1991) and extended by Gigerenzer and Selten ("Bounded rationality. The Adaptive Toolbox. Cambridge. MA: MIT Press 2002). Bounded rationality is based on the premise that since the future is uncertain, any decision made by individuals has to be made with limited rationality and based on subjective experiences. Therefore, no computer program (and no contract, however "smart" it would be) can include all possible situations to be managed later (as mentioned by Dr. Junemann and Milkau). And if that is the case, then how can a client acceptance procedure, be implemented that allows a banking platform to operate in a frictionless, borderless manner, within the context of the law. Tintra's answer as formulated by CEO Richard Shearer is interesting. Such a dynamic can exist with artificial intelligence, but only when it is ensured that such a technology is inclusive, free-from-bias, constantly updated and runs on Web 3 decentralised principles. And the underlying objective? To remove human bias in the context of client acceptance, due diligence procedures enhancing borderless, frictionless legally compliant transactions.

Software engineers would suggest that removing human bias is next to impossible, due to the inevitable interaction of the user with the code. The user carries subjective bias which inevitably infiltrates the code that will then be used in the software applied to conclude a contract or decide upon a person's eligibility to have an account opened or determine whether a transaction is compliant under AML.

7. "Always-on KYC" -what does it even mean?

Richard's view is that "always-on KYC" is the answer to borderless and frictionless client acceptance, due diligence procedure and even payments as a means of smart contract performance. In brief, "always-on KYC" refers to a distributed ledger that is updated in real-time, with the user's current information. So that the banking platform responsible to process the client's transactions, is made aware of any change in circumstances on a daily, or perhaps even hourly, basis. Rather than periodically or even annually as is the case in most legacy infrastructure.

We can think of at least one large EU bank that could benefit from an "always-on KYC", given the Archegos scandal in 2020 which led to Credit Suisse suffering over USD 5,5 bln trading loss when its client the Archegos Capital family office collapsed. The Bank's new CEO Axel Lehmann admitted that the bank failed to "anticipate material risks in good time", while the Employees Retirement System for the City of Providence, on filing a lawsuit against the bank, stated that the fundamental problem with the bank was that its board "did not provide the resources, the people, the technology, systems and controls needed to comprehend the overall risk the bank was taking on, much less manage that risk." ("Credit Suisse admits Lax Approach led to scandals" FT May 11, 2022" https://www.ft.com/content/afdaaf7f-e4f0-477a-a52a-3e7e0692db4d).

Certainly the cost of maintaining an operating system that can flag risks in transactions, or spot rogue traders or ineligible clients is high. However, building such system on a private or public distributed ledger means there is as much trust in it as there is immutability, and in light of the cost of getting it wrong, there is an argument for investing in technology that supports getting it right.

Considering the high-profile cases where millions or even billions of dollars were transferred within highly reputable financial institutions, in breach of a string of AML and anti-bribery laws, it is inevitable to conclude that depending on the human factor and perhaps, more importantly on a "western" perspective of what constitutes a compliant and non-compliant client or transaction, may no longer suffice. And it is at this point that Richard's vision of an informed software that is built to distinguish between clients not on "western" standards but on standards created by an inclusive distributed ledger technology, becomes a rather appealing solution. "The real breakthrough here, is in building technology that allows us to build a regulatory framework that's ad hominem -directed at you as an individual with the rights that you deserve rather than lazy categorising by nationality, social background or even more uncomfortable signifiers" Richard says.

8. Financial inclusivity -the case of the informed KYC software

The performance or enforcement of a smart contract may trigger new KYC obligations -in an article by EBRD and Clifford Chance this is displayed by a simple example of a wire-transfer exceeding certain limits ("Legal Reform Access to Finance" https://www.ebrd.com/ebrd-legal-reform-access-to-finance-and-fintech.html). As mentioned in the said article "the software will need to be able to identify such triggers and to execute actions only if the relevant KYC requirements are met." The argument concludes that in that case human input may be necessary.

To this conclusion, Tintra's proposal as envisioned by its CEO Richard Shearer, is the financial inclusivity of the software. How can that be achieved in light of the biases we have previously referred to? By "feeding" the software with data that's regional and jurisdictional-specific and probably in troves so that users based in Costa Rica can open, operate and transact through the banking platform with the same ease as those based in Nigeria, the UK, Australia and Singapore.

If one thing is true about the Covid-19 pandemic, is that it has revolutionised terms such as "locality" and "connectivity" by unearthing ways to achieve them remotely. Distances have been bridged, and through the isolation of the various lockdowns and the distance created between users and their place of work, or users and their banks, another type of connectivity emerged between users with the ability to meet and interact virtually during a universally common experience.

In the same way that verification of one's identity and signature can now take place digitally, through legislation that approves electronic means, client acceptance, due diligence and contract performance can also take place with much less (if any) human intervention. The responsibility is on the providers to ensure that the system which can arguably only run on distributed ledgers, is inclusive and constantly updated. One of the challenges of smart contracts is software aging, but it can arguably be addressed where the users become builders on Web 3.0.

9. Does existing EU legislation sufficiently cover "smart contracts" and "smart due diligence"

In an article by EBRD and Clifford Chance, https://www.ebrd.com/ebrd-legal-reform-access-to-finance-and-fintech.html) the importance of assessing existing legislative and regulatory frameworks was considered crucial in determining whether adjustments to existing laws may be necessary or even desirable to better facilitate the use of smart contracts. As the article concludes, "new legislation might also be needed; for example, to specifically recognise the use of distributed ledgers as a record of ownership of an asset, which existing law might not allow."

It appears that in the foreseeable future, Contracts Law Cap.149 as well as Companies Law Cap.113 will both require updates that allow technology to operate alongside the law in the creation and performance of contracts. Moreover, the applicable AML laws and GDPR will require to adapt to an application in a new technological environment.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.