Financial Services Focus
David YatesPartner, Head of Digital & Data
The term “digital transformation” can refer to anything from information technology modernization to digital optimization, and to the invention of new digital business models. In some cases, the term is used to refer to modest initiatives such as putting services online or legacy modernization.
Many financial services providers in the MENA region are at a certain point in a “digital transformation journey”. Where that point is will vary from organization to organization. Financial services providers are making significant investments to enhance customer experience and engagement through the development of new digital products and capabilities. Organizations are also using technology to improve and enhance internal processes, and to change the quality and quantity of data and analytics available to stakeholders to pursue a proper data-driven approach to decision making, particularly in a context where regulators aim to ensure transparency in decisions making.
Established financial services providers are engaging in digital transformation in a range of ways. For instance, launching digital apps to enhance customer payments experience, upgrading websites to operate as proper digital platforms, enabling an increased range of customer transactions online without attending a branch, investing in fintech start-ups to pursue the development of innovative technologies, expanding the use of cognitive technologies into areas like advisory and risk, and strengthening digital leadership across the organisation. To achieve this, financial services providers are acquiring new technology, investing in other organisations (including start-ups) who are developing that technology, developing the technology in-house, and partnering with other organisations to do so.
Many financial services providers in the MENA region are at a certain point in a “digital transformation journey”. Where that point is will vary from organization to organization.
In some respects, the applicable legal framework is supportive of digital transformation initiatives. We have seen comprehensive data protection laws enacted in most countries in the region, and banking regulators are willing to consider and approve various outsourcing arrangements, investments and partnerships, and the delivery of financial products and services to customers in innovative ways. In other respects, the legal framework is not evolving quickly enough, such as in relation to the use and effective legal recognition of electronic signatures, and the use of biometric data to enter into contracts and engage in transactions.
Regardless of the nature and scope of a digital transformation, it will involve the adoption and implementation of new technology means. This will give rise to an increase in the financial service provider’s “technology legal risk”. An organization’s “legal risk” is the risk of loss or damage to the organization caused by events such as a defective transaction, a legal claim for example because of the termination of a contract, failing to take appropriate measures to protect assets, or a change in the law such as in relation to data protection. Such loss or damage could be because of action taken by a regulator. Technology legal risk is the potential for the organization to suffer loss or damage because of any of these scenarios in connection with the technology environment of the organization.
An inhouse legal team will often be engaged by the IT team to review a single contract for the acquisition or licensing of technology, or a vendor’s terms and conditions, and the legal team will be expected to provide its feedback on that item standing on its own. In addition, the IT team will approach the legal team, usually with some urgency, when something has gone drastically wrong with a particular application, system or application. In this situation the legal team scrambles to understand that application or system and the applicable contractual framework to assess the risk exposure both in terms of the vendors, customers and other stakeholders.
What this means is that the legal team’s engagement with the technology environment of the organisation is passive. The legal team can only react to a situation that already has unfolded and maybe significantly advanced. Further the legal team only ever engages with the technology environment of the organisation in a singular fashion, often in a vacuum, and detached from a proper understanding of other applications or systems, and other contractual frameworks, even though these interoperate, and working together could generate significant risk for the organisation.
In essence, the role of the legal team is legal risk management, including technology legal risk. However, if the legal team is engaged by the information technology team in the manner described above, the legal team can only identify, assess and control legal risks in relation to the technology environment of the organisation in an extremely limited manner. This necessarily means that insufficient controls have been put in place and that the actual residual technology legal risk present in the organisation is likely to exceed its appetite for such risk.
We support our financial services clients in their digital transformation journey in three distinct ways.
First, transaction support. Our team has wide ranging experience assisting clients with all manner of technology, intellectual asset and data transactions, including technology acquisition and licensing, and data sharing, derivative data projects and collaboration ventures. We assist clients to review and negotiate vendor contracts. In major projects we prepare specific contracts for customers to present to vendors, often in the context of an RFP. We shape the nature and scope of our support for a client according to its specific needs. That is, we can take the lead in negotiations with vendors, or stay in the background and support in-house teams to conduct those negotiations. Depending upon the volume of transactions involved and the work required, we can agree a range of flexible fee arrangements which, as much as possible, give a client certainty in terms of future legal spend.
Second, regulatory advisory. The telecommunications, electronic signature, data localization, and data privacy legislative regimes have changed considerably in the last few years in virtually every jurisdiction across the region, and there remains considerable uncertainty in key markets as to the eventual application of these laws. Our multi-jurisdictional team can advise clients on the impact of this regulatory framework upon the technology projects comprising a client's digital transformation journey. As the new laws are yet to be properly interpreted, and in the absence of clear guidance on their operation, our ability to communicate effectively and efficiently with relevant regulators in each jurisdiction can add considerably to a client’s confidence that its actions will be in accordance with the law once the scope of that law is properly understood.
We can assist a client to manage the inherent technology legal risk across the organization’s current technology environment, and thereby equip and empower the legal team to adopt a proactive approach going forward.
Third, technology and data governance. This has two perspectives: What is the status now? And how can we better govern what is to come? We can assist a client to manage the inherent technology legal risk across the organization’s current technology environment, and thereby equip and empower the legal team to adopt a proactive approach going forward. It is important to prioritize. We will work with the legal team and the information technology team of a client to develop a risk hierarchy in respect of the various applications, systems and infrastructure within the technology environment. Then we can identify which applications, systems and infrastructure we should tackle first, and develop a project plan and timeline for the remainder of the technology environment.
Finally, we assist clients to develop data and other intellectual asset governance programs. This involves identifying the data sets and other assets (which is not always as simple as it sounds), identifying the proposed uses and any vulnerabilities, understanding how to maximise the value of the data and assets, identifying the relevant stakeholders for the data and assets, and allocating specific responsibilities to each of them. Two key elements in any good governance project are transparency and accountability. Good governance in this manner proactively manages the organisation’s inherent technology legal risk.
For further information,please contact David Yates
Published in February 2023
