“Do you want a shot of novocain? / No, I want a shot of you getting a diploma.”

There’s been yet another story about fake medical qualifications in the news. A woman from New Zealand spent a couple of decades working as a consultant psychiatrist in our National Health Service (NHS) before it was discovered that she had made up her medical degree and forged a bogus letter of recommendation from Pakistan. The deception only came to light after she had been convicted of trying to defraud an elderly patient.

Now, I rather imagine that if I were a hospital or a medical centre or a GP practice employing a new doctor, I might be tempted to at least look them up on LinkedIn or something before I let them get their hands on a patient but I suppose that under the NHS it’s considered ungentlemanly or discriminatory or just plain rude to ask a prospective clinical employee for verifiable evidence of any valid qualifications. We are English, so we take people at their word. Unfortunately, dictum meum pactum. May not survive the 

While fake doctors seem to be something of an issue, as I have written before, I am English and therefore far more concerned about the epidemic of deceptive dentists across our green and pleasant land.

When I read that a “bogus dentist with no qualifications managed to fool her employers at NHS hospitals for nine years before being discovered” it makes me shiver.

When I see a woman convicted at Birmingham Magistrates’ Court on two charges of carrying out dentistry work without holding any dentistry qualifications, I get twitchy.

When I find out that Manchester Magistrates Court convicted a man who had no dentist qualifications, used a false name and was fraudulently using the registration number of a genuine dentist, I begin to think about leaving the country for good.

When I discover that a bogus dentist (an asylum seeker who told immigration officers he had a dental practice in Iran) took a dead dentist’s identity, drilled without a local anaesthetic and did expensive fillings that crumbled within days, I have trouble sleeping.

(Which again reminds me of the late lamented Robert Schimmel’s joke about visiting the dentist: “Do you want a shot of novocain? / No, I want a shot of you getting a diploma.”)

How can this happen, you might wonder, in a world where the blockchain exists? As Don and Alex Tapscott remind us in “Blockchain Revolution”, the “blockchain can hold any legal document, from deeds and marriage licenses to educational degrees and birth certificates”. And indeed managing educational qualifications seems to be one of those things I hear about at conferences where the magical properties of the blockchain are going to transform the sector and bring about a new era of peace and prosperity.

But how?

Suppose there was some global educational qualifications blockchain. That wouldn’t by itself fix anything as far as I can see. How exactly would the blockchain stop fake dentists from fixing my teeth with superglue and polyfilla?

I happened to look at a couple of projects in this space earlier in the year, and I can tell you that much of the wishful thinking projected onto the blockchain is really nothing about consensus or immutability but, as in so many other cases, really all about interoperability. There is no global standard for education qualifications, there is no global trust framework for organisations able to create qualifications (and their regulators) and there is no global infrastructure for digital signatures in that framework.

Think about it. If you present me with a Ph.D in Quantum Philosophy from the University of Woking, I need to be able to establish a trust chain that tells that there is a WokingU, that WokingU was authorised to award Ph.Ds at the time that you’re Ph.D was awarded, that the Ph.D you are presenting is real and signed by WokingU and that you are indeed the subject of the Ph.D award.

All of these problems have to be solved before we get near to figuring out whether a global blockchain might or might not be a better place to store such qualifications that either a global database of qualifications or a scheme for federating qualification repositories.

Gold cards vs. gold cards

According to a reputable news source (well, the Daily Mail) the Royal Mint is casting (sic) around to find things to do when the Treasury caves to the inevitable and tells them to quit wasting everyone’s time and money by minting coins. They’ve come up with the idea of making a credit card out of real gold. They are apparently working on ways to get 18-carat gold cards to work in ATMs and, of course, at contactless terminals.

The cards will have the owners signature engraved on the back (I’ve no idea why, since the card schemes are discontinuing the use of the pointless signature panels on cards) and will apparently be worth $3,000 each which (as a number of Twitterwags immediately pointed out) will greatly increase the number of fake ATMs in the streets around Belgravia after midnight.

This isn’t the Royal Mint’s idea, of course. They stole it wholesale from 30 Rock a few years ago.

There’s another kind of gold card that is worth considering: not one that is made of gold, but one that is backed by gold. I wrote about this idea more than a decade ago, using the example of an Islamic electronic gold card, saying…

“Given the desire to transact with the convenience of a card but in a non-interest bearing currency, it would seem to be a straightforward proposition to offer a gold card that is actually denominated in gold. An Islamic person tenders their chip & PIN gold card in Oxford Street to buy a pair of shoes: to the system it’s just another foreign currency transaction that is translated into grams of gold on the statement. If, at the end of the month, the person has used more gold than they have in their account then they can use some of the bank’s gold for a time at a fee. Hey presto, no interest. And if said Islamic person wants their gold then they can, in principle, go to the relevant depository and draw it out (minus a handling fee, naturally). Would interested credit card issuers form an orderly queue, please?”

Nowadays you’d implement the gold card as a cryptoasset that is institutionally linked to gold in a depository I suppose, but the idea of a turning store-of-value gold into means-of-exchange e-gold remains interesting: there are a great many people around the world who would prefer to pay and save in gold rather than any more modern medium. As it happens, the Royal Mint were go to have a go at this too with their RMG blockchain-based crypto asset until the spoilsports at the Treasury told them to knock it off and get back to making commemorative Brexit 50p coins.

So gold cards, or cards backed by gold or cards backed by assets backed by gold? My bet is that in the long run regulated token markets will win out but I’m genuinely curious as to your opinions on this.

[updated 29th October 2018 to include the government tell Royal Mint to stop crypto asset development.]

Twenty Years Ago!

………..the second Consult Hyperion seminar on……….

………….. D I G I T A L … M O N E Y …………….

The Tower Thistle Hotel London March 8-9th 1999

………………Confirmed Programme…………………

Day One: Economic & Business Issues

Chair Duncan Goldie-Scot Editor, Financial Times Virtual Finance Report

Keynote Address: European Multiple Currencies Sir Richard Body, M.P.

Digital Money is a Social Issue David Birch, Director, Consult Hyperion.

The European Digital Money Picture Dag Fjortoft, Deputy General Manager, Europay International.

Telecommunication Service Providers as Payment Operators Norman Bishop, Product Manager for Micropayments and E-Cash, BT.

Retailing and Digital Currencies Paul Arnold, Head of Tesco Direct.

The European Mass Market: Digital TV’s Requirements for Digital Money Richard Cass, Transactional Commerce Manager, British Interactive Broadcasting

Digital Money and Digital Phones: Europe’s Advantage Tim Baker, Wireless Marketing Comms. Manager, Gemplus

Transforming Businesses with Digital Money John Noakes, Business Manager for E-Commerce & Supply Chain, Microsoft UK.

Day Two: Regulatory & Technical Issues

Chair Ian Christie Deputy Director, DEMOS

A Legal Pespective on Digital Money in Europe Conor Ward, Partner in Computers, Communications & Media, Lovell White Durrant.

A View from the European Commission Philippe Lefebrve, Head of Sector in Financial Systems, European Commission DGIII.

The Technologies of Digital Money Marcus Hooper, Principal Payments Technologist, IBM United Kingdom.

Visa and Digital Money Jon Prideaux, Executive VP New Products (EU Region), Visa International.

Making Digital Money Work. Tim Jones, Managing Director of Retail Banking, National Westminster Bank plc.

Experiences from an Operational Micropayment Scheme Nigel Moloney, Senior Manager in Emerging Markets Group, Barclays Bank.

Mondex: A Status Report Victoria Mejevitch, Mondex Product Manager, Mondex International.

The Common Electronic Purse Specification (CEPS) Daniel Skala, Executive VP for Sales, Proton World International.

Brazil? Ah, I get it…

I was as alarmed as I am sure all of you were to read a story in Computing telling how EMV cards could be cloned with malware. Now, as you might imagine, were this to be true it would be a matter of the highest priority in the world of card issuers. If EMV cards could be cloned (spoiler alert: they can’t) then the whole world of payment cards would collapse. Since my I spend some of my time in that world, yet hadn’t heard anything about this catastrophic turn of events, I was naturally curious as to the accuracy of the report. Delving further into the “news” story, I found the interesting qualification that the fake cards work “on virtually any Brazilian POS system”.

Brazilian POS systems? What? Ah, wait… Now I know that they are talking about. Sadly, this yonks old hack won’t work in most places any more. But it does work in a few remaining places, and Brazil is one of them. Why? Well because Latin America, an early adopter of EMV, is still heavily reliant on “static data authentication chips”, which allow the criminals exploiting them to create usable new chip cards with the data that they can extract.

Thus problem isn’t that “EMV cards” can be cloned. They can’t. The problem is the use of Static Data Authentication (SDA) in EMV. We all knew about this many years ago. In fact, although lots of people knew about this, at the time we thought it would have been irresponsible to blog about it, so I put it to one side until stimulated by an enquiry from Brazil, I finally wrote about it back in 2014, explaining in detail what the problem was, how it was fixed and why it was no longer a worry.

So, no need to panic. Having put your mind at rest (unless you are a Brazilian card issuer, in which case my colleagues at Consult Hyperion stand ready to answer your call) I cannot resist re-telling the story that explains what the “malware” does…

Many years ago, when my colleague at Consult Hyperion were testing SDA cards in the UK, we used to make our own EMV cards. To do this, we essentially we took valid card data and loaded it onto our own Java cards. These are what we in the business call “white plastic”, because they are a white plastic card with a chip on it but otherwise completely blank. Since our white plastic do-it-yourself EMV cards could not generate the correct cryptogram (because you can’t get the necessary key out of the chip on the real card, which is why you can’t make clones of EMV cards), we just set the cryptogram value to be “SDA ANTICS” or whatever (in hex). This is what the criminals referred to in the story are doing. Now, if the card issuer is checking the cryptograms properly, they will spot the invalid cryptogram and reject the transaction. But if they are not checking the cryptograms, then the transaction will go through.

Untitled

You might call these cards pseudo-clones. They act like clones in that they work correctly in the terminals, but they are not real clones because they don’t have the right keys inside them. Naturally, if you make one of these pseudo-clones, you don’t want to be bothered with PIN management so you make it into what is called a “yes card” – instead of programming the chip to check that the correct PIN is entered, you programme it to respond “yes” to whatever PIN is entered.

We used these pseudo-clone cards in a number of shops in Guildford as part of our testing processes to make sure that issuers were checking the cryptograms properly. Not once did any of the Guildford shopkeepers bat an eyelid about us putting these strange blank white cards into their terminals. But I heard a different story from a Brazilian contact. He discovered that a Brazilian bank was issuing SDA cards and he wanted to find out whether the bank was actually checking cryptograms properly (they weren’t). In order to determine this he made a white plastic pseudo-clone card and went into a shop to try it out.

Untitled

When he put the completely white card into the terminal, the Brazilian shopkeeper stopped him and asked him what he was doing and what this completely blank white card was, clearly suspecting some misbehaviour.

The guy, thinking quickly, told him that it was one of the new Apple credit cards!

Cool” said the shopkeeper, “How can I get one?”.

The Bitcoin rule of thirds, and what Bitcoin tells us about the future of money

In my presentation to Seamless Payments in Australia, I made reference in passing to the nature of the Bitcoin universe and how informs thinking, so I thought I’d take the time to explore that thinking in a little more detail to explain my comments.

I don’t have the exact figures to hand, but as I understand it the Bitcoin coinbase breaks down roughly into thirds…

 A third of them are lost (well, last year 23% but I think it will get worse as more people forget their passwords). This is because (like me) someone wiped their old phone wallet away and forgot to transfer it over to their new phone wallet first or because they accidentally threw away the old hard disk with all the Bitcoins on them or because the dog ate the Bicoin cold wallet or because they died or whatever. As Jonathan Levin of Chainalysis, who I regard as the “go to guy” for tracing Bitcoins, told NPR in January: “For the people that have lost their bitcoins, I say tough luck”.

(These lost Bitcoins, as my good friend Steve Bowbrick rather eloquently observed, are like treasure in sunken galleons waiting to be discovered by an intrepid explorer in the very latest kind of submarine. Which, in this instance, would be a quantum computer. It’s not only Bitcoin tucked away in these sunken galleons, by the way. There’s half a billion dollars in Ethereum stuck in just one Ethereum address: it’s the address “0”, essentially. In July 2016 someone accidentally sent ETH 1,493, currently worth more than a million dollars to that address. And thanks to the magic of the cryptography, it will stay there until the quantum submarine can uncover it.)

Another third of the Bitcoins are in the hands of the .0001%, the cryptoscenti. Bloomberg estimated that a few hundred people at most own these Bitcoins, but I’ve heard estimates that fewer than 50 people have the lion’s share. These are the people who have every interest in driving the value of Bitcoin higher so that they can cash out at a steady rate. If they dump their coins, that will drive the price down (a row has just been going on about the sale of the Mt. Gox assets for this very reason), so they need a rising market where they can convert Bitcoin to one Lambourghini at a time.

Meanwhile the other millions of Bitcoin peasants scrabble for their share of the remaining third. This distribution makes America look like a kibbutz in comparison and stands testimony to the deranged nature of utopian projections around this “digital gold” for the masses. So, to get to the question that I was asked on Sky News a few weeks ago, what does the Bitcoin market tell us about the future of money?

Nothing.

I’m not sure that the state of Bitcoin, or indeed the history of Bitcoin, tells us very much about the future of Bitcoin or money. It’s not anonymous enough for criminal enterprise on a large scale (and there is every evidence that criminals are turning to crypto alternatives) and it’s not functional enough to be a mass-market medium of exchange. If it is to remain a store of value beyond speculation then it must be useful for something and I’m at a loss as to what that something might be, although I’m perfectly prepared to believe that it’s because I grew up in an era of chip and PIN cards and ApplePay.

Does that mean that we should ignore it? No, of course not. There are many different ways to look at Bitcoin and it deserves study as a much as a social and political phenomenon as it does as a technological and economic one. What’s more, it does tell us something about the future. In yesterday’s Financial Times, Benoît Cœuré and Jacqueline Loh from the Bank for International Settlements (BIS) said that “while bitcoin and its cousins are something of a mirage, they might be an early sign of change, just as Palm Pilots paved the way for today’s smartphones“.

Values, Tokens, Accounts

I agree, but in a slightly different way. I see Bitcoin and its cousins not as prototypes but as a base layer — as shown in this “thinking out loud” picture that I’ve been using to explore these ideas — that will be used by some, but not by most, people to make real transactions in the future. I think most transactions will take place at the token layer, exchanging bearer assets over an efficient (no clearing or settlement) transaction layer. And most of those transactions will be pseudonymous, but some will be linked through accounts to people and organisations. 

Seamless Sydney

So what can we guess about the future of money, given what we have learned so far? Well, as I said in my Seamless Payments presentation what we may have learned is that the token economy is a more accurate pointer toward the future of money than the underlying cryptocurrencies are, because the tokens link the values managed on shared ledgers to the “real world”. There’s a logic to this model of “the blockchain” as the security infrastructure for a token economy and I really enjoyed engaging with the good people of Sydney on this view of the emerging cryptoeconomy.

Digital != crypto != virtual

According to The Daily Telegraph, the Bank of England “could green light its own Bitcoin-style digital currency”. I’m pretty sure that the Bank of England would never use “green light” as verb in any context, but putting that to one side, I was left wondering what they mean by a “Bitcoin-style” digital currency since this is not made clear in the article.  “Bitcoin-style” means what? Uncensorable? Mined in China? 7 transactions per second? High transactions fees? Using more electricity than Poland? Oh wait…

What that article actually says is that a research unit set up by the Bank was investigating the possible introduction of “a crypto-currency linked to sterling”. So not a digital currency, a crypto-currency. That presumably means that the value will be determined by mathematics, not by the Bank of England. Now it all makes sense, except that I cannot imagine why the Bank of England would want to give-up control of Sterling. Oh wait…

Further down, the article says that “a virtual currency issued by the bank” might lead to a revolutionary shake up of high street banking. Ah, now I get it. It will be a virtual currency only used in the internet tubes and not for mundane transactions. This could make sense – a sort of Bank of England “stablecoin” used to reduce friction in online transactions.

Hhmmmm….

It’s all a bit confusing this future of currency stuff, so here’s a handy table I made last year to clarify the differences.

dnb slide

 

I suspect that the Telegraph’s confusion may have arisen because of the tendency amongst management consultants (and others) to conflate the two entirely different kinds of electronic money: a cryptocurrency and a digital currency are very different things. If Mr. Carney were genuinely suggesting that one of the scenarios under consideration by the Bank of England is that it abandons its responsibility for managing the creation of money and instead turns to a cryptocurrency, even if it is a cryptocurrency that is produced as a by-product of a double-permissionless shared ledger spawned by the Bank of England itself, then the value of that currency would not only be beyond political control it would be beyond the Bank’s control and one might imagine the Bank to be somewhat redundant in such circumstances.

On the other hand if Mr. Carney were genuinely suggesting that one of the scenarios under consideration by the Bank of England is that it creates a digital currency, then I say more power to him. A digital currency platform with right APIs in place (providing risk-free, genuinely instant and zero-cost transfers between accounts with final settlement in central bank balances) would be an amazing platform for a Digital Britain. I’d trust the Bank to maintain a Sterling reserve against the digital currency.

Right now, money reaches the public through commercial banks, a practical structure that stems from the retail banks role in providing payment services, but that privileged role is under attack. I might further observe that not only is there no fundamental economic reason why banks should be the dominant providers of payment services, there is no fundamental economic reason why they provide them at all — see, for example, Radecki, L., “Banks’ Payments-Driven Revenues” in “Federal Reserve Bank of New York Economic Policy Review”, no.62, p.53-70 (Jul. 1999) — and there are many very good reasons for separating the crucial economic function of running a payment system to support a modern economy and other banking functions that may involve systemic risk (eg, providing credit).

Marilyne Tolle made this point very clearly a couple of years ago, writing in the Bank of England’s “Bank Underground” that  “the conflation of broad and base money, and the separation of credit and money, would allow the [central bank] to control the money supply directly and independently of credit creation”. You can’t ignore that impact that such a digital currency would have on the commercial banks. Back in 2016, the management consultancy McKinsey said that global payment revenues would be $2 trillion in 2020 and that these payment revenues account for around 40% of global bank revenues! So if payments go away because the central bank provides free, instant transfers between personal accounts, then banks would have to think of something else to do instead.

There’s a good reason why this won’t happen, though, irrespective of bank executives lobbying power and that is that the central bank doesn’t want to do KYC on millions of people, run authentication platforms, perform AML checks, manage black lists and all the rest of it. So here’s a practical suggestion to suit both. Maybe, just like Bitcoin, the central bank could manage accounts that are pseudonymous. The central bank would know that account no. 123456789 belongs to a retail consumer, but not which consumer. It would know that account no. 987654321 belongs to a retailer, but not which retailer. This way the central bank could generate a dashboard of economic activity for the Chancellor to look at when he wakes up in the morning, but not routinely monitor what you or I are up to.

It would be the commercial banks who provide the services linking the pseudonymous accounts to the “real” world (and get paid for doing so). In this construct, your Sterling bank account would just be a pass-through API to a central bank digital currency account (what Marilyne calls the “CBCoin Account”) because my Barclays current account and your Lloyds current account are just skins on the Bank of England instant, free, no-risk Sterling platform (I suggest “BritCoin” as the brand) and the commercial banks can chuck away their legacy retail payment systems and focus on delivering services that add real value instead.

Commercial banks will then have an important, useful and distinct function in society as the vaults that look after identity, not money. I wasn’t the first person to say that identity is the new money, although I may have been the most persistent and annoying, but as time passes it seems to be a more and more accurate description of the future. I imagine that most forward-looking banks already have a digital identity strategy in place and are already developing new products and services to take advantage of this new era, but for those who don’t I’ll post a few ideas on the topic here.

What if S.P.E.C.T.R.E. had Spectre?

Ruh roh, as they say. Google has just published a paper outlining a serious security flaw in, to all intents and purposes, all computers. They knew about it months ago, but they’ve been waiting for Apple, Microsoft and everyone else to issue patches (which, apparently, mean an unavoidable reduction in processing speeds) before making it public. The paper sets out two “exploits” that take advantage of the flaw. These are called “Meltdown” and “Spectre”. They basically allow software to read data from other software that it’s not supposed to be able to, so that one application (let’s say, the hacker) can read data from another application (let’s say, your browser) to steal secrets.

Spectre Graphic with Text      Meltdown Graphic with Text

As you can imagine, there was a great deal of media coverage about this flaw (as there should have been – it’s a huge deal). I happened to see an comment about it on Twitter, in which someone said words to the effect of “thank goodness it was found by don’t-be-evil Google and not by the bad guys”. This is a very misplaced sentiment. In the paper, the researchers clearly state that they do not know whether these exploits have been used in real attacks. Apart from anything else, Google says that the “exploitation does not leave any traces in traditional log files”.

So what if S.P.E.C.T.R.E. actually knew about Meltdown months ago and had Spectre in the Spring? How would we know? If they are really smart, then they’ll carry on stealing our secrets but cover their tracks so that we don’t know that they know. If you see what I mean.

It might be timely to remember the story of the Zimmerman telegram, a story that is mother’s milk to security experts.

You may recall that in 1917, Britain and Germany were at war. Britain wanted the U.S. to join the effort against the Axis of Edwardian Evil. The Kaiser’s ministers came up with some interesting plans: to persuade inhabitants fo the British (and French) colonies in the Middle East to launch a jihad, for example. Another scheme was to persuade Mexico to enter the war on the German side, thus dividing the potential U.S. war effort and eventually conquering it.

(At this point I thoroughly recommend historian Barbara Tuchman’s 1966 account of the affair, “The Zimmermann Telegram”.) 

To execute this dastardly plot, the German Foreign Secretary, Arthur Zimmermann, sent a telegram to the German ambassador in Mexico, Heinrich von Eckardt. The telegram instructed the ambassador to approach the Mexican government with a proposal to form a military alliance against the United States. It promised Mexico the land acquired and paid for by the United States after the U.S.-Mexican War if they were to help Germany win the war. The German ambassador relayed the message but the Mexican president declined the offer.

Naturally, so sensitive a topic demanded an encrypted epistle and it was duly dispatched encoded using the German top secret “0075″ code. And here it is…

The Zimmermann Telegram

As it happens, “0075” was a code that the British had already cracked. Thus, the telegram was intercepted and decrypted enough to get the gist of it to the British Naval Intelligence unit, Room 40. In next to no time, the decoded dynamite was on the desk of the Foreign Secretary Arthur Balfour, the teutonic perfidy laid bare.

Now the British were faced with the same dilemma that faces S.P.E.C.T.R.E. with Spectre. How can you use intercepted information without revealing that there is a security flaw and that you have exploited it? Consider the options:

  • If the British had complained to the Germans, then the Germans would know that the British had the key to their code and they would switch to another code that the British might not be able to break for months, missing much vital military intelligence along the way. What’s more, the Americans would know that the British were tapping diplomatic traffic into the U.S.

  • If they did not reveal the contents, they might miss a the chance to bring the U.S. into the war.

The codebreaker’s clever solution was to leak the information in such a way as to make it look as if the leak had come from the Mexican telegraph company: since the German relay from Washington to Mexico used a different code, that the Americans already knew to be broken, this was entirely plausible.

If you’re wondering what happened, well despite strong anti-German (and anti-Mexican) feelings in the U.S., the telegram was believed to be a British forgery designed to bring America into the war, a theory bolstered by German and Mexican diplomats as well as the Hearst press empire. However, on March 29th, Zimmermann gave a speech confirming the text of the telegram. On April 2nd, President Wilson asked Congress to declare war on Germany, and on April 6th they complied.

The point of this story is that stupid hackers would reveal their hand, but clever hackers would not. So the fact that, according to BBC Radio 4’s “Today” programme, the UK’s National Cybersecurity Centre says there is no evidence that the flaws have been exploited, that does not reassure me! These bugs are big.

“The Meltdown fix may reduce the performance of Intel chips by as little as 5 percent or as much as 30 — but there will be some hit. Whatever it is, it’s better than the alternative. Spectre, on the other hand, is not likely to be fully fixed any time soon.”

From “Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device? | TechCrunch”.

 

Maybe the way forward is to assume that all machines are compromised and not fix them but instead move the security away from the processors – so going back to the idea of having a Trusted Processing Module (TPM) in every transaction, either built in to the processors (like the “Secure Enclave” in iPhones) or as a separate chip in a PC or as a smart card that is connected to the computer when you want to do something. In this, as in so many other things, Brittany Spears is a beacon to the nations. Eleven years ago I used my Britney Spears smart card (which I still have) to log on to her fan club web site securely. You can read about it here

Horizon scanning in good company

My favourite think tank, the Centre for the Study of Financial Innovation (CSFI) in London, where I am honoured to be the Technology Fellow, was asked by the law firm Dentons to put together a series of “horizon scanning” events, each looking at the major factors that will determine the shape of the financial services sector over the next 10-15 years. As part of this series they held a fintech breakfast to look at the world of tech-based challenger banks, P2P lenders, crowd-funding, new payments methodologies, AI, crypto-currencies, blockchain and so forth. I was flattered to be invited to take part, along with Clara Durodié (founder and managing partner of AI outfit Cognitive Finance Group) and Nick Ogden (the founder of ClearBank and, some years ago, the founder of WorldPay).

(In my opinion, Nick is at the heart of the current fintech revolution, the UK-centric whirlwind around open banking and the “platformisation” of financial services, whereas Clara is at the heart of the current regtech revolution, using AI to change the markets themselves. We may be a long way from Terminators and HAL 9000, but the massive AI investments pouring into financial services around the world mean that the technology is going to change the sector soon.)

For what it’s worth, my three main horizon-scanning observations were that:

  1. Open Banking starts in January and I remain convinced it will be far more disruptive than many people think. It is not far-fetched, as Wired magazine observed, that banks might go under because of this. At the risk of sounding like a broken record, this about identity, trust and reputation not money. Obviously, I left it to Nick to talk turkey on this one. He set up Clear Bank to provide building societies, credit unions, other banks and fintech companies with access to all the major payment and card schemes, including Faster Payments and is obviously pretty convinced that open banking is going to provide space for innovation.

  2. AI is an event horizon. In that 10-15 year timescale it is clearly the most important technological trend of the generation and it is impossible to see what is the other side of it. Obviously, I left it to Clara to run a few things up the flagpole here. What I will note is that analysts at Forrester have predicted that quarter of financial sector jobs will be “impacted” by AI before 2020 and John Cryan, the Deutsche Bank CEO, was quoted in the Financial Times in September saying that the bank is going to shift from employing people to act like robots to employing robots to act like people. The impact on employment is obvious, but we cannot hold back the tide so we must take advantage of the changes and begin to explore for new opportunities that can be built around a more productive financial services sector

  3. I wanted to bring something from left field to the discussion, so in addition to these two obvious key trends I spoke about the token and Initial Coin Offering (ICO) marketplace. I think that a regulated and organised token marketplace will be one of the big financial services business moves in 2018 and I’m pretty sure that it will be successful (for a variety of reasons to do with liquidity and the elimination of clearing and settlement).

Nick, Clara and I put forward our thoughts about the longer term. During the discussion that followed, there were a number of questions and comments about the impact of AI on the financial services sector. I think this is in many ways quite unpredictable not only because of the “event horizon” but because of the impending interaction. People tend to think in terms of robo-advisers and chat interfaces, focusing on the use of AI by financial institutions to either cut costs or deliver new services (some of which, of course, we can’t imagine). But, to paraphrase Fred Schwed’s 1940s financial services classic… where are the customers’ bots?

If you think about it, however, the customers will have access to AI as well. The customers smartphones will connect them, permanently, to an intelligence far greater than their own. Thus, if a bank is trying to sell me a mortgage or a credit card or whatever, it’s wasting its time showing me incomprehensible advertisements involving astronauts riding horses through fields of purple daffodils and people singing.

My AI is going to negotiate with the AI of the regulated financial institutions in order to obtain the best product for me. Since I’m not smart enough to choose the right credit card, pension or car loan then clearly I’m going to want my own giant killer robot to take care of things. But which robot? Should I choose the Saga robots or the Virgin Money robots or the best performing robot over the past 12 months or the Google self-taught super intelligent robot that is also the world Go champion?

How the banks’ robots will interact with the customers’ robots is at the same time fascinating and frightening. I’m not sure I really want to be in the loop when the discussion of a pension plan or insurance project is taking place, but I do want some sort of confidence that there’s a regulator in the loop and that should push come to shove, my robot will be out to explain why it made the decisions it did. All in all, what I can see on the horizon is giving my AI access to my account through open banking and then letting it decide which ICO is to invest in.

An island of artificial intelligence

As I’ve written many times (e.g., here), it is difficult to overestimate the impact of artificial intelligence (AI) on the financial services industry. As Wired magazine said, “it is no surprise that AI tops the list of potentially disruptive technologies”. With Forrester further forecasting that a quarter of financial sector jobs will be “impacted” by AI before 2020, there’s an urgent need for the island begin to think about the next generation of financial services and begin to formulate a realistic strategy not only to copy with the changes but to exploit them. It is because the need is so urgent that I was delighted to be asked to give a keynote at the Cognitive Finance AI Retreat in September (Which began with a beach barbecue, something I recommend to conference producers everywhere.)

Beach BBQ

A beach barbecue is always a good idea at a conference.

The event was put together by my good friends at Cognitive Finance working with Digital Jersey (where I am advisor to the board) and they did a great job of bringing together a spectrum of both subject matter experts and informed commentators to cover a wide variety of issues and provide a great platform for learning.

On the first day of the event, political economist Will Hutton emphasised that financial services will be at the “cutting edge” of the big data revolution, pointing out that not only does the sector hold highly personal, highly valuable data about individuals, but that it has more complex oversight requirements than most other sectors.

Clara Durodie, CEO of Cognitive Finance Group kicked off the event by talking about the potential for AI to help to manage the colossal flows of data that characterise the financial sector today and I think she was right to highlight that the use of the technologies presents tremendous opportunities here.

In his superb “Radical Technologies, Adam Greenfield wrote of the advance of automation that many of us (me included, by the way) cling to the hope that “there are some creative tasks that computers will simply never be able to peform”. I have no evidence that financial services regulation will be one of those tasks, so in my talk I suggested AI will be the most important “regtech” of all and made a few suggestions as to how regulators can plan to use the technology to create a better (that is faster, cheaper and more transparent) financial services sector. The strategic core of my suggestion was that jurisdictional competition to create a more cost-effective financial services market might be a competition that Jersey could do well in.

AI as Regtech

Regulation, however, was only one the topics discussed in a fascinating couple of days of talks, discussions and case studies. The surprise for me was that there was a lot of discussion about ethics, and how to incorporate ethics into the decision-making processes of AI systems so that they can be accountable. I hadn’t spent too much time thinking about this before, but I was certainly left with the impression that this might be one of the more difficult problems to address and talking with very well-informed presenters. Listening to experts such as Dr. Michael AikenheadKay Firth-ButterfieldDr. Sabine Dembrowski, Andrew Davies and many other leading names in finance and AI left me energised with the  possibilities and intrigued by the problems.

AI is an event horizon for the financial services industry. With our current knowledge, we simply cannot see (or perhaps even imagine) the other side of the introduction of true AI into our business. But we can see that our traditional “laws” of cost-benefit analysis, compliance and competition will not hold in that new financial services space, which is why it is important to start thinking about what the new “laws” might be and how the financial services can take advantage of them.

The smart money

Writing in the Bank of England’s “Bank Underground” blog, Simon Scorer from the Digital Currencies Division makes a number of very interesting points about the requirement for some form of Central Bank Digital Currency (CBDC). He remarks on the transition from dumb money to smart money, and the consequent potential for the implementation of digital fiat to become a platform for innovation (something I strongly agree with), saying that:

Other possible areas of innovation relate to the potential programmability of payments; for instance, it might be possible to automate some tax payments (e.g. when buying a coffee, the net amount could be paid directly to the coffee shop, with a 20% VAT payment routed directly to HMRC), or parents may be able to set limits on their children’s spending or restrict them to trusted stores or websites.

From Beyond blockchain: what are the technology requirements for a Central Bank Digital Currency? – Bank Underground

If digital fiat were to be managed via some form of shared ledger, then Simon’s insight here suggests that it is not the shared ledger but the shared ledger applications (what some people still, annoyingly, insist on calling “smart contracts”) that will become the nexus for radical innovation. They bring intelligence to money, and some people think this is more revolutionary than it first appears. One such person is Eric Lonergan. Eric is someone I always take seriously. He’s a hedge fund manager, economist and writer. He wrote a great book about money, called Money, and he is a source of clear thinking on many issues around this central topic of shared interest. Here’s what he had to say about Bitcoin recently.

The most significant innovation in Bitcoin is not blockchain, nor the fact that it is a non-state-backed electronic currency. It is truly ground-breaking because it is the first ‘intelligent’ money. An ‘intelligent money’ is one which self-regulates.

From Intelligent money & valuing Bitcoin – Philosophy of Money

Quite, but this form of intelligence is only one kind and the Bitcoin self-regulation is only one kind of self-regulation. There are some truly surprising possibilities once you add general-purpose programmability. I have bored people to tears repeatedly with my standard four hour lecture about why the incorrectly labelled “smart contracts” will be the source of real innovation in the world of cryptocurrency and, indeed, why one of the first uses of those smart contracts (ICOs and tokens) will be much more important to the world of financial services than, say, Bitcoin. But that kind of self-regulation may not be the only thing that intelligent money does. Eric goes on to say that:

‘Intelligence’ could also embed social goals – for example the currency could self-regulate the activities for which it is used, perhaps even rewarding or punishing activities contingent on their social impact. In extremis, I imagine we will have a currency which is fully intelligent, gathers data and evolves its own rules of distribution and growth. .

As you will deduce from the subtitle of my recent book “Before Babylon, Beyond Bitcoin – From money that we understand to money that understand us” I agree. What’s more, as Eric says, “my sense is that it [intelligent money] is inevitable – indeed it could be the basis of an edge for digital currency over existing state-backed money”. That’s a pretty interesting statement from someone who is a thorough student of money. If he is right, and money becomes more closely connected with the social goals of the communities that it serves, then the future of money will look very different from both the Washington Consensus and Star Trek (that is, there won’t be a “galactic credit” or whatever, but very many different kinds of money).