California Bar Exploring Opportunities To Deploy AI

The agency is examining how artificial intelligence could help it review misconduct complaints and administer the bar exam.

The State Bar of California has started wading into the artificial intelligence waters.

The agency is exploring ways AI could help bolster the efficiency of its attorney discipline system and assist with administering the bar exam.

The bar recently entered into a contract with the MITRE Corporation to help it develop and evaluate algorithmic processes for identifying whether aattorney misconduct complaint could be closed without investigation.

State Bar Executive Director Leah T. Wilson said if an AI tool can be crafted to help the bar more speedily review whether to close or investigate complaints, it would reduce the administrative burden on staff. That in turn would allow the bar to shift its “human resources to other parts of the case processing continuum,” Wilson said.

Freeing up staff to assist with serious allegations of lawyer misconduct could be beneficial in light of the state auditor’s recent recommendation that the State Bar not hire as many new employees for its discipline unit as desired.

Wilson said an AI tool could also assist in ensuring a level of consistency and standardization in the bar’s review of the roughly 16,000 attorney misconduct complaints it receives annuallyThe technology could be especially helpful amid a nearly 60 percent increase in complaints made to the bar in recent months, a bump that has come amid the agency starting to accept online complaints.  

It was the transition last fall to permitting online complaints that allowed the bar to even contemplate an AI tool for reviewing such filings, according to Wilson.

She stressed that the MITRE project is in the early stages, and the bar will closely examine the effectiveness of the tool developed.

“If it’s not reliable to a very high degree of statistical significance, we couldn’t implement it,” Wilson said.

The bar’s $90,000 contract with MITRE, which was signed last month, calls for the company to complete its work on the project by mid-October.

Meanwhile, the State Bar is planning to use AI to help it administer the First-Year Law Students’ Examination, known as the “Baby Bar.” Law students completing their first year of law study at an unaccredited law school or through the Law Office Study Program are among those who must take the test.

At two of the sites where the Baby Bar will be given next month, the bar will be piloting the use of AI proctors for the essay portion of the exam that is taken on computers, Wilson said.

Live proctors will be there as well to ensure things go smoothly and to respond if the AI software alerts them to any patterns of eye movement or gestures out of the norm for test takers.

“If all goes well, it is our intention to deploy AI proctoring for the July bar exam,” Wilson said.

The bar began exploring AI proctoring because it struggled last year to attract enough proctors to administer the exams it gives to prospective lawyers.

Wilson said there will still need to be some human proctors present at future exams for security purposes and to help with any issues that arise, according to Wilson. But she said a successful pilot of AI proctoring would reduce the overall need for human proctors moving forward. 

On both the bar exam and attorney discipline fronts, Wilson said the bar is seeking to strike the right balance between being forward-leaning while protecting against the risks that arise with the deployment of new technologies.

I think it is the responsibility of good government everywhere to figure out how we can take advantage of technology to improve the services that we provide to the public,” she said.

Separate from the initiatives mentioned above, a bar task force is actively working to identify regulatory changes that would provide members of the public with greater access to legal services through technology, such as AI. The next meeting of the Task Force on Access Through Innovation of Legal Services is Monday, May 13.

*This article first appeared on Evolve the Law. 


California Bar Task Force Weighs in on Utility of Legal Tech Tools

There are more than 320 digital legal tools designed for use by non-lawyers in the U.S., but access to justice expert Rebecca Sandefur says the potential for the technologies to assist Americans with their civil justice problems has largely gone unrealized.

“Most of the tools that exist right now are neither efficiently scalable nor legally empowering, but there’s no reason it has to stay that way,” Sandefur said this week.

The associate professor at the University of Illinois at Urbana-Champaign was speaking during a Monday meeting of the State Bar of California’s Task Force on Access Through Innovation of Legal Services.

The 23-member panel is charged with “identifying possible regulatory changes to enhance the delivery of, and access to, legal services through the use of technology, including artificial intelligence and online legal service delivery models.”

Sandefur told the group that one promising digital legal is JustFix, a free app that allows tenants in New York to notify their landlord of issues needing repair.

The app has a tenant go through a room-by-room checklist and upload photos, as well as other information, to document habitability problems. The tool then uses a lawyer-approved template to send a certified letter to the tenant’s landlord outlining the concerns that need to be addressed to comply with housing codes.

“There are very few things like this, but obviously there is a lot of potential here to work on specific problems in a focused way,” Sandefur said.

She said one reason there are not many effective tools was developers’ fears of facing unauthorized practice of law allegations.

“Right now, the reason most of these tools are terrible is because there are deep concerns in the community of developers that you are going to go after them if they create a tool like JustFix that does something useful because it’s nudging up against the edge of giving legal advice,” Sandefur said.

She said those fears were being driven by one of two things: either the developer community does not have a proper understanding of what constitutes legal advice, or the restrictions on unauthorized practice of law are too stringent.

If the bar task force determines California’s unauthorized practice of law regulations are too restrictive, Sandefur encouraged the panel to carefully consider ways to relax them so that tools helping consumers with their civil justice problems “can be useful, as well as used.”

Task force member Lori Gonzalez said she certainly would like to see the bar make it easier for non-attorneys to innovate in the legal tech space.

Gonzalez noted that lawyers “by personality are abnormally adverse to risk, which is the opposite of what you need to be an entrepreneur or to push innovation.”

The task force is charged with reviewing the consumer protection purposes of the prohibitions against unauthorized practice of law (UPL) and “the impact of those prohibitions on access to legal services with the goal of identifying potential changes that might increase access while also protecting the public.”

The panel is also examining alternative business structures, multidisciplinary practice models, lawyer advertising, and fee splitting. The task force is slated to submit its final recommendations to State Bar’s Board of Trustees by the end of 2019.

Sandefur said the discussion at the task force meeting left her encouraged about the group’s efforts, and she told the panel they had a terrific opportunity to make a nationwide impact in this arena.

“If California does something good, it helps a whole lot of people,” Sandefur said. “But it’s also a great model for the rest of the country, so I’m delighted that you are starting to work on this.”

*This article first appeared on Evolve the Law


Artificial Intelligence in Regulatory Technology (RegTech) – 5 Current Applications

Last year, Boston Consulting Group reported that banks were tracking three times as many individual global regulatory changes as compared to 2011. The report added that these institutions were averaging 200 regulatory revisions per day in 2017.

RegTech often refers to the use of cloud computing technology through software-as-a-service (SaaS) with the aim of helping businesses conform to regulations faster and less expensively. In this piece, we aim to explore current applications of artificial intelligence in the RegTech space and coax out the broad segments under which they can be classified.

Through our preliminary research, we identified the following three major application segments for AI in regulatory compliance:

  • Stress Testing for Financial Forecast Models
  • Automation for Tracking and Monitoring of Regulatory Changes
  • Machine Learning for Enterprise Email Filtering

Below, we will highlight five companies that offer AI services for regulatory compliance from each application segment. We will also go into more details about how AI vendors are helping financial enterprises manage their regulatory processes by looking at use-cases and examples.

We distill the applications for each company with the aim of exploring how AI is being used for RegTech today and how can enterprises augment the capabilities of their compliance teams.

Stress Testing for Financial Forecast Models


California-based Ayasdi, founded in 2008, claims to offer big data analytics and artificial intelligence services. The 120 employee company was co-founded by Gunnar Carlsson, Professor Emeritus in the Department of Mathematics at Stanford University, and CEO Gurjeet Singh who previously earned a PhD from Stanford in computational and mathematical engineering.

Ayasdi claims that their artificial intelligence platform, Ayasdi’s Model Accelerator (AMA) can help enterprises in financial services to predict and model regulatory risk. The company also claims that their platform can achieve this by using machine learning to find hidden patterns in historical financial data or for forecasting revenue data. The company claims it could help banks in the following ways:

  • Establish and adhere to regulations for anti-money laundering (AML). The company claims this may be particularly challenging for banks and that non-compliance can potentially result in fines of over tens of billions of dollars.
  • Help banks to automatically monitor customer transaction data to identify anomalies and ensure that they are compliant with regulatory requirements..
  • Help global banking clients reduce false positive rates in fraud detection as compared to traditional rule-based methods used by most banks traditionally, while still identifying a similar number of suspicious activity reports.

Below is a video from Ayasdi where Senior Data Scientist Jesse Paquette demonstrates and explains how the platform might be used for fraud detection applications:

Ayasdi reports that it’s platform runs on a Topological Data Analysis (TDA), which was developed for a project funded by DARPA

Below is short 2-minute promotion from Ayasdi where its core team members explore how the platform might be beneficial to enterprises in different applications:

Our preliminary research led us to two case studies from which we discuss their collaboration with Citi Group in further detail. According to a 2017 case study from Ayasdi, the company was chosen by Citi to help create justifiable models of Citi’s revenue and capital reserve forecast to pass the Federal Reserve’s Comprehensive Capital Analysis and Review (CCAR) process (which was initiated after the 2008 financial recession to a bank’s financial foundation).

Before working with Ayasdi to improve it’s capital planning process, Citi had failed the first two out of three annual CCAR stress tests. Ayasdi’s first steps with the company involved using subject matter expertise from the leaders of the bank’s business units regarding to review some of the banks macro-economic variables like revenue and capital reserves as stipulated Federal Reserve.

Ayasdi claims the machine learning platform was then used to correlate the impact of these variables on each business unit’s monthly revenue performance over a six-month period and models were developed to predict the future performance of these business units. Lastly, Ayasdi claims that the business unit heads were once again roped in to evaluate the predictive model final performance.

According to Ayasdi, streamlined Citi’s nine-month process requiring hundreds of employees to a three-month process, utilizing less than 100 employees.

Along with Citi, the company has also worked with HSBC for an anti-money laundering application. An Ayasdi brochure also claims that one of the Top 3 Nordic Banks used the AMA platform to predict the probability of default models for mortgages, identified strong and weak fit areas, and adjust their models with targeted fixes. The brochure did not go into further detail about this client’s use of the program.

Automation for Tracking and Monitoring Regulatory Changes


London-based CUBE, was founded in 2011 and claims to offer a RegTech platform that can help businesses cut regulatory costs and minimize risk of non-compliance. The 94-employee company claims their platform can assist in predicting compliance risk, automating AML, Know Your Customer (KYC) and Cyber/information security processes.

CUBE states that the platform uses machine learning to help enterprises to automatically keep track of global regulatory data and prompt alerts by detecting regulatory changes that pose a compliance risk. The company claims it has created a regulatory ‘data lake’ that covers the regulations for financial services organizations across the globe. We, however, could find no evidence of how extensive their database is.

Below is a four-minute interview from the International Compliance Association where CUBE Founder and CEO Ben Richmond explores the role of AI in managing regulatory risks and details how CUBE is applying AI to this problem:

According to CUBE’s website, some ways in which enterprises might benefit from CUBE’s regtech platform include:

  • Helping Identify global regulations and compliance requirements and automatically keep track of any changes to these regulations.
  • Enterprises might identify in real-time internal regulatory gaps in policies and procedures
  • Businesses engaging in cross-border selling might use the CUBE platform to gain an understanding of the rules and regulations for business across borders and build controls into internal company procedures.

During the 2nd annual DIT UK trade mission to Empire FinTech Week in April 2018, the Department of International Trade (DIT) in the United Kingdom chose CUBE as one of the 15 “UK-based FinTech startups” for actively entering the US market as part of the official delegation from UK to engage with US regulators to reduce barriers to doing business.

CUBE’s current CEO Ben Richmond is a 20 year veteran in the technology sector, specializing in better leveraging unstructured data. Richmond is also the Chief Executive of the International RegTech Association (IRTA).

We could not find any details on how CUBE’s RegTech platform analysed regulatory information from their data lake to prompt compliance actions to their clients or any evidence of robust case studies. is a Silicon Valley startup founded in 2016 with around 26 employees. The company has launched a platform that they claim uses machine learning to improve search, monitoring and tracking of regulatory content relevant to financial organizations. states that the platform’s Team Edition might enable banks and other financial institutions to automate research, as well as track financial regulatory content and regulatory updates in one place. also says its platform curates financial regulatory content from sources like federal and state-level regulatory agencies, executive orders, whitepapers and news media.

Leadership level executives at banks might work alongside a team from to help them understand their global and individual jurisdictional presence, according to the company. The platform can then be integrated with the banks existing systems and can potentially prompt compliance officers at the bank with alerts for compliance risks after cross-checking its curated database.

Below is a one-minute video from giving an overview of how their platform claims it can help financial institutions:

According to the company, financial institutions might apply Compliance AI’s platform in these ways:

  • To keep up with regulatory changes by using “expert-in-the-loop” machine learning models to comb through regulatory content. The company claims Compliance.ei can automatically classify this content to find high-risk compliances and then send a suggested action to the bank’s compliance officers.
  • Compliance officers at an enterprise might choose integrate the platform within an existing compliance team’s digital infrastructure to automatically collect and curate financial regulatory data. The company claims that this could insure that no new regulatory rules are being infringed upon.

In a testimonial, Illeana Falticeti, VP of Compliance at Cloud Lending Solutions said, “Managing and optimizing  time, resources and skills management are the challenges where products like may help financial services players with.” She notes her experience with the platform in the video below:

In one case study, claims to have worked with the Bank of Marin (Headquartered in California) to help automate the banks’ regulatory tracking processes which was previously done manually by compliance officers.

According to the case study, the bank’s compliance officers would constantly track regulatory changes from the websites or newsletters of its regulatory bodies such as the Federal Deposit Insurance Corporation (FDIC) and state regulators like the California Department of Business Oversight. claims that its platform was able to automatically identify the most relevant compliance requirements from an ocean of regulatory information from multiple state and federal sources. Although claims that the Bank of Marin realized a return on investment in terms of time spent for compliance employees, no further data on the cost of the integration or its end results could be found. CEO and Co-founder Danielle Deibler is also the Co-President of the International RegTech Association (IRTA) in the Bay Area and has previously worked with mobile application development. We could not find anyone with robust experience in AI development in the executive leadership team at, although according to their LinkedIn page, three employees specialize in data science and machine learning.

Text IQ

Text IQ is a San Francisco-based AI startup founded in 2014. With roughly 32 employees, the company offers risk and compliance software for enterprises, law firms and government agencies which the company claims uses machine learning to identify sensitive and compromising in big data (like internal business data records).

Text IQ offers a platform tailored for Chief Compliance Officers. The company claims it combines natural language processing with relationship analysis and aims to narrow down document sets to manageable sizes for human officials to review.

Here are a few examples of how Test IQ claims the platform can be used:

  • The chief compliance officer at a financial institution might be able to cut down the time spent in keeping track of FCPA, GDPR, anti-money laundering or insider trading risks by ‘summarizing’ only the relevant regulatory content from all the authorities into a document that can be reviewed by a human officer.
  • A consumer goods manufacturing company might be able to find systemic behaviors in employee work patterns that are in violation of the law or internal policies leading to regulatory infringement.

During our preliminary research we found no evidence of successful case studies from enterprises using the Text IQ platform specifically for regulatory compliance although there seems to be some evidence that Wendy Riggs the senior manager of eDiscovery and litigation operations at Twitter Twitter was interested in a demonstration from Text IQ for using their platform in an eDiscovery application.

Text IQ was co-founded by CEO, Apoorv Agarwal who earned a PhD in computer science from Columbia University in New York. The company also claims that over 70 percent of its team are either PhD or master’s degree holders in computer science, however, we could not confirm this through research on the company site, Linkedin or Crunchbase.

Machine Learning For Enterprise Email Filtering

Tessian (formerly CheckRecipient)

According to the General Data Protection Regulation (GDPR) regulations in Europe, enterprises can be fined up to 20 million euros or four percent of their annual global turnovers for infringing on data security laws, including instances like misaddressed or unauthorized emails.

London-based Tessian, founded in 2013 provides an enterprise email security platform which the company claims uses machine learning to help prevent sensitive emails in an enterprise from being sent to the wrong person. The 58 employee company claims their platform can potentially detect emails that may lead to data loss (example – misaddressed emails) or a data security threats (emails to unauthorized accounts).

Tessian claims that their platform can analyze historical enterprise email data (such as the records of all the incoming and outgoing emails sent by a particular team or employee) and ‘understand’ patterns in email behavior of employees (such as regular emails with sensitive information to persons external to the company) to devise security filters.

According to the company, once these patterns are recorded, the platform monitors outgoing emails of employees and can potentially spot anomalies like, “recipient looks unusual for the context of this mail,” or ‘top secret project data detected in this email.” Employees can then ensure that there are no breaches to data security more efficiently.

Abhirukt Sapru, the head of business development at Tessian, explains how the platform might help enterprises with email security in this interview with Information Security Media Group(ISMG).

Taylor Vinters, a law firm in the UK, used Tessian’s platform to ensure that the company’s data security was in alignment with the GDPR regulations which included preventing email breaches proactively.

Steve Sumner, Director of IT at Taylor Vinters, explains in the video below that the law firm needed to upgrade their email security since traditional rule-based security in Microsoft Outlook (which they previously used) was time-consuming and inefficient.

Tessian claims that Com Laude, a brand protection and corporate domain name management services provider, used the platform to implement a regulatory framework for their internal communication policies. No further details of the case study, including how long the integration process was or other quantifiable end-results, could be found.

Tessian was founded by Tim SadlerEd Bishop and Tom Adams, all of whom were graduates from Imperial College London. We were unable to find evidence of the Tessian leadership team’s robust academic or business experience with artificial intelligence in the past.


Our research concludes the following themes:

  • Artificial intelligence applications in RegTech are in their infancy today although regulatory compliance is ripe for automation through AI, as evidenced by the emergence of many startups and AI vendors in the space.
  • The major applications today seem to be around using predictive analytics to stress test a company’s business performance under different market conditions, automatically tracking compliance requirements and establishing an email monitoring and filtering systems.

We also took note of two themes that business leaders may be interested in:

  • Data security regulations have been steadily getting more strict and with the recent GDPR mandate in the EU, businesses can expect that data security norms might get tighter in the future.
  • AI use-cases in RegTech are still few in number and the next two to five years might see the emergence of many established AI applications – just as was seen for AI applications FinTech.

*This article first appeared on Emerj.

Interested in the impact of new technologies on regulation? Get involved at this year’s annual conference. Contact Jim McKay ( to become involved as a speaker or session moderator. 


The implications of AI on legal regulators and how they can use it

At last year’s ICLR Annual Conference in The Hague, ICLR member came together to present on the implications of AI on legal regulators and how they might harness this technology to their advantage. Panelists drew from input from ICLR members and how their own institutions were engaging with Artificial Intelligence, as shown in the infographic below:

The presentation cover various aspects, including:

  • What is Artificial Intelligence? … And what it isn’t: Steve Wilson, Standpoint Decision Support
  • What are the Potential Risks to be Managed: Bridget Gramme, Center for Public Interest Law at the University of San Diego School of Law
  • How Legal Regulators can use AI: Crispin Passmore, Solicitors Regulation Authority
  • Getting into Artificial Intelligence: Alison Hook, Hook Tangaza

You can access the full presentation here:  ICLR Artificial Intelligence Presentation

Interested in the impact of new technologies on regulation? Get involved at this year’s annual conference. Contact Jim McKay ( to become involved as a speaker or session moderator. 


How can Blockchain and other Consensus Driven Cryptographic Technology be Regulated?

Some participants in the crypto/blockchain/DLT industry actively invite regulatory oversight but policy considerations and the usual patterns of legal and regulatory development can mean that wanting to be regulated is not always the same as being able to be regulated.

In the Hong Kong Lawyer, Syren Johnstone examines aspects of the technology that make it difficult to regulate the primary and secondary market, while at the same time allowing industry development without it being affected by fraud and abuse, or being used to service money laundering and other criminal purposes. It concludes by suggesting the policy approach that regulators should take to this new technology.

*This article first appeared in the Hong Kong Lawyer

The technology is the starting point

In 1988 Tim May famously stated “Computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner. Two persons may exchange messages, conduct business, and negotiate electronic contracts without ever knowing the True Name, or legal identity, of the other.” Today, that has become a reality in a developing digital ecosystem that is being built on cryptographically secure consensus technology (“CCTech”) that forms the basis of blockchain and distributed ledger technology applications.

CCTech enables qualitatively different boundaries of commercial activity than was previously possible. It holds the promise of enabling new ways of undertaking existing commerce that provide efficiency gains, as well as generating new types of commercial activity. The first peer-to-peer version of electronic cash created on 3 January 2009 (Bitcoin), has been followed by other cryptocurrencies, digital tokens that provide access to some service or utility or operate as a security (see Hong Kong Lawyer, March 2018 “ICO Utility Tokens and the Relevance of Securities Law”), and smart contracts (collectively, ”cryptos”).

Industry growth has involved developers tapping into the highly regulated public capital market in ever-larger offerings. A secondary market facilitated by crypto exchanges has emerged. This is creating significant challenges to regulatory agencies to define how existing laws and regulations might apply.

Establishing a sustainable regulatory approach is complicated by features of CCTech still undergoing transformational evolution that pose novel challenges to regulatory policy making and raise fundamental questions about what regulatory oversight might look like, and to what it should attach.

The prospect of regulation

On the prospect of oversight by regulatory agencies, the crypto-industry continues to express its voice in a partisanly manner. There are those who see independence from oversight as a necessary expression of political freedom, or advocate that the industry should not be subjected to any oversight other than by the community participating in cryptos. Other participants in the industry wish to take advantage of the current situation by moving to the lowest commercially viable legal standard or jurisdiction.

There are also those who actively seek to be regulated as a means of being accepted into mainstream commercial activities and validated as a legitimate activity, and to foster the industry by directing it to applications benefitting society. Some see regulation as a competitive advantage over others who are ill-equipped, or inadequately funded, to cope with the anticipated burden of regulatory oversight. However, policy considerations and the usual patterns of legal and regulatory development can mean that wanting to be regulated is not always the same as being able to be regulated.

Regulatory agencies have to date primarily applied existing regulatory standards to the industry where they can. There is a general sense that this will not be enough to facilitate industry development while also dealing with the risk of fraud and consumer abuse. There are also real concerns that the anonymity provided by CCTech could be used by bad actors to further criminal purposes.

The primary hurdle for regulatory clarity is sometimes said to be the legacy system of laws, regulations and financial and commercial practices that have been established in a pre-CCTech era. Industry requests for regulators to specify the features that would determine which regulatory silo a crypto belongs to (money, security, futures contract, commodity, or other) oversimplifies the new context presented by CCTech and underestimate the related policy considerations.

Primary market activity thus remains governed by a singular question: is the crypto a security? This leaves CCTech developers cum promoters to resolve questions that lawyers and regulatory agencies cannot currently clearly define other than by reference to broad functional concepts, or narrow established categories, raising the danger of ex post regulation.

The development of taxonomies that seek to map cryptos onto existing securities laws as a means of assisting regulatory clarity has become a mini-industry. However, these often “solve” the problem without changing the underlying assumptions about how existing laws securities laws apply. As such they are essentially recursive and achieve very little. It is of course somewhat paradoxical to address something new by treating it as though it were something old.

In contrast to the situation in the primary market for securities, regulators in the UK and the U.S. have permitted a futures market to evolve around cryptocurrencies (Bitcoin, and recently Ether). The court in CFTC v. McDonnell, et al. (18-CV-361, 2018) has confirmed the oversight powers of the U.S. Commodity Futures Trading Commission (“CFTC”) in this regard. Although many in the industry perceive regulatory oversight as abhorrent to the essence of CCTech, regulatory oversight of the futures market has enabled the development of financial products within an established regulated infrastructure that has facilitated the perception of cryptocurrencies as a valid asset class to gain exposure to. Importantly, it means that investors are brought within a context subject to safeguards imposed on regulated intermediaries.

Building blocks

Regulation of the financial services industry in the modern era is based around three primary choke points concerning products, venues and acts. These assume some form of intermediation via markets, brokers and advisers. Regulation has already had to adapt in response to technology that displaces human involvement, such as algorithmic trading and robo-advising, where sentience ceases to form part of the regulated act but rather is embedded in the coding that enables the act to be undertaken.

CCTech presents additional difficulties. There is a venue, but it may be only exist in a code supported on a network of participants. There is an act, but that may take place without intermediation other than the non-sentient operation of a code operated over a network in which the creator no longer has a role. There is a product, but there is a recognised lack of clarity as to how to characterise a crypto for the purposes of regulatory silos. CCTech enables venue, act and product to be collapsed into the operation of code via distributed networks, decentralised and dis-intermediated arrangements, and smart contracts.

The possibility of undertaking commercial activity on a decentralised, peer-to-peer basis represents a qualitatively different kind of issue for regulatory agencies. At some point, adaptability may be challenged to the extent that existing regulatory tools which have developed around centralised, intermediary-based systems may to some extent be rendered obsolete, raising questions as to the continued viability of existing legal silos and traditional choke points, and giving rise to policy concerns.

Even if basic problems were solved about which or whether a law applies to a crypto, or at what choke point to apply it, there remain problematic areas. Regulation proceeds on the basis that regulation is possible but CCTech does not, at the present point in time, provide some of the usual building blocks that enable the meaningful implementation of regulatory objectives.

This includes an assortment of investor protection and market integrity considerations, such as: integrity of ownership and integrity of transactions, issues related to account management including proof of ownership to public audit standards, custody and segregation, how record keeping is to be undertaken, how exchange regulation might work, the ability to assert market transparency and market abuse protections, how money laundering risks are to be addressed.

To this can be added technical issues that the industry is actively trying to solve, many of which potentially give rise to legal issues and have implications for investor protection and market integrity. These often require an appreciation of how the science and technology operate and their weak points such as how they might be gamed by bad actors. They include: the management of keys and wallets, the risk of consensus hijack, denial of service attacks, double spending, scalability, code governance controls and cyber security challenges.

Disclosure is another building block. Key disclosures might address: does the underlying code do what it is expected or promised to do, is the governance of the code appropriate (such as agreeing on roll-backs), has it been properly written so that it is free of bugs that might facilitate hacks or other problems, has the security protocols been properly implemented, is the crypto scalable to benefit from network effects. Not all codes are the same in this regard and coding errors have caused significant problems in the past, yet there are no established standards for audits of code writing.

Not all problems are adequately managed by merely releasing information. Positive action is sometimes required. This can take the form of an industry regulating itself via standards and best practices, but the industry is in its nascent stages in this regard. An area of development to watch is the standards being developed by the International Organisation for Standardisation in their ISO/TC 307 programme. Nine new projects concerned with blockchain and DLT are currently in their proposal or preparatory stages.

Resolving some of the above building blocks is therefore a precursor for effective, granular regulation to develop. Solutions are likely to come from the technology itself as it develops in response to regulatory expectations. This may serve to facilitate the development of regulatory technology, which presents opportunities for creating avenues within the underlying CCTech code for interactions between the actors involved in any crypto generation or exchange, any buyer of a crypto, and regulatory agencies.

One of the inherent difficulties of addressing the regulation question is the reality that the industry is in its early stages of maturation. Core concepts are still subject to significant debate, the potential technological implementations of the science remains in a discovery and development phase, and the prospects for commercial use cases of CCTech is still evolving. This makes the policy formation that leads to regulatory implementation difficult as these conditions increase the risk that regulations are made only to see the industry change under it, or regulations are made that capture the wrong family of acts – in either case the policy objectives are missed.

The dynamics that animate regulatory change are subject to two related overarching considerations: to what extent is meaningful regulation possible and, if it is, how and when should regulatory oversight be imposed? Regulatory intervention that is too early, too heavy, or misses the target runs the risk of slowing the growth of the industry and damaging the beneficial prospects it offers to commercial activity and society more generally.

The technology is also the end point

The present state of regulatory uncertainty creates risks to the industry itself. It increases the cost of industry development because raising capital in an uncertain legal environment gives rise to increased liability risk. To this can be added the risks (including attendant industry costs) already observed in traditional capital markets (primary and secondary) that include fraud, money laundering, theft, mis-disclosure, manipulative practices, internal control failures, misfeasance, and adequate custody and handling of money, or securities or other assets belonging to another.

Whatever regulatory controls might be put in place, the reality is that the nature of CCTech presents a fundamental obstacle to oversight control because of the possibility – and consequences – of an alternative means of undertaking commerce on Internet-based networks that does not require the involvement of a regulated financial institution that intermediates transactions.

The intractable problem created by CCTech is how to bring cryptos within an appropriate oversight mechanism given its particular technological capability to subvert – unmeasured oversight control runs the risk of achieving the opposite effect of driving activity further out of sight. The proposal by the United States Treasury’s Office of Foreign Assets Control (“OFAC”) that it may add digital wallet addresses to its SDN List was criticised for just that. This reflects the anarchic potential of CCTech that is crucial for regulators to fully grasp if regulation is to be successfully developed. Regulatory agencies may need to look for ways of bringing oversight to the industry by using strategies different to those previously employed.

Actors in the industry seeking to be regulated are doing so for a number of commercial reasons including validation and legitimacy, the usual assurances provided to the market by regulatory oversight, industry risk reduction, and access to a larger pool of capital. It is proposed that these reasons can be engaged to make regulation a desirable option.

In short, the best way to establish regulation may be to make it attractive. That may not be a regulatory end-point but a point from which regulators can begin to better work with the industry. For that dynamic to work, it is essential that oversight controls do not undermine the opportunities that cryptos offer to new ways of engaging in commercial activity. Regulations must be based on outcomes that are independent of specific technologies and activities, such as fair disclosure, industry standards, and accountability for wrongdoing. Care must be taken that oversight controls do not to operate as anti-competitive tools.

The range of relations that CCTech can possibly create, and the behaviours in the market once they are created, are at once simulacra of human commerce and a potential further development of it. It remains to be seen whether the current trajectory of regulatory thought and action is working toward supporting the efficient allocation of risk and industry development, wherein capital finds projects that offer, and have a reasonable prospect of delivering, economic and social improvement.

Interested in the impact of new technologies on regulation? Get involved at this year’s annual conference. Contact Jim McKay ( to become involved as a speaker or session moderator. 


Education and Training in Ireland

In response to the report on Education and Training in Ireland published on 19 November by the Legal Services Regulatory Authority (LSRA), the Law Society of Ireland has launched the Peart Commission Report, developed by an expert group chaired by Mr Justice Michael Peart of the Court of Appeal.

The report contains 30 recommendations setting out a vision for the future of solicitor training in Ireland. Law Society of Ireland Director General Ken Murphy said, ‘training solicitors to meet any and all challenges they will face in their careers is some of the most important work the Law Society does. Mr Murphy explained, ‘implementing the Peart Commission recommendations will have several benefits. It will further increase access to the profession for trainees across diverse educational, professional and socio-economic backgrounds and ensure the Law Society maintains its prominent position as an innovative professional legal educator globally.’ He added, ‘the Law Society’s education model is deeply rooted in the public interest and focussed on the future.’

Law Society Report Available Here

LSRA Report Available Here*

*This report was required by the Legal Services Act 2015 and is the first step in a comprehensive review which will involve further public consultation in 2019.

3 Female Lawyers Tackling Jurisdiction to Define The Cryptocurrency Ecosystem

Stable coins, the rise of custodial solutions and the recent announcement of Fidelity launching an institutional platform for Bitcoin and Ethereum are all designed to make it easier for institutional investors to partake in the cryptocurrency market.

Yet a number of questions arise as the cryptocurrency ecosystem continues to expand its reach to traditional financial markets. Trust must be built among new market participants, countries leading innovation need to respond to legal concerns and actions should to be taken to pave the way for both accredited and non-accredited investors to step foot into the cryptocurrency market.

As a result, lawyers specializing in cryptocurrency related matters have become key players for ensuring the success of the global adoption of digital assets. Three women lawyers in particular are taking action to help define legal uncertainties currently facing the evolving crypto ecosystem.

Read the full article here

*This article first appeared in Forbes magazine. 

New Skills for New Lawyers: Responding to Technology and Practice Developments

The legal profession is facing a convergence of forces, most notably significant advances in the capabilities of technology, economic pressures challenging existing business models and globalisation, that herald momentous change to the practice of law. In Australia the lead in seeking to understand these developments and formulate responses has been taken by the Law Society of New South Wales and its report on the Future of Law and Innovation in the Profession (FLIP). The Law Society conducted a commission of inquiry which culminated in the recognition of skills or areas of knowledge that were identified as essential for the successful future practice of law. In short, this involves two main inter-related streams of knowledge: first, the ability to understand and employ technology, and second a collection of skills that result in a “practice-ready” graduate, namely: • Practice Skills (both interpersonal skills and professional skills) • Business Skills • Project Management • Internationalisation and Cross-Border Practice of Law • Inter-disciplinary experience • Resilience While technology is in many ways the ‘headline act’ there are also a range of other skills that are required because of the changes technology is facilitating and the need for lawyers to focus on what is central to their role or truly provides value to the client. This article discusses and elaborates on the findings of the FLIP inquiry in relation to legal education.

Paper Available Here

Michael Legg, University of New South Wales (UNSW) – Faculty of Law

Regulating Artificial Intelligence: Proposal for a Global Solution

Given the ubiquity of artificial intelligence (AI) in modern societies, it is clear that individuals, corporations, and countries will be grappling with the legal and ethical issues of its use. As global problems require global solutions, we propose the establishment of an international AI regulatory agency that – drawing on interdisciplinary expertise – could create a unified framework for the regulation of AI technologies and inform the development of AI policies around the world. We urge that such an organization be developed with all deliberate haste, as issues such as cryptocurrencies, personalized political ad hacking, autonomous vehicles and autonomous weaponized agents, are already a reality, affecting international trade, politics, and war.

Paper Available Here

Olivia J. Erdelyi, University of Canterbury – College of Business and Law & Judy Goldsmith, University of Kentucky – Department of Computer Science

Regulation Tomorrow: What Happens When Technology is Faster than the Law?

In an age of constant, complex and disruptive technological innovation, knowing what, when, and how to structure regulatory interventions has become more difficult. Regulators find themselves in a situation where they believe they must opt for either reckless action (regulation without sufficient facts) or paralysis (doing nothing). Inevitably in such a case, caution tends to trump risk. But such caution merely functions to reinforce the status quo and makes it harder for new technologies to reach the market in a timely or efficient manner. The solution: lawmaking and regulatory design needs to become more proactive, dynamic, and responsive. So how can regulators actually achieve these goals? What can regulators do to promote innovation and offer better opportunities to people wanting to build a new business around a disruptive technology or simply enjoy the benefits of a disruptive new technology as a consumer?

Full Paper Available Here

Mark Fenwick, Kyushu University – Graduate School of Law; Wulf A. Kaal, University of St. Thomas, Minnesota – School of Law; Erik P. M. Vermeulen, Tilburg University – Department of Business Law