Unlock the Potential for a More Ethical, Transparent, Fairer and Sustainable Financial Market Industry

15th October 2024, Krakow, Euroclear

Program

Welcome word by Stephane Bernard, Chief Operating Officer of Euroclear

Presentation of the Global Prize by Virgile Perret, Project Manager at Observatoire de la Finance

« Why finance needs ethics » by Paul H. Dembinski, Director of the Observatoire de la Finance and co-President of the Jury

Testimony by Witold Gromala, Data Protection Officer at Euroclear and former participant to the Prize

Testimony by Marta Rocchi, Professor at DCU Business School and previous winner of the Prize

Reead the testimony by Witold Gromala

Good morning, everybody, Dzień dobry wszystkim, Bonjour à toutes et à tous,

Let me start by expressing my gratitude for the invitation – it is a real honour for me to be here with you today.

I am Witold Gromala, I am Data Protection Officer for Euroclear Bank since December 2022; and today, I would love to share with you all, my personal story concerning Ethics & Trust in Finance Prize, as well as my personal reflections on ethics, specifically through the prism of the subject that is very close to my heart, namely, data privacy.

As a young enthusiastic law graduate, I entered the world of finance in 2012, the world that was still stormy after the financial crisis. New pieces of law were being enacted to ensure that the old sins would not be repeated in the future. That financial upheaval was accompanied by the crisis of trust – the reputation of the old guardians of that trust – the banks – was seriously tarnished. Yet, it was not the end of turbulence. In 2013 the leak of NSA documents disclosed the mass surveillance of electronic communications by the US intelligence, the practice that invaded the privacy of civilians and eroded the trust vested in the government. The saga referred to as Snowden Revelation. Those two crises shaped the world I entered as a young, idealistic law graduate with a head full of values and ideas.

History, in my view, is not linear, it is a series of dispersed yet intertwined events that happen to repeat themselves in the most unusual forms and shapes. I joined Euroclear in 2016, immediately impressed by the culture of speak-up and fairness. History repats itself – the new Revolution is unveiling itself these days – again.

Artificial Intelligence is taking the world of Finance by storm, creating risks not known before. The law as usual is not fully equipped to capture those risks, leaving us often with our own sense of ethics as a sole tool to protect against bias, opaqueness, or environmental impacts of the technology.

Studying compliance and ethical implications of Distributed Ledger Technology pushed me into the world of data privacy, shaping my career for the years that came after I drafted my essay. This opened my eyes to the world of data, technologies and the accompanying risks for the rights and freedoms to human beings, creating a turning point in my professional career. I was lucky enough to work in a company that enabled me to have a smooth evolution, to make me stand where I stand today.

Hence, I would like to take this opportunity to thank Stephane Bernard and Euroclear as a whole for supporting this honourable competition. Promoting ethics and integrity in the finance sector, by stimulating innovative ideas among young professionals works for the benefit of us all, by creating a more sustainable and resilient financial system. Equally, I would like to encourage you, those under the age of 35 to put pen to paper, to have your say and utilise this platform to build a more sustainable, equitable and ethical future for us all. While not being able to participate anymore, due to age constraints, I found the competition intellectually stimulating and above all great fun. This magnificent journey shaped my career and led me to where I am today.

Soon after my participation in the 6th edition was over, Euroclear gave me a unique opportunity to join the data privacy team, the team which helped to prepare the company for D-Day – 25th of May 2018, namely, the General Data Protection Regulation (EU directive) applicability date.

Personally, I found the data privacy compliance universe a perfect example of ethics operationalisation – not only in the financial sector, by the way. The importance of ethics in that universe is mandated by the fact that it forms part of one of the key GDPR processing principles: Lawfulness, fairness, and transparency. What does it mean in practice? Fairness: both under the data privacy regime and under our internal Euroclear policies is not an abstract notion. It means that while processing personal data of human beings (employees, job applications, customers, or business partners), we don’t mislead, we don’t manipulate, we don’t trick somebody into oversharing personal data and we don’t transfer the risks directly onto the individuals concerned.

Fairness means that we communicate openly, we avoid over-complexified mechanisms for individuals to exercise their rights, we respect their choices and facilitate their control over their personal data.

Fairness compensates for the imperfection of the remaining components of the principle. While the processing might be technically lawful and transparent, it still might be unethical, unfair. Let me give you an example: a company might comply with the transparency requirements by having the most detailed privacy notice, explaining everything that is required by law, but where the data practices themselves are excessive from the perspective of a reasonable person, the fairness principle is violated. The right balance must always be stricken, the privacy surprise avoided and lengthy polices are simply not enough to avoid liability these days. The assumption that people read privacy policies or notices is considered the greatest lie of the 21stcentury – The research was made, claiming that in 2008 an average US internet user would need to spend 244 hrs. to read the privacy notices of the websites he/she visited yearly. Additionally, it has been estimated that the literacy skills required to fully understand an average privacy policy match those needed to understand Hawkings’ “A brief history of Time…”

In light of that, the fairness principle is the guardian, ensuring that ethics is incorporated in each processing activity performed by a company. And again, as I mentioned before, that concept is not abstract in the context of what we do in Euroclear. Fairness, alongside other processing principles, is embedded into our control framework, via the data privacy impact assessment process. The latter can be considered as a heart of the privacy compliance programme that helps to assess each new Euroclear’s project or initiative that touches upon personal data.

That concrete control ensures, in line with the data privacy by design and by default principle, that fairness is taken into account at the initial stage of a product, process creation, whether it is a virtual chatbot, call recording application, sanctions screening tool or an HR process change impacting the way personal data is handled.

In the times when data is considered new oil, the importance of ethics in data practices undertaken in the financial sector should not be underestimated. This is proven by the rising number of regulatory fines concerning so-called dark patterns, and the ever-increasing expectations of the individuals whose personal data is processed. In fact, this seems to demonstrate an important shift in the paradigm, where the focus is no longer on what is legal but what is fair, leaning from choice and notice model towards the privacy harm model.

Let me stop here, as I am perfectly aware that the data privacy universe is not necessary the space that all astronauts find equally exciting. Nevertheless, let me once again encourage you to capitalise upon the great possibilities and support Euroclear offers to You. I am more than certain that at the doorstep of the new revolution reshaping our industry, the plethora of exciting subjects is waiting to inspire you.

Thank you All!