Connect with us

Business

D2LT Thought Leadership

Source: Finance Derivative

Smart Legal Contracts – not a smart direction

Does the arrival of smart legal contracts presage the “Susskindesque end of lawyers”, genuinely creating the scenario of “Code Is Law”?  Of course not, says Akber Datoo, CEO, D2 Legal Technology, rather, it creates both opportunities and challenges as part of the broader digital agenda. 

As both a lawyer and a computer scientist, Akber explains why smart legal contracts increase, not decrease, the need for both the law and lawyers – and calls for legal experts to rapidly extend their skill set to embrace technology and data.

Maturity Curve

There are no specific barriers in English Law to the adoption of smart legal contracts. Defined by the Law Commission as: “A legally binding contract in which some or all of the contractual terms are defined in and/or performed automatically by a computer program”, their work in this area published on 25 November 20211, states: “We have concluded that the current legal framework is clearly able to facilitate and support the use of smart legal contracts. Current legal principles can apply to smart legal contracts in much the same way as they do to traditional contracts, albeit with an incremental and principled development of the common law in specific contexts. In general, difficulties associated with applying the existing law to smart legal contracts are not unique to them, and could equally arise in the context of traditional contracts.”

Clearly, the definition and this statement is just the beginning of the journey, seeking to encourage innovation to fulfil the commercial promise of the Smart Legal Contract – which is compelling. It is expected to revolutionise business over the next decade. Its adoption is, however, not without its challenges – as arguably, is any significant evolution in any field.

The Solution to Trust is not just the Immutable Contract

As soon as a smart legal contract is placed on a Distributed Ledger Technology (DLT), the agreed automation is unchangeable. On the one hand, this is the very attraction – removing the need for trust between both parties – the trust is placed in the code.  But that also means any failure in that code cannot be amended. Essentially, while the smart legal contract is not immune to legal intervention and other forms of governance, resolving a problem is extremely difficult.

For example, what happens if it turns out the smart legal contract was illegal? If there was fraud involved? If someone made a coding error? Or simply that circumstances have changed? The automation cannot be stopped. Even if the courts might rule that it should stop, the technology cannot be halted. The only option will be to set up some form of reverse transaction to make the adjustment. Far from an ideal situation.

The use of DLTs for smart legal contracts highlights a severe lack of ‘after the event protection’. Traditional contracts encourage the growth of trust during relationships between the parties, especially relationship level agreements such as the ISDA Master Agreement (“famously referred to by J Briggs in the Court of Appeal as ‘[…] probably the most important standard market agreement used in the financial world”)2.  They include flexible tools, such as the use of elastic and flexible terms such as ‘acting reasonably’ and ‘good faith’.  In addition to this, there is the ability to seek mutually acceptable outcomes should the truly unexpected occur to the surprise of the parties, through mediation, arbitration – or the backstop of the courts themselves.

These are not concepts that can be applied to the purist “code is law” philosophy that underpins some views of how smart legal contracts ought to evolve.  This results in a language of automation that is restrictive to business and the code unstoppable. Yes, we require a degree of immutability and automation – but the law is king over code, and smart legal contracts need to be designed to allow the law to intervene if we are going to allow the use of smart legal contracts for serious commercial transactions.

Lawyer Imperative

To make smart legal contracts work correctly given their immutability and automated nature, both parties need to know – or attempt to know – every possible event that may happen in the future which is, of course, impractical for most reasonably complex business transactions. Who has the expertise to ensure that every contingency (including mandatory actions ordered by a court of law) are considered and agreed between the parties (in the code)? The truth is, even in order to imagine and provide for some of those scenarios if we are going to empower the code, the role of the lawyer will become more important than ever.

A large part of a lawyer’s job is to tease out the needs and desires of a client, smoothing out contradictions and flagging potential eventualities. Programming a smart legal contract is tantamount to translating those intentions into code – which is great, if both parties are in control of that code. Yet the model being proposed by many in the industry is for lawyers to design the smart legal contract as usual and then hand it over to a developer to draft the code.

Traditional contract interpretation is hard enough.  This new world merely exacerbates the difficulties. Does the coder truly understand the law effect being sought by the lawyer? Does the lawyer truly understand the operation of the code being put in place by the developers? Any mistakes, any errors or misinterpretations will have a significant and severe impact because the smart legal contract is (as suggested above), largely immutable. It is now vital for lawyers to understand code and operate in this digital sphere. Lawyers need to be able to test a software program, just as they test scenarios anticipated by a contractual clause today. The difference will be rather than using natural language prose, the testing will be done through the context of high-level programming code – debugging through the code (that does look like natural language – yes, Solidity, Rust, Vyper and other smart legal contract code is not practically written in 1s and 0s, rather resembles natural language by design!).

Limiting Effect

Smart legal contracts are a long way from reaching maturity. There are many issues to address. As noted above, a degree of reversibility will have to be created, otherwise there will be a finite limit on the potential complexity and value of these automated agreements. But the shift is hugely exciting and offers enormous potential to the industry – if the right steps are taken.

Calls from some quarters for smart legal contracts to be based upon natural language so that they can be understood by judges will place a serious limit on the extent to which they can be deployed. Challenges around the management of complexity will constrain the use of automation with any degree of sophistication. It will also create the risk that firms could be sued for negligence due to mistakes in the coding phase leading to contracts failing to achieve the goals of both parties.  Calling for natural language and translation is a short-sighted approach and one that will not only delay the inevitable increasing adoption of automation but also add complex layers of failure.

Smart legal contracts offer a great deal of promise. However, there is a huge amount to be done by the legal community to embrace, explore and understand if that promise is to be realised. Not only will skills and toolkits need to change, but lawyers must play an imperative role in understanding the true limits of automation and determining where good, old fashioned human judgement remains king. The onus is now on lawyers to take ownership of smart legal contracts, discover and embrace new skills and gain the confidence required to accelerate maturity – without that committed smart legal contracts will, at best, fail to deliver on their promise and, at worst, create a global legal mire that could take generations to unpick.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Beyond compliance: why the shift to ISO 20022 is more than a messaging upgrade

Maria-Christine Diaz, Senior Business Strategy Manager at Eastnets, explores why ISO 20022 is more than a mandate – it’s a catalyst laying the groundwork for future-proof payment services

The SWIFT-mandated migration by November 2025 is set to end MT message processing for interbank cross-border payment instructions and cash management reporting (CBPR+). Yet, according to SWIFT as of December 2024, only 33% of organisations had adopted ISO 20022 for CBPR+. It highlights a deeper issue: many organisations still see it as a technical obligation when really, the migration implications stretch far beyond protocol upgrades and format translations.

ISO 20022 is not a one-off project. It is a multi-year, cross-functional transformation program touching every part of the business. It’s a strategic opportunity and a chance to rethink how financial institutions manage payments infrastructure, compliance and customer value propositions in a rapidly evolving digital economy.

However, it demands a coordinated, business-wide response.

Why tactical fixes won’t solve strategic shifts

At its core, ISO 20022 replaces the flat, ambiguous MT messaging format with structured, contextualised data that applies across all payment types, domestic and cross-border. It allows institutions to capture and exchange richer details – from payment purpose code and country of origin to beneficiary information – with far greater quality, accuracy and completeness.

That quality creates tangible value. It promises to strengthen Straight-Through Processing (STP) efficiency and dramatically improve the effectiveness of fraud detection and anti-money laundering (AML) processes. How? By reducing the number of investigation cases and false positives that have long strained operations teams. ISO 20022 also supports regulatory focus on real-time transaction monitoring and incident transparency, something central to frameworks like the EU’s Payment Services Directive 3, the AML Directives and the Digital Operational Resilience Act (DORA).

But ISO 20022 doesn’t just support regulatory alignment, it fundamentally alters the operational risk landscape. Most institutions still rely on compliance processes and infrastructures built for MT messages, which are poorly suited to handle the granularity and structure of ISO 20022 data. And when this richer data is simply “bolted on” to legacy systems, problems quickly arise.

Many banks are pursuing a tactical fix for what is a strategic shift – it’s like trying to put a square peg into a round hole. Systems and processes were built around the limited MT format which are flat, fixed and often ambiguous. Existing rule sets designed for flat MT messages begin to break down, triggering too many false positives and overwhelming compliance teams with noise instead of insights.

To realise the full value of ISO 20022, institutions need to map how payment data flows across their organisation. This helps identify legacy workarounds, uncover operational risks and pinpoint where ISO 20022 adds complexity or unlocks new opportunity. Therefore, a comprehensive business-wide impact assessment is essential to strengthen AML, sanctions screening and fraud detection processes.

With that foundation, banks can sharpen customer insights, strengthen fraud and risk controls, and develop new value-added services. As sanctions lists and fraud rules update in near real-time, combined with financial crime compliance costs surpassing $1 trillion in 2024, the ability to act on cleaner, more contextual data has become business-critical.

Therefore, making ISO 20022 work for the business means moving beyond retrofitting and honing in on three areas that drive real transformation.

More impact than meets the eye

The real opportunity begins when ISO 20022 data is integrated into core systems, not just translated at the edges. Payments data now impacts every business line – from retail and corporate banking to capital markets and trade finance – influencing every process from front to back office.

Again, migration is not a one-off project but something that touches every part of the business, from reconciliation processes to customer-facing services. The key challenge of this transformation is knowing where the payment is, its status, without ambiguity, at any moment. Think of it like tracking an Amazon parcel delivery. To manage this, institutions need lightweight analytics tools to monitor and track payment messages in real-time across systems, to reduce reconciliation errors, manual workarounds and operational risk.

The true value lies not in seeing the information, but in using it to streamline operations, resolve issues faster and deliver better outcomes.

The path to optimised financial crime detection

As ISO 20022 fundamentally offers richer information, one of the most immediate benefits lies in financial crime prevention.

To take advantage, institutions must recalibrate financial crime systems to work with clearer, structured and contextual ISO 20022 data. This isn’t just about better information, it’s about better precision. Finetuning these systems through precise finetuning techniques to improve detection precision and strengthen risk mitigation, all while reducing and operational costs.

Take Sohar International, a bank operating in the Middle East, as an example. It reduced its false positives by 67%, helping to distinguish between legitimate and suspicious transactions, simply by optimising screening strategies and using structured ISO 20022 data. That kind of result creates space for smarter, faster decisions across the organisation, all while strengthening its AML compliance framework.

An opportunity for leaner payment processes 

Additionally, ISO 20022 presents the perfect opportunity to modernise payment infrastructures with a modular orchestration layer – a flexible, business-agnostic workflow engine that seamlessly translates and routes messages across systems. This shields core business applications from changes in formats, protocols and standards, reducing maintenance overhead and operational risk and accelerating ISO 20022 adoption without disrupting core operations.

Moreover, it enables real-time monitoring, detection and investigation of issues such as duplicate payments or delayed messages, providing transaction integrity across the entire lifecycle. Having infrastructure agility translates directly into business performance, which can lead to increased cross-jurisdiction visibility in real-time and optimised STP rates, making sure payments move securely, efficiently and in line with market expectations. .

By building this agility, financial institutions lay the groundwork to rapidly adapt to future market changes, new services and customer demands without overhauling core systems. It also provides real-time visibility and transaction integrity, making sure payments move securely, efficiently and in line with market expectations.

Unlocking the true value of ISO 20022

Treating compliance as the end goal is a strategic misstep.  So, without a coordinated business-wide transformation strategy, supported by optimised financial crime tools, a lean orchestration layer and real-time monitoring, institutions risk operational disruptions and regulatory scrutiny impacting their bottom line.

What’s ultimately at stake is more than a messaging upgrade. It’s the opportunity to reshape financial infrastructure for an era defined by sustainable growth and operational resilience.

The real value of ISO 20022 lies not in translating messages, but in transforming the business. Those who embrace the shift – not just to adopt, but to adapt – will be best positioned to unlock smarter, data-driven growth in the years ahead.

Continue Reading

Business

The Quiet Strength of Being Clear – Why Assertiveness Matters More Than Ever for Founders

By Rebecca Sutherland, CEO and Founder of HarbarSix

There’s a word that often makes people shift a little in their seats. Assertiveness. It can sound sharp, maybe even a bit harsh, like something that belongs in boardrooms filled with ego or in negotiation books gathering dust on someone’s shelf. But in truth, assertiveness, when you really understand it, is one of the most compassionate tools we have as leaders.

Because at its core, assertiveness isn’t about being pushy. It’s about being clear.

And when you’re building something, a business, a team, a dream that lives outside the ordinary, that kind of clarity becomes essential. Without it, you end up drifting, making decisions that don’t feel quite right, saying yes when you mean no, and slowly watching the thing you once felt lit up by become a source of tension or exhaustion.

I’ve seen it happen more than once. A brilliant, creative founder full of drive and vision, slowly ground down by too many compromises, too much people-pleasing, too little space to breathe. They don’t lack skill or ambition. What they’re missing is that anchor, the ability to be assertive without feeling like they have to apologise for it.

So, let’s unpack that, because I think we need to talk about how to lead from a place that’s both strong and soft. Firm but open and rooted in who you are.

Assertiveness starts with self-trust

Before you can speak clearly to others, you must be clear with yourself. What do you stand for? What kind of culture are you trying to build? What do you value, not just on a branding level, but deep in your bones?

Because if you don’t know that, you’ll find yourself pulled in all directions. You’ll agree to partnerships that don’t serve you, hire people based on panic rather than alignment, and find it hard to hold boundaries when the stakes feel high.

But when you do know—when you’ve taken the time to understand what really matters to you—it becomes easier to communicate it, calmly and confidently, even when it’s uncomfortable.

Saying what you mean isn’t unkind—it’s respectful

There’s a misconception, especially among founders who want to be “good” leaders, that being direct is somehow abrasive. That if you’re too clear, you might upset people. But in my experience, the opposite is true.

When you wrap your truth in too many layers of softening or delay saying the hard thing because you’re worried about how it will land, you actually create more confusion, not less. People want to know where they stand. Your team, your investors, your clients—they respect leaders who can speak with warmth and certainty.

You don’t need to bark orders or dominate a room. But you do need to be able to say, “This isn’t working for me,” or “This direction doesn’t feel right,” or even, “I’ve changed my mind.” That kind of honesty is a form of care. It protects your energy, and it gives everyone around you a clearer playing field.

Boundaries aren’t barriers—they’re invitations to trust

One of the most powerful forms of assertiveness is knowing when to say no. Or not yet. Or not like this.

As founders, we’re often wired to keep giving—to clients, to our team, to the business itself. But that constant giving, without boundaries, leads to burnout. And more than that, it models a kind of unsustainable leadership where overextending becomes the norm.

Boundaries, when set with intention, are not walls. They’re signals. They say, “This is how I work best,” or “This is what I need to stay at my best,” or “Here’s the line where my role ends and yours begins.” And far from pushing people away, they create the safety and trust needed for real collaboration.

Not everyone will like it—and that’s okay

Here’s the part that might sting a little: not everyone will like your assertiveness. Some people will bristle when you stop bending over backwards. Others may be used to you saying yes to everything, and might struggle when you start to reclaim your space.

Let them. Your job isn’t to be liked by everyone. Your job is to build something honest, sustainable, and true. And the people who are meant to walk alongside you? They’ll stay, in fact, they’ll probably thank you for the clarity.

Practice before you need it

Like any skill, assertiveness gets easier with practice. Start small. Have that conversation you’ve been avoiding. Say no to the next thing that doesn’t feel aligned. Express a need clearly without over-explaining. And then do it again. Not perfectly, just consistently.

If you’re not used to it, it might feel clunky at first. That’s okay. Clarity is a muscle. The more you use it, the stronger it gets.

The most powerful leaders are not the loudest

They’re not the ones who dominate meetings or chase visibility for its own sake. They’re the ones who know who they are. Who can sit in discomfort without losing their footing. Who can say the hard thing with softness and stay true to their vision when the noise gets loud.

Assertiveness isn’t about power over others—it’s about being in your own power. And when you lead from that place, it changes everything.

For your business. For your team. And most importantly, for you.

Continue Reading

Business

Innovation in banking must go hand in hand with security, and here’s why

Dean Clark, Group Chief Technology Officer for GFT

The banking sector is transforming more and more, with banks under pressure to meet customers’ evolving expectations. This means that even the most traditional institutions have to move away from legacy systems and adopt modern technologies such as cloud computing and AI. The aim of this shift is not just to keep pace with digital-native competitors, but also to improve operational efficiency and deliver better customer experiences.

However, innovation brings new challenges. Transitioning from centralised mainframes to cloud-based platforms is a complex process that can’t happen overnight. Amid this transformation, banks must ensure that security remains a top priority. Striking the right balance between modernisation and robust security is essential to building and maintaining consumer trust in the digital age.

Balancing agility with security

Multicloud is a key component of digital transformation strategies in the financial sector. Many banks are relying on hybrid multicloud to modernise and keep up with the evolving tech landscape. In the meantime, new digital banks are launching entirely on cloud-native platforms, which helps support agility and scalability from day one.

Cloud technologies offer many advantages, including improved performance, flexibility and faster innovation. However, despite these benefits, they do come with security challenges. Cloud infrastructure, often built and managed using Infrastructure as Code (IaC), can include some vulnerabilities and give an entry point into a bank’s system to malicious actors. As such, ensuring that IaC adheres to best practices is essential to avoid misconfigurations or exploitable vulnerabilities as early as possible.

The protection of consumer data must also be central to any digital transformation strategy. Security must be deeply embedded not only in backend infrastructure but also in the user-facing layers such as web portals and mobile applications. This is critical to maintain consumer trust and improve retention.

Why a unified security platform is essential

When undergoing digital transformation, financial institutions need a unified security solution to help streamline the security management process by having all the necessary tools in one place. In fact, a unified security solution is built on three interconnected pillars. First, security must be embedded directly into development pipelines. This integration helps identify and mitigate risks and misconfigurations early, before they can impact production. Second, through continuous monitoring and management of cloud assets, banks can gain more visibility and control over their security posture. Third, runtime protection safeguards cloud workloads, web applications and APIs through tools like cloud threat detection, host security, container security, serverless security, and web application & API protection. Together, these pillars help to establish a robust security framework. This way, digital banks can minimise risks, streamline operations and ensure compliance with regulatory demands.

The benefits of ‘zero trust’

Modern cloud-native banks rely on ‘zero trust’ security models more and more. ‘Zero trust’ refers to the principle according to which every request to access an organisation’s system should be carefully reviewed. This means that no user or system is trusted by default. They’re all subject to identification and authentication checks. This helps set clear boundaries between the applications the users are accessing and the resources available in the cloud. And even after access has been granted, all activity is monitored on an ongoing basis to identify potential malicious behaviour that could compromise digital banking systems. This continuous verification enhances visibility into potential threats and facilitates compliance with regulatory standards.

To further reinforce security, mutual transport layer security (TLS) can be implemented as a core design principle, enabling secure authentication with third-party entities over the internet. By adopting such measures, digital banks can build a resilient security foundation that safeguards against evolving threats whilst preserving customer trust and operational integrity.

The example of Salt Bank

Salt Bank is a next-generation digital bank launched in Romania. It serves as a good example of a financial institution that embedded security into its digital banking platform from the start. Salt Bank was built and launched in under 12 months, showcasing the power of an approach to innovation that heavily relies on security.

Salt Bank implemented a range of advanced security measures, including zero trust architecture, threat modelling, cloud security posture management, and automated security operations, guided by this security-by-design philosophy. These tools helped the bank implement a strong defence against cyber threats whilst still focusing on improving customer experience.

Central to Salt Bank’s strategy was Engine by Starling, a SaaS platform designed specifically for digital banking, paired with Palo Alto Networks’ Prisma Cloud. Prisma Cloud played a key role in securing the bank’s cloud infrastructure, offering capabilities such as misconfiguration monitoring, risk detection, remediation and compliance management. Together, these technologies provide a unified and efficient approach to managing security in a complex cloud environment.

The future of modern banking is all about security

As digital transformation accelerates across the financial sector, companies must keep security at the top of their agenda. Whilst innovating is key to keeping up with evolving trends and changing customer expectations, it can’t be done without prioritising security. If security isn’t embedded in every layer of an organisation’s digital infrastructure, vulnerabilities may be introduced within the system and easily exploited by malicious actors. And once cyber attackers are in the system, everyone knows it can lead to chaos.

But security isn’t just for defensive purposes, it’s also a strategic advantage. In a climate of growing digital distrust, the most secure bank doesn’t just win compliance, it also wins customers. By choosing to turn advanced security into a visible product feature, not just an internal practice, banks can build marketable trust and differentiate from fintech challengers who may cut corners in pursuit of speed.

Continue Reading

Copyright © 2021 Futures Parity.