With advances in machine learning and other forms of big data and artificial intelligence, more and more corporations are using massive data lakes to better target and serve their customers. However, the standards for ethical data use are still being written, one company at a time. Intact Financial’s Maryann Besharat gives us a look at her company’s process and journey.
Tyler Lawrence: Can you please share a little bit with me about your role at Intact, and some of your current focus areas?
Maryann Besharat: I am vice president of legal affairs and compliance at Intact Financial. I’m responsible for the compliance and privacy aspect of the company, as well as insurance, regulatory work, product development work, the ombudsman’s office, and marketing. I’ve spent the last 10 years here, and before that, I was in private practice. The last few years, we’ve really tried to mature our compliance program.
I would say integration has been one focus area. Currently, we have quite an established compliance program, but we’re always trying to take it to the next level while also integrating any company that we acquire, because Intact is in constant acquisition mode. That means doing that deep dive, looking at what the has acquired company’s compliance practices and asking ourselves “Okay, what is best for this structure? Should we adopt something they have that we haven’t implemented, or is the Intact way the better way?” We always keep an open mind and really examine what the other side is doing, and then we make a decision. That process has helped us enrich our program as well because you get to see what other companies are doing, post-acquisition.
Another major focus area has been data and model governance, and making sure that we’ve got an ethical framework in place that is suitable to our traditional data modeling practices as well as new cutting edge advanced modelling techniques. And finally, we, via our acquisitions, have gone into different lines of business that are new to Intact. So, a focus has been ensuring that the legal department has the requisite skills to be able to assist in this regard.
Ethisphere: Could you give me an example of a practice that you all found at a company that you had acquired that you decided to then integrate into everything that Intact was doing?
Maryann: One of the things that we saw from other companies, especially if they were smaller, is that the compliance lawyer was closer with the business. Historically, the business was reticent to have compliance at the table because we’re supposed to be this independent, objective third party, but I don’t think they’re mutually exclusive. You can still remain objective, while getting a better, enterprise-wide, understanding of how the business works when you sit at an operational business table. It can certainly be a bit more challenging in a very large organization but so far, it has really yielded some excellent results for us.
Ethisphere: The ethics and compliance team is leading the creation and adoption of ethics in AI practices within Intact. Can you talk through the process and thinking?
Maryann: It became apparent to us a while ago that there were a lot of new and exciting things that were being done at the Intact data lab – Intact’s team of data scientists. The projects coming out of the lab were quite novel and Compliance become more involved the design, and review process. For some of the projects, we needed to have a goal. We had to sit down and say, “Okay this is not prohibited, but how do we feel about this, and what should the company do in similar situations moving forward?”
These debates could be quite philosophical, but we agreed that with all of the investment in the data lab at Intact and considering how rapidly the lab was growing, we needed to have a framework in place. And it was important to us that the framework was one that was responsible and help set some guard rails, but also that it serve as an inspiration for the data lab: “this is what our ethos is”, “this is why we’re here”, and “this is why we do what we do.” So, we started the process of looking at some of the top data and tech companies, some of whom were more advanced in their thinking on data principles than financial institutions are.
A lot of buzz words are bouncing around in the data world. I saw a lot of the same themes popping up over and over again. So, we came up with a laundry list of the top data principles most frequently used by data and tech companies and we narrowed it down to the top five that feel right for Intact. We are commencing a discussion with our top executives at the company to debate them. We had senior leadership go through the exercise of taking each principle beyond an abstract feel-good principle to consider, ” What does this mean in real life? What could it mean to the projects that we’re working on?”
In some cases, truly adopting data principles will mean that some projects will die. In other cases, it will mean that some projects will be born again or revamped to comply with principles. We did this to help the executives understand these principles and the impacts of adopting them.
Ethisphere: How did you work with other functions outside of legal? How much were they consulted on the discussions you’ve had so far to get the organization thinking about and supporting the policies?
Maryann: We had a very collaborative approach. When it comes to ethical principles, the legal and compliance department is the suitable party to hold the pen, author the principles, and do the research. We have a skillset that lends itself to conducting all the research and analysis. But to think that we should be the sole author would be a critical mistake. It’s extremely important that you have other stakeholders at the table. The first wave was to consult with what in the financial world we call “the second and third lines of defense,” risk management and audit.
Then, wave two was to consult with leadership at the data lab and IT, because they’re the ones who are working with this issue the most. That was a very rich conversation. Audit and risk are quite aligned with legal and compliance in their approach, but when you sit with lab scientists and IT, they can help you understand certain things that you would never have thought of. Certain trade-offs that will be made if the proposed principle is adopted, and the impact on the organization.
Finally, in wave three, we went to the heads of the business units that don’t necessarily have the IT tech or data analysis background, but are the recipients of much of the great work coming out of the data lab and are using it to benefit their customers. The BU’s understand the impact on the customers, and this is a critical feedback loop that is needed when adopting policies with potential for broad impact.
Ethisphere: How are you thinking about success with this project? What does success look like?
Maryann: Success would be enterprise wide adoption of the framework with an effective plan to operationalize it.
Ethisphere: Do you have any advice from the experience you’ve had so far pulling all of these stakeholders together?
Maryann: Ensure that you have executive support and leadership behind this type of project – this gives you a better chance of success. First, obtain buy-in or instructions from the CEO, then let people know what you’re working on, because in large organization, many projects are happening in silos. You don’t want to duplicate work.
Next is a technical framework that is a bit more IT-reliant. Determine if your organization has the right infrastructure that protects the information, that retains it, that destroys it. Do you have the right consents? Is the organization using high quality data? Some of that is legal, but much of it is quite IT-reliant.
In conclusion, get the mandate, communicate the mandate, obtain feedback and implement with the appropriate stakeholders.
Ethisphere: Getting down a little bit more into the nitty-gritty, in terms of benchmarking these principles once they’re rolled out, what kind of KPIs will you be looking for, in terms of measuring success?
Maryann: This is an evolving area, and many papers have been written about Data Ethics. I would recommend using these papers and other publications to benchmark the principles.
With respect to KPIs, over time, organisations may be in a position to discuss certain projects, and whether or not they can link the projects’ trajectory to the adoption of the ethical principles. Consider whether projects were reviewed through the lense of the principles, and whether they were adopted, amended or abandoned due to the principle review exercise.
Ethisphere: Do you have any closing thoughts, words of wisdom for us before we wrap up?
Maryann: It’s a great exercise. It’s probably one of the most fun things I’ve done in a long time. It’s such an unsettled area and there can be so much debate around it. There are a lot of ethical conundrums that we’re facing with the use of data, and it’s something that most companies are just starting to face head-on right now. I think legal and compliance can contribute immensely to this discussion, and should absolutely be at the table to ensure that the company’s North Star is clearly identified. We should leverage our experience dealing with complex ethical situations in that regard, and help enhance the discussions and the debate that’s happening in the company.
About the Author:
Maryann Besharat is Vice President, Legal Affairs & Compliance Services at Intact Financial Corporation. She is responsible for providing legal services and solutions-oriented advice relating to a broad range of legal issues including: insurance-regulatory, compliance, privacy, ombudsman, corporate litigation, internal investigations and employment matters. Maryann provides pragmatic advice regarding strategic initiatives and she oversees interactions with several regulatory bodies and is responsible for managing all aspects of Intact’s privacy and whisteblower programs. Previous to her role at Intact, Maryann was in private practice at Borden Ladner Gervais LLP, where she practised Corporate Commercial Law and focused on Mergers and Acquisitions, Marketing and Advertising Law, Consumer Protection and Privacy Law.