Contracts and due diligence catching the next wave of computing (Web 3.0): Part 2

In the first part of this article we looked at the existing legal and regulatory framework surrounding contracts and conducting due diligence for bank account opening and management. We’ve highlighted the impact on both procedures by the technological advancement of artificial intelligence and smart contracts.  In Part 2 of our article, we look deeper into the world of Web 3.0, with the help of Richard Shearer, CEO of Tintra PLC (, that’s building the world’s first Web 3.0 banking platform aiming at financial inclusion. Is the Cypriot legal and regulatory framework ready to invite and nurture technological advancements in the context of drafting, and enforcing contracts and due diligence?

Part 2

What is Web 3.0 anyway?

For lack of a legal definition, we refer to Web 3.0 advisers such as Packy McCormick as quoted in T.Stackpole’s article ( ) where he referred to it as “the internet owned by the builders and users, orchestrated with tokens.” Moving away from the obvious use for transactions in crypto, Web 3 appears to be “using blockchain in new ways to new ends,” Stackpole says. User dominance on Web 3.0 is a matter of fact, as per Jad Esber and Scott Duke Kominers “In Web 3, instead of platforms having full control of the underlying data, users typically own whatever content they have created.” (May 2022 HBR). Another attempt to define this new reality, by Bernard Marr in January 2022, as published in Forbes (, Web 3.0 was described “currently a work-in-progress and isn’t exactly defined yet. However, the main principle is that it will be decentralized – rather than controlled by governments and corporations, as is the case with today’s internet – and, to some extent, connected to the concept of the “metaverse.”

We particularly liked Davy Smith’s description of Web 3.0 which he called “a version of a virtual world.” And then asked us to imagine multiple virtual worlds, “in which Tintra can provide an infrastructure for users to interact in a borderless way.” Davy Smith leads Tintra’s AI Research Laboratory.

  • If it’s unpredictable, if it’s decentralised, what can be built in Web 3?

In an obvious question to an AI developer at Tintra, “how can a banking platform operate in a Web 3.0 environment”, Davy described Web 3.0 as one version of a virtual world. Richard added that there can be multiple virtual worlds, “with Tintra bridging these universes enabling users to interact in a borderless, seamless way.” From our experience, there is nothing seamless in fund transfers, given the application of the GDPR, the 5th EU AML Directive etc. There is a necessary long pause, which gives time to a team of professionals experienced in financial operations, to review and evaluate all parties involved and the transaction (contracts) itself, before any funds transfer can be achieved. Payments and funds’ transfers as we know them depend on a thorough an up-to-date client acceptance and transaction due diligence procedure. How can a bank operate on Web 3, when a significant part of the banking process, still depends on human discretion?

The same way that contracts, still depend on bounded rationality a concept developed by Simon H.A. in 1991 (“Bounded rationality and organisational learning” Organization Science 1991) and extended by Gigerenzer and Selten (“Bounded rationality. The Adaptive Toolbox. Cambridge. MA: MIT Press 2002). Bounded rationality is based on the premise that since the future is uncertain, any decision made by individuals has to be made with limited rationality and based on subjective experiences. Therefore, no computer program (and no contract, however “smart” it would be) can include all possible situations to be managed later (as mentioned by Dr. Junemann and Milkau). And if that is the case, then how can a client acceptance procedure, be implemented that allows a banking platform to operate in a frictionless, borderless manner, within the context of the law. Tintra’s answer as formulated by CEO Richard Shearer is interesting. Such a dynamic can exist with artificial intelligence, but only when it is ensured that such a technology is inclusive, free-from-bias, constantly updated and runs on Web 3 decentralised principles. And the underlying objective? To remove human bias in the context of client acceptance, due diligence procedures enhancing borderless, frictionless legally compliant transactions.

Software engineers would suggest that removing human bias is next to impossible, due to the inevitable interaction of the user with the code. The user carries subjective bias which inevitably infiltrates the code that will then be used in the software applied to conclude a contract or decide upon a person’s eligibility to have an account opened or determine whether a transaction is compliant under AML.

  • “Always-on KYC” -what does it even mean?

Richard’s view is that “always-on KYC” is the answer to borderless and frictionless client acceptance, due diligence procedure and even payments as a means of smart contract performance. In brief, “always-on KYC” refers to a distributed ledger that is updated in real-time, with the user’s current information. So that the banking platform responsible to process the client’s transactions, is made aware of any change in circumstances on a daily, or perhaps even hourly, basis. Rather than periodically or even annually as is the case in most legacy infrastructure.

We can think of at least one large EU bank that could benefit from an “always-on KYC”, given the Archegos scandal in 2020 which led to Credit Suisse suffering over USD 5,5 bln trading loss when its client the Archegos Capital family office collapsed. The Bank’s new CEO Axel Lehmann admitted that the bank failed to “anticipate material risks in good time”, while the Employees Retirement System for the City of Providence, on filing a lawsuit against the bank, stated that the fundamental problem with the bank was that its board “did not provide the resources, the people, the technology, systems and controls needed to comprehend the overall risk the bank was taking on, much less manage that risk.” (“Credit Suisse admits Lax Approach led to scandals” FT May 11, 2022”

Certainly the cost of maintaining an operating system that can flag risks in transactions, or spot rogue traders or ineligible clients is high. However, building such system on a private or public distributed ledger means there is as much trust in it as there is immutability, and in light of the cost of getting it wrong, there is an argument for investing in technology that supports getting it right.

Considering the high-profile cases where millions or even billions of dollars were transferred within highly reputable financial institutions, in breach of a string of AML and anti-bribery laws, it is inevitable to conclude that depending on the human factor and perhaps, more importantly on a “western” perspective of what constitutes a compliant and non-compliant client or transaction, may no longer suffice. And it is at this point that Richard’s vision of an informed software that is built to distinguish between clients not on “western” standards but on standards created by an inclusive distributed ledger technology, becomes a rather appealing solution. “The real breakthrough here, is in building technology that allows us to build a regulatory framework that’s ad hominem -directed at you as an individual with the rights that you deserve rather than lazy categorising by nationality, social background or even more uncomfortable signifiers” Richard says.

  • Financial inclusivity -the case of the informed KYC software

The performance or enforcement of a smart contract may trigger new KYC obligations -in an article by EBRD and Clifford Chance this is displayed by a simple example of a wire-transfer exceeding certain limits (“Legal Reform Access to Finance” As mentioned in the said article “the software will need to be able to identify such triggers and to execute actions only if the relevant KYC requirements are met.” The argument concludes that in that case human input may be necessary.

To this conclusion, Tintra’s proposal as envisioned by its CEO Richard Shearer, is the financial inclusivity of the software. How can that be achieved in light of the biases we have previously referred to? By “feeding” the software with data that’s regional and jurisdictional-specific and probably in troves so that users based in Costa Rica can open, operate and transact through the banking platform with the same ease as those based in Nigeria, the UK, Australia and Singapore.

If one thing is true about the Covid-19 pandemic, is that it has revolutionised terms such as “locality” and “connectivity” by unearthing ways to achieve them remotely. Distances have been bridged, and through the isolation of the various lockdowns and the distance created between users and their place of work, or users and their banks, another type of connectivity emerged between users with the ability to meet and interact virtually during a universally common experience.

In the same way that verification of one’s identity and signature can now take place digitally, through legislation that approves electronic means, client acceptance, due diligence and contract performance can also take place with much less (if any) human intervention. The responsibility is on the providers to ensure that the system which can arguably only run on distributed ledgers, is inclusive and constantly updated. One of the challenges of smart contracts is software aging, but it can arguably be addressed where the users become builders on Web 3.0.

  • Does existing EU legislation sufficiently cover “smart contracts” and “smart due diligence”

In an article by EBRD and Clifford Chance, the importance of assessing existing legislative and regulatory frameworks was considered crucial in determining  whether adjustments to existing laws may be necessary or even desirable to better facilitate the use of smart contracts. As the article concludes, “new legislation might also be needed; for example, to specifically recognise the use of distributed ledgers as a record of ownership of an asset, which existing law might not allow.”

It appears that in the foreseeable future, Contracts Law Cap.149 as well as Companies Law Cap.113 will both require updates that allow technology to operate alongside the law in the creation and performance of contracts. Moreover, the applicable AML laws and GDPR will require to adapt to an application in a new technological environment, that’s inclusive and takes into account the new reality of globalisation, collective experience and remote presence.

This article was published in the Cyprus Mail in August 2022.

Sign-up today!

Get up-to-date information, directly to your inbox.