The UK Needs a Tech RegulatorPartner, Oliver Wyman Public Sector, and Visiting Fellow, London School of Economics Centre for Risk and Regulation Principal in Oliver Wyman’s Public Sector Practice
Facebook’s recent announcement that it plans to launch an alternative currency was the latest sign that the United Kingdom needs a tech regulator to effectively oversee tech firms as they continue to move into new industries and straddle more regulatory regimes.
With the establishment of a smart tech regulator, the U.K. can become a world leader in fostering digital innovation while holding tech firms and their executives accountable for abuse of their inventions. In the past 20 years, tech giants have risen to become the biggest companies in the world, without formal and structured government oversight.
A Patchwork of Laws in the UK
Today’s patchwork of privacy laws and industry self-regulation lack transparency and coherence: The combination drives up the cost of innovation and doesn’t go far enough to protect the billions of people worldwide who now rely on tech firms’ products and services.
By clearly defining the rules of engagement, a regulator for the tech industry with a national set of statutes could put tech firms on a level playing field and reduce the cost of innovating.
It could also trigger a cleanup of the current system, resulting in a more robust and productive regulatory framework.
Some forward-looking institutions are already taking steps in this direction. In June, the Bank of England published a report that outlined ways to support digital innovation and resilience in financial services. Before that, the Department for Digital, Culture, Media, and Sport set an example for the world in April when it proposed creating a regulator to set up rules for social networks concerning terrorist messages and abusive images.
We Need to Go Further
The first country to figure out how to regulate the broader tech industry will become the focal point for the next chapter of the world’s digital revolution. Below are a few ideas for other ways that a smart tech regulator could make a difference.
Focus on three overarching objectives: Tackle the most pressing issues facing the tech industry by focusing on three goals: safeguarding individuals and society from maltreatment; promoting responsible innovation and robust competition; and establishing understandable and consistent parameters for data privacy and monetization.
These regulatory goals need to be reinforced by metrics to judge if the regulatory framework and functions within tech firms align with them. Specific powers should also be established to encourage certain behaviors such as “cease and desist” orders, “comply or explain” requirements, fines, and legal sanctions.
Automated supervisory technologies are reducing the cost of compliance for tech firms and the cost of supervision for regulators.
Develop standards-based regulations: Tech firms’ innovations and the risks that accompany them are evolving so rapidly that it’s easy for regulators to fall behind. Standards-based regulatory regimes capable of adapting to technological and social change could help a tech regulator to get out in front and stay there.
Standards can be reworked for new risks, but changes to regulations and laws require extensive public consultation. With a standards-based approach, a tech regulator can introduce guidelines to encourage sensible innovation or, conversely, swiftly hold tech firms accountable when unforeseen risks arise.
Similar to conduct standards in the financial services and energy industries, standards-based regulatory regimes can nimbly adjust to grey areas of regulatory compliance. This is most important in the area of artificial intelligence ethics.
Prioritize activity based on risk: Tech firms constantly introduce new apps, software and hardware, and there’s a real chance that an increasingly cash-strapped government won’t be able to afford adequate staffing to properly enforce new regulations. A tech regulator would need to use a risk-based approach to target the firms and activities that put the most people at risk first and rank the spectrum of potential threats.
The degree of supervisory intrusiveness should be commensurate with the size of the potential risks that companies pose. Big companies will require dedicated in-house supervisory teams, while much smaller teams can oversee primarily automated data-driven reports from startups. This ensures startups are not unfairly disadvantaged due to high costs of regulatory compliance.
Be digital by default: Machine executable regulations, integrated data platforms and reporting application programming interfaces should be part of the standard operating model from day one to reduce the cost of compliance for companies while increasing the efficacy of risk management. By replacing quarterly reports with technology platforms that permit regulators to pull information related to key risk indicators from companies’ systems directly, regulators will be able to monitor companies more proficiently.
A New Standard for a New Age
These techniques are being piloted in major financial services markets like the U.K., the United States and Singapore. There are early signs that automated supervisory technologies are reducing the cost of compliance for tech firms and the cost of supervision for regulators.
Tech firms’ actions are spurring not only potential threats but also economic growth. The government should assist in rebuilding public trust in this important sector by establishing a regulator dedicated to preventing abuses in an age of accelerating technological change, because tech companies’ technologies now influence the very essence of our lives. Practical action could set a new standard for responsible innovation in a digital era.