Task Force 2: Our Common Digital Future: Affordable, Accessible, and Inclusive Digital Public Infrastructure (Affordable & Accessible Digital Public Infrastructure)
Contemporary systems of regulation do not work—for regulators, firms, or consumers—because they are outdated, time-consuming, costly, resource-intensive, and ineffective. Digitising rules can kickstart the modernisation of the rulemaking process and enable countries to create regulations that work.
Regulatory technology (RegTech) applies technology to reframe rules as code instead of natural language. A key challenge with this technology is how to navigate increased technological reliance in an increasingly globalised economy. This is where the G20 is important.
The G20 has already demonstrated interest in RegTech as recently as in 2020. Now, it can push efforts in its member countries by leveraging its position as a global convening ground to encourage national pilots, international collaboration, and multilateral implementation.
Stakeholders across the board stand to gain. Regulators can identify the most egregious cases of non-compliance by learning from other jurisdictions, thus preventing a game of whack-a-mole. Firms can lower the increasingly high compliance costs of doing business and explore new areas of expansion. Consumers benefit from increased competition due to lower entry barriers.
1. The Challenge
In March 2023, Silicon Valley Bank and Signature Bank collapsed within 48 hours of each other, marking the second- and third- largest bank failures in American history.[1] This raised numerous questions nationally and globally. Chief among them was whether the regulatory safeguards that the US put in place after the 2008 recession were sufficient. Could we have forecast and prevented these failures?
Rules are set to achieve certain outcomes, like efficiency and equality, and are a bridge between legislation or authority and their target audience. They are pervasive and impact every aspect of our lives, from how we fill prescriptions to the price we pay for produce. However, they have not adapted to our digital-first world. Rules have not kept up with changing technologies. The Tony Blair Institute for Global Change has previously written about the mismatch between 20th century rules and the 21st century firms that they purport to regulate.[2] Global authorities are still battling over whether to regulate cryptocurrencies like Bitcoin as security or as currency. This, despite the industry hitting trillion-dollar valuations.[3] Regulators thus spend more time, money, and resources to audit and oversight firms. In the US, regulatory agency outlays grew steadily in the 60 years between 1960-2020 to reach US$77.8 billion.[4]
This increase in the cost of compliance has not resulted in a simultaneous increase in compliance itself. Most financial institutions in the US reported rising costs for financial crime compliance in 2022, which were projected to increase 12.8 percent from the previous year to reach US$45.9 billion.[5] That same year, the US also imposed the most penalties for anti-money laundering and other financial crimes globally; US$37 billion compared to US$11 billion across Europe, the Middle East, and Africa combined.[6]
These regulatory failures have been accentuated by four recent trends: renewed regulatory interest in legacy industries due to market failure or exigent circumstances; the introduction of new technologies such as drones and artificial intelligence (AI); expansion into new jurisdictions, including geographic markets, product and demographic segments; and innovative business models like decentralised autonomous organisations and cryptocurrencies. Solving these regulatory failures will benefit regulators, industries, and consumers.
Regulators in fragmented regulatory markets like the US, which has federal- and state-level rules, or in smaller markets that have less leverage with firms can use regulatory technology (RegTech) to facilitate standardisation and collaboration across jurisdictions. Heavily regulated industries like finance and healthcare, or emerging and dynamic industries like AI can apply RegTech to conduct risk management, assess entry into new markets, horizon scan for risks, and reduce compliance costs. Arguably, end-users can benefit the most from successful regulation but have the most to lose when regulation fails. For instance, over a quarter of the US$168 million spent to bail out banks in the UK in 2007-09 came from taxpayer funds.[7]
How can we use rules and the rulemaking process to achieve our regulatory intent? One way forward is to lean into the technologies that we are regulating. Traditionally, rules are written in natural language and are open to interpretation. However, a new field of thought is emerging that attempts to communicate law as code.
The significant technological advancement of the past 50 years has not had an impact on regulation and compliance. Now, new tools bridge the gap between rulemaking and interpretation. They enable regulators to iterate faster and better communicate regulatory intent. Amongst them, RegTech, computational law, and rules-as-code leverage the power of technology to improve how we apply regulations. RegTech is the application of “innovative capabilities and techniques to help financial institutions improve their regulatory governance, reporting, compliance and risk management.”[8] In 2021, US$9.9 billion was invested in RegTech globally, roughly three times as much as in 2019.[9]
RegTech initiatives have already demonstrated their viability on both the regulatory and compliance sides through the following:
- Establishment of digitised copies of law and regulations, such as the Electronic Code of Federal Regulations (eCFR)[a] system in the US and EUR-Lex[b] in the EU.
- Standardised reporting mechanisms and formats that allow better information sharing and enforcement, such as the Securities and Exchange Commission’s adoption of the eXtensible Business Reporting Language for financial reporting.
- Adoption of software-based automated compliance like TurboTax and Credo AI by software companies, which helps them understand how to comply with new AI regulations.
- Machine-readable law initiatives[c] and research by academia and governments (e.g., New Zealand, Canada, and France[10]) that seek to express rules in code, potentially automating compliance.
- Use of AI and Natural Language Processing (NLP) for regulatory interpretation and processing. For instance, the use of AI and computer vision to process campaign finance regulation documents drastically reduced staff workload within the Georgia state government in the US.[11]
- RegTech developed by firms like Chainanalysis and Elliptic trace cryptocurrency transactions to flag corruption in government agencies, recover stolen money, and stop scams like human trafficking, thus enabling the application of existing financial crimes regulations to newer technologies like blockchain.
- Algorithmic trading can be audited to improve explainability and limit risks of failure to ensure business continuity, which is especially important due to the speed, frequency, and volume of such automated transactions.
Table 1: Demand- and supply-side drivers set the stage for RegTech adoption
Demand | Supply |
Rulemaking increases in response to cataclysmic events like the 2008 recession or the COVID-19 pandemic. | There is a concerted effort to collect and standardise data on open data platforms. E.g., in 2019, France set up Etalab to organise public information across agencies. |
We have multinational corporations that cross industrial and geographic borders, but our rules remain restricted to jurisdictions. | The boom in cloud computing has provided on-demand and cost-efficient access to computing resources to manage and analyse data efficiently. |
Regulations are complex and require specialised knowledge for interpretation. This disadvantages smaller firms that require external assistance (e.g., legal) to comply. | Advanced technologies like AI, NLP, and machine learning that expedite the transition from natural language to digital rules have developed rapidly in recent years. |
Non-compliance fines are high, regardless of whether the behaviour was intentional or not. The General Data Protection Regulation stipulates fines of between 2-4 percent of a company’s global turnover.[12] | There is public sector interest in updating regulatory processes. In 2021, Singapore invested US$42 million to develop risk management and regulatory compliance solutions.[13] |
Regulators have scarce resources, time, and money compared to the firms that they regulate. In 2021, Amazon recorded nearly US$470 billion in net sales,[14] higher than the GDP of 184 countries, including Nigeria.[15] | The private sector continues to invest in technology, despite a slowdown last year. 2021 and 2022 were record years for venture capital funding, globally.[16] |
Future of RegTech: Artificial Intelligence
Regulatory and legal spaces have leveraged the recent surge in generative AI to summarise and translate legalese. Judges in Colombia have used it to help draft court opinions[17] and GPT-4 passed a simulated bar exam.[18]
The cost of digitising and indexing existing regulations has posed a significant barrier to RegTech adoption. Generative AI can mitigate this by automating the transition from legal text to structured, digital regulations.
Despite the promise, AI is faced with a major accuracy challenge. Large language models (LLMs), the foundation of most generative AI tools, are optimised to output convincing, human-like text, not necessarily to generate factual text. They tend to “hallucinate,” or produce seemingly accurate content, complete with false references.[19]
Solving these challenges can lead to the successful integration of generative AI to the legal and regulatory fields. For now, however, the rollout should be more measured. DoNotPay, for example, has claimed to use generative AI to develop a “robot lawyer,” but faces a pending legal challenge over concerns that it could be harming clients with inaccurate information and illegal legal practice.[20]
2. The G20’s Role
The G20 is uniquely poised to lead applications of technology in regulation, especially in finance. Its inception in 1999 as a forum for global economic and financial discussions in the aftermath of the Asian financial crisis[21] has since expanded its purview to include development issues. Its core mandate of maintaining macroeconomic stability remains the same. It also shines brightest here, as evidenced by the 2008-09 agreements to bolster the global economy. The current banking crisis presents an opportunity for the G20 to return to its roots, with a 21st century technology lens.
The G20 has an outsized impact on global affairs, accounting for 85 percent of the world’s GDP and housing two-thirds of its population.[22] Its recommendations have ripple effects. In September 2020, the UK enacted the Age Appropriate Design Code[23] to protect the privacy of children online. Two years later, the state of California, arguably the most important jurisdiction for the tech industry, followed with its own version of the code.[24] This influence is especially important given the diversity in regulatory and digital maturity among G20 members. Established economies like France sit beside emerging ones like Brazil. These countries have put in place a wide range of digitalisation efforts in the public sector, from Estonia’s leading digital public infrastructure to India’s “India Stack”, a set of digital resources that deliver digital identity, data, and financial services to millions of people.[25]
The G20 wields massive convening power as an international dealmaker. This is reinforced by this year’s theme of “One Earth, One Family, One Future.” Another multilateral organisation, the Organisation for Economic Cooperation and Development (OECD) recognised the benefits of the technology in its own 2020 white paper.[26] The OECD flexed its ability to convene when it struck a landmark digital tax deal in 2021, which was supported by all of its members and that of the G20.[27]
The G20 also has the technical and financial capacity to deliver on RegTech. G20 member countries are home to some of the largest and most innovative tech companies in the world. The G20 also consists of some of the largest markets for venture capital in the world, from the US and China to the UK, India, and Germany. Importantly, G20 members have already invested in and signalled support for RegTech. In 2020, the G20 organised a TechSprint to address three issues: regulatory reporting, monitoring and surveillance, and dynamic information sharing.[28] Now, it is time to build a RegTech ecosystem that capitalises on recent gains.
3. Recommendations to the G20
The G20 needs to continue modernising rules by enabling a global ecosystem around it. This will involve a three-fold strategy of individual national tests, international collaboration, and multilateral implementation (see Figure 1).
Figure 1: Proposed three-fold strategy of G20 towards a RegTech ecosystem
• Develop national pilots for RegTech
Investment (short-term): G20 countries need to demonstrate that they have skin in the game by funding pilots for RegTech in heavily regulated industries like finance. In 2020, Australia pledged over half a billion dollars to set up digital compliance measures in the wake of the pandemic.[29] Such funding should aim to crowd-in private sector investments to promote shared risk and reward structures.
Digital Strategy (long-term): G20 countries should continue to develop national digital strategies that incorporate RegTech to accelerate public service delivery. In August 2022, Germany released its new Digital Strategy focused on connection, innovation, and learning.[30] As countries set up or modify existing digital strategies, the G20 needs to align on a RegTech strategy.
RegTech Implementation
A country can implement RegTech through four steps:
- Build and maintain open digital copies of existing regulations to drive compliance by addressing access and application issues. Digital databases of existing regulations can reduce research effort and complexity for firms that are innovating in the RegTech space.
- Structure and index digital regulations to create machine-readable regulations using NLP, blockchain, and other tools. This is a cornerstone to automated RegTech and requires a fundamental restructuring of existing regulations with regulatory buy-in.
- Standardise digital regulations across markets to promote cross-market collaboration and alignment by using databases with standardised API interactions for users. This enables RegTech to work across regulatory markets, thereby reducing redundancy and improving efficiency.
- Build end-user applications on top of digital regulations to provide legal advisory services, auto-complete regulatory paperwork, and speed up information-gathering on compliance. E.g., tax compliance applications could exist for other regulations too.
Figure 2: RegTech Adoption Decision Tree
• Strengthen international collaboration on RegTech innovation
Knowledge-sharing (short-term): As an early adopter of RegTech, the G20 can serve as a model for economies that may lack resources or political will to digitalise in isolation. This will also capitalise on the technology’s network effects and benefits will accrue as more countries implement it. Coordination will improve efficiency, especially in a borderless digital economy. The G20’s Research and Innovation Initiative Gathering (RIIG) under the Sherpa track is the ideal forum to convene experts, share case studies, and strengthen collaboration on RegTech innovation.
Standards-setting (long-term): International technical standards underpin the development and deployment of global technologies like telecommunications. The G20 should support international standards organisations, like the International Organisation for Standardisation (ISO) and the International Telecommunication Union (ITU), to develop concrete international standards for RegTech to facilitate global interoperability. It can also establish itself as a leader to drive international cohesion, speed up the process for rules alignment, enable transparency and better leverage existing data, but not without interoperability.
• Ensure multilateral implementation of RegTech
Public commitment (short-term): The G20 should declare its support for modernising rules to hold itself accountable and as a signal to the private sector of potential procurement. The US declared and achieved its intention of digitising its entire offline Federal Register, which consisted of two million pages of rules between 1936-94.[31]
Data Gaps Initiative (long-term): The G20 should determine the data required to advance RegTech globally and where gaps exist. In 2009, the G20 established the Data Gaps Initiative (DGI)[32]. Every five- to six years, the DGI identifies 20 indicators for participating economies to collect and report on annually. These have evolved from traditional macroeconomic indicators like public sector debt to digital money accounts in the current phase III. The next phase should lay out the data (e.g., type, format) required for RegTech applications, like machine-readable rules to enhance interoperability among G20 countries.
RegTech Challenges
As with most policy recommendations, adopting RegTech comes with a set of challenges centred on increased technological reliance. G20 members can mitigate these through stakeholder engagement and the establishment of institutional frameworks (see Table 2).
Table 2: Challenges of RegTech Adoption and Proposed G20 Action
Challenge | G20 Action |
RegTech benefits from a shared framework across jurisdictions. | Obtain governmental buy-in by engaging with regulatory stakeholders. |
Digitisation costs money and the return on investment may not be readily apparent. | Enumerate the holistic benefits of RegTech (e.g., improved compliance) along with a timeframe to realise them. |
Algorithmic bias and flaws could cause additional concerns regarding security and privacy. | Incentivise developers to address social concerns and periodically test for unintended effects. |
Firms or governments may be dependent on legacy systems or may not have the competencies or will to shift. | Incentivise regulators and firms in heavily regulated industries (e.g., finance) to opt-in and create case studies to demonstrate value. |
Regulators may be unable to properly assign liability in case of algorithmic failure in regulation. | Develop a framework for liability and legal structures in automated decision-making. |
Digitalisation has impacted every sector, including the most traditional ones. We have witnessed how it enables agile public sector responses and efficient delivery mechanisms, from cash transfers to vaccinations. As we continue responding to new disruptive technologies like generative AI, it is time to bring this innovation to regulation. Digitally transforming our rules will level the playing field between regulators and the firms that they regulate, freeing up scarce regulatory resources to ensure better compliance.
Attribution: Rhea Subramanya and Pete Furlong, “Revolutionising Rulemaking: How Digitised Rules Can Accelerate Digital Transformation,” T20 Policy Brief, June 2023.
Endnotes
[a] eCFR is maintained by the National Archives and provides a digital snapshot of the US Code of Federal Regulations.
[b] Eur-Lex is maintained by the Publications Office of the European Union and includes digital versions of all EU legal documents, including legal acts, treaties and case law.
[c] Blawx, a Massachusetts Institute of Technology tool to modernise rulemaking is a significant example.
[1]. Adriana Morga, “Is My Money Safe? What You Need to Know about Bank Failures,” AP News, April 28, 2023.
[2]. Chris Yiu, “A New Deal for Big Tech: Next-Generation Regulation Fit for the Internet Age,” Tony Blair Institute for Global Change, November 1, 2018.
[3]. Ari Levy and MacKenzie Sigalos, “Crypto Peaked a Year Ago – Investors Have Lost More than $2 Trillion Since,” CNBC, November 11, 2022.
[4]. Mark Febrizio and Melinda Warren, “Regulators’ Budget: Overall Spending and Staffing Remain Stable,” Regulatory Studies Center, The George Washington University, July 2020.
[5]. LexisNexis Risk Solutions, “True Cost of Financial Crime Compliance Study,” American Bankers Association, September 2022.
[6]. Alan Smith and Laura Noonan, “Global Anti-Money Laundering Fines Surge 50%,” Financial Times, January 19, 2023.
[7]. Simon Jack and Tom Espiner, “UK Banking Rules in Biggest Shake-up in More than 30 Years,” BBC News, December 9, 2022.
[8]. IBM, “Regtech,” IBM, accessed March 23, 2023.
[9]. KPMG, “Pulse of Fintech H2’21,” KPMG, February 2022, accessed June 8, 2023.
[10]. Guido Governatori, Jeffery Barnes, John Zeleznikow, Louis de Koker, Marta Poblet, Mustafa Hashmi, and Pompeu Casanovas Romeu, “’Rules as Code’ Will Let Computers Apply Laws and Regulations. But over-Rigid Interpretations Would Undermine Our Freedoms,” The Conversation, November 25, 2020.
[11]. William D Eggers, Mike Turley, and Pankaj Kishnani, “The Regulator’s New Toolkit,” Deloitte Center for Government Insights, 2018.
[12]. “What Are the GDPR Fines?” GDPR.eu, February 13, 2019.
[13]. Monetary Authority of Singapore, “MAS Commits $42m to Spur Adoption of Technology Solutions for Risk Management and Regulatory Compliance,” Monetary Authority of Singapore, April 30, 2021.
[14]. “Amazon.com Announces Fourth Quarter Results,” Amazon.com, February 2, 2023.
[15]. “GDP (Current US$),” World Bank, accessed March 20, 2023.
[16]. Gené Teare, “Global Funding Slide in 2022 Sets Stage for Another Tough Year,” Crunchbase News, February 9, 2023.
[17]. Brittany Heller and Daniel Castaño, “Artificial Intelligence, Virtual Courts, and Real Harms,” Lawfare, March 14, 2023.
[18]. OpenAI, “GPT-4 Technical Report,” OpenAI, accessed March 16, 2023.
[19]. Craig S Smith, “CHATGPT’s Hallucinations Could Keep It from Succeeding,” IEEE Spectrum, March 15, 2023.
[20]. Mike Masnick, “Can a Robot Lawyer Defend Itself against Class Action Lawsuit for Unauthorized Practice of Law,” Techdirt, March 13, 2023.
[21]. “About G20,” G20, accessed March 14, 2023.
[22]. G20, “About G20.”
[23]. “Age Appropriate Design: a Code of Practice for Online Services,” ICO, accessed March 14, 2023.
[24]. “Status,” Bill Status – AB-2273 The California Age-Appropriate Design Code Act, September 9, 2022.
[25]. “India Stack”, India Stack, accessed March 16, 2023.
[26]. James Mohun and Alex Roberts, “Cracking the Code: Rulemaking for Humans and Machines,” OECD iLibrary, October 12, 2020.
[27]. “International Community Strikes a Ground-Breaking Tax Deal for the Digital Age,” OECD, October 8, 2021.
[28]. “G20 TechSprint 2020,” The Bank for International Settlements, April 29, 2020.
[29]. Byron Kaye, “Australia Pledges $566 Million in Push for Digital Business Compliance,” Thomson Reuters, September 28, 2020.
[30]. “The Federal Government’s New Digital Strategy,” German Federal Foreign Office, September 13, 2022.
[31]. “GPO Completes Digitizing All Issues of the Federal Register,” GPO, acessed March 28, 2023.
[32]. “G20 Data Gaps Initiative,” IMF, December 1, 2021.