Appropriating Business Information Technology for Co-Regulatory Purposes

Regulators are increasingly considering the risks of emerging information technologies and the need for regulation. However, regulators should also consider the role these new technologies play in mediating the relationship between regulators and regulated entities and the opportunities they pose for new forms of co-regulation. In regulatory contexts ranging from finance, industrial relations and agriculture, regulated entities are increasingly adopting information technology to support their compliance activities. Historically, the use of information technology for business activities functioned under a buy-install-forget model where the technology provider had very little influence over how the end-user was utilising the technology, and compliance functionality was minimal. However, the rise of software-as-a-service, where software providers deliver ongoing support and updates via a subscription model for end-users, has given rise to a new role for information technology in compliance. This shift, where the information technology provides greater compliance functionality (e.g., interpretations of regulations coded into the software), introduces a third party into the regulatory relationships. If regulators are willing to accept private technology providers into the regulatory community, there are opportunities for new forms of co-regulation. For example, behavioural nudges could be built directly into business software to support compliance. There's also an increasing interest in regulations being written in computer code to allow business software to automate compliance activities. However, regulators must consider the risks of non-compliance being facilitated by information technology and who is accountable. Even without regulator acceptance, these technologies are already widespread and must be managed appropriately by the regulator.