Is IT regulation in the DARQ?
As distributed ledger technologies, AI, extended reality and quantum computing expand, how will we regulate these technologies?
This article originally appeared in May's edition of IT Pro 20/20, available here. To sign up to receive each new issue in your inbox, click here.
While the world grapples with the fallout of the COVID-19 coronavirus pandemic and the shift to mass remote working – also dubbed the ‘distributed workplace’ – other trends are bubbling under the surface. The growing use of artificial intelligence (AI) in businesses of all stripes is no secret, but there are another three technologies – distributed ledger, extended reality, and quantum computing – that are becoming increasingly influential as well.
While SMAC – Social, Mobile, Analytics, and Cloud – has already changed the relationships service providers have with their customers over the course of recent years, DARQ, as these newer technologies are collectively known, looks set to become even more transformative.
With all these technologies, and AI in particular, becoming mainstream, do we need a new form of regulation to ensure DARQ technologies are used legally, fairly and ethically?
“The digital change is not wafting like a gentle summer breeze over the beaches of Malta,” says Felix Hufeld, president of the Federal Financial Supervisory Authority. “It’s sweeping over the industry like a storm and is shaking up business models, companies and even entire markets.”
Regulators have already seen the rapid growth of FinTech, with new companies innovating outside of traditional banking and financial services. This has raised concerns that their regulatory regimes won’t be able to keep up with the pace of development.
Here, some form of automation could deliver a regulatory environment fit for a world dominated by DARQ technologies. A late-2019 survey carried out by the Bank of England and Financial Conduct Authority found 57% of regulated services use AI for risk management and compliance.
Susannah Hammond, senior regulatory intelligence expert at Thomson Reuters, tells IT Pro: “Traditionally, regulators [of financial services and data protection technologies] have sought to be technology-neutral when it comes to their rules and requirements, and have focused on the outcomes of the use of any technologies.
“The emphasis is on senior managers understanding the new technologies, their limitations, any new risks which may arise (e.g. bias in machine learning, etc.) and the checks and balances to ensure that the technology is, in practice, working as intended. Equally, there is a focus on the resilience of IT infrastructures both in terms of ensuring good customer outcomes and cyber hygiene.”
Go digital to meet today’s critical compliance and security requirements
Digital transformation helps companies meet critical compliance and security requirementsDownload now
DARQ offers businesses the tools they need to develop new personalised experiences for their customers. Each element of DARQ will independently usher in new opportunities and ways of working, but it's the convergence of these technologies that really drives innovation – what Accenture called the “reimagining of entire industries.” Indeed, according to Accenture 89% of businesses are already experimenting with one or more DARQ technologies. For example, Volkswagen is using quantum computers to develop intelligent traffic guidance systems.
Using AI as a component of service automation for instance, opens up questions of accuracy and accountability. At the moment, the focus is on financial services as they expand and accelerate their use of technologies such as machine learning and biometric identification to combat fraud. When other DARQ technologies are added to the mix, this heady cocktail of data becomes difficult to police. Here, RegTech (Regulation Technology) could offer a solution.
Technology to police technology
The RegTech industry is expanding. According to KPMG, RegTech’s predicted share of all regulatory spending by 2022 will reach 34%, with the management consultancy defining RegTech 3.0 as a move from ‘know your customer’ to ‘know your data.’ This shift is critical to understand as all of the DARQ technologies are developing to create highly personalised services – all of which will need a degree of regulation.
The initial focus has been on how technologies such as AI are being applied to financial services and the businesses that supply them. RegTech, though, is expected to increase in importance as regulators realise they need new platforms to ensure DARQ technologies remain compliant.
“With regards to AI or quantum, regulations will be crucial for the wider adoption of these technologies as they will provide protection to consumers. This will allow the public to trust that they can safely rely upon these services,” explains Benoît Sauvage, director of regulatory strategy at Deloitte.
“The main issue is that regulations do not yet fully comprehend these technologies. For instance, for AI, it is expected that regulations demand to explain the algorithms and show how results can be ‘overridden’ or stopped. For quantum there might be a need to adapt cybersecurity rules and data protection rules,” he adds.
Businesses and regulators alike are considering how automated systems could help them keep pace with the technological change that will only accelerate when DARQ is considered.
Removing human compliance officers from the decision-making processes is risky, as many of the DARQ technologies are often a black box. RegTech will evolve and become an essential tool. Compliance officers will have little choice than to use these systems if they are to understand the avalanche of regulation that DARQ will attract and how these regulations impact their businesses.
Brave new worlds
Businesses are striving to implement more automation and DARQ will help them achieve those goals. However, these technologies can seem opaque to the uninitiated and how machine language systems arrive at a conclusion must be explainable. Here, ensuring bias isn’t present in the system is vital and must contain some form of oversight.
However, as François-Kim Hugé, a partner at Deloitte tells IT Pro, it’s important not to forget the importance of human input.
“The advent of RegTech does not mean the end of the compliance officer,” Hugé explains. “We are still far from a global compliance solution that can anticipate, understand, interpret and implement the ongoing avalanche of regulations impacting all businesses. This means the profile of compliance officers will need to adjust to this new digital reality where new solutions and new ways of working are created daily.”
All of the DARQ technologies are on an accelerating upward trajectory, although not all of them will develop at the same pace. Already we see the first widespread applications of AI – particularly machine learning – whereas other components of the DARQ collective, such as quantum computing, are still in their infancy.
As such, regulators will move forward with defining the compliance regime DARQ must be used within as each component becomes more mainstream and begins to impact consumers.
For businesses, while most recognise the massive impact SMAC has had, they may not be aware of DARQ or know that its impact could be even more disruptive. Once they wake up to this reality, their development roadmap should come into focus as soon as possible and they can start taking their first steps in using these technologies.
Regulators will, as always, be watching and RegTech could deliver a helpful dose of automated compliance. But that doesn’t mean it’s time to say goodbye to your human compliance officers – they will have a vital role to play as we start to more confidently explore the DARQ.
ZTNA vs on-premises VPN
How ZTNA wins the network security gameFree Download
The global use of collaboration solutions in hybrid working environments
How companies manage security risksFree Download
How to build a cyber-resilient business ready to innovate and thrive
Outperform your peers in your successful business outcomesFree Download
Accelerating your IT transformation
How Cloudflare is innovating for CIOs to start 2023Watch now