Regulatory technology is reshaping businesses and fuelling a new type of surveillance capitalism in order to track employees’ every move.
In this podcast episode, Ivanka Visnjic, Director of the Institute for Innovation and Knowledge Management, and Stefan Haefliger, Professor and Associate Dean for People and Culture at Cass Business School, unravel how regulatory technology is reshaping the banking sector and promoting surveillance mechanisms to keep tabs on everything their employees do.
A word of warning for managers and employee privacy: these regulatory technologies and surveillance mechanisms could be a phenomenon that spreads to industries beyond the banking sector.
Ivanka Visnjic: Joining us today is Stefan Haefliger from Cass Business School, City University of London. Stefan, thank you very much for being here and sharing your perspective on how regulatory technology influences business strategy. Can you tell us about your research in this subject? What do you believe are the most important questions executives should be asking about this topic?
Stefan Haefliger: Thanks, Ivanka, for having me. We have been working with global investment banks to look into how they weathered the perfect storm for regulatory changes that came on the heels of the global financial crisis. Such a storm meant that global institutions had to face dozens, if not over a hundred different regulators that produced legal text implying what they’re allowed and not allowed to do on a weekly basis.
This massive onslaught of regulations has led major banks to hire hundreds of IT engineers to design systems, plus other staff to negotiate and interpret these regulations – a very challenging situation.
Ivanka Visnjic: I can imagine. One would think that this type of regulation, particularly in this context, would happen on a quarterly basis or so, but now it almost seems to be happening in real time.
Stefan Haefliger: It's a constant challenge and it's sort of a perfect storm. The interesting new observation that we can see in banks is their use of information technology. These have always been industries that were heavily regulated. What we can uniquely observe in global investment banks is how they build their information systems to deal with these rules and how in turn these impact the traders’ daily work – basically their every move: from entering the office to logging into their system, texting, making phone calls, sending emails...
Everything is being logged. It's all being analysed by machine learning and advanced analytic tools to find, so to speak, the needle in the haystack for preventing the next rogue trader or malpractice. The goal is to prevent what has become a major problem for the public image of the banking industry.
Ivanka Visnjic: What is the secret ingredient here? How do banks in this context adapt to this new reality?
Stefan Haefliger: What we have found is that banks have had to build an entirely new compliance function, which we liken it to a sort of silicon cage, a structure that is separate from other business units and reports directly to the global executive boards.
This new function has strategic importance because it's involved in revenue generation and actively co-deciding which markets the bank can be active in, what products are becoming more or less profitable to be active in... So these decisions are strategic and fundamental and they're not so removed from the traditional compliance officer that sits on the trading floor giving out advice.
Compliance officers used to be an afterthought in many banks and now they've become relevant players in strategic decisions
Ivanka Visnjic: Does that mean that the power dynamics have shifted in favour of compliance officers? What kind of profiles do you get for this function?
Stefan Haefliger: Absolutely, the power structure has dramatically shifted. Before the global financial crisis, compliance officers used to be an afterthought in many banks and now they've become relevant players in strategic decisions.
People move into the compliance function from trading, which was unheard-of before the financial crisis. The type of decisions being made are fundamental to what the business is doing. The competencies needed in compliance functions are often related to information technology, such as what type of systems need to be developed, maintained and deployed to create first and second line regulatory technologies.
We distinguish between compliance right on the trading floor. And the second line is a layer of regulatory technology aimed at controlling and surveying the individual activity of employees, and that's the strategic change.
Ivanka Visnjic: It sounds like a lot of control and surveillance introduced in the daily running of the business. Do you see this moving from banking to other industries or is this a very isolated phenomenon?
Stefan Haefliger: That's the big question. I think the main indication, as far as our research is concerned, is that particularly in banking, management is heavily involved in making these decisions, and on a daily basis. For instance, knowing which one of these dozens of external regulators’ laws are relevant, or knowing at which point in time the deadlines are, so as to be compliant, and so on. Sometimes deadlines are very tight, which means it becomes very difficult to be compliant.
The stakes have gone up dramatically. Banks are facing massive fines. If they're just in the hundreds of millions, they're hardly being reported, which was unprecedented. Individual accountability has gone up and it is now possible to find individuals within banks that have displayed some kind of non-compliant behaviour. All this is made possible by information technology, which is now widely available. So other industries could adopt this system...
Ivanka Visnjic: What is the likelihood of that happening?
Stefan Haefliger: If you're a manager in a food processing company, if you're managing pharma, if you're anywhere in healthcare... Probably all these industries and many more, including transportation and so on, are liable to large regulatory texts and attempts by the government to regulate these businesses. These types of regulations can now reach into the organisation and influence the practice of the individual employee directly. We have not seen this to that extent before and this is something that management needs to decide upon very carefully: what and how to implement these rules.
The public debate is calling for the need for transparency around these surveillance tools
Ivanka Visnjic: While I like the idea that we won't have many rogue traders or bankers acting irresponsibly, I have to say that I'm also somewhat concerned about the alternative Minority Report-esque scenario where every employee is under surveillance and constantly controlled. Not just because it creates a very different work atmosphere and the impact it has on personal freedom, but also with respect to how this will affect innovation and the ability to experiment. If you standardise and control everything, what kind of business society are we building? I was wondering what your position is on this dilemma.
Stefan Haefliger: I completely agree with your view that there is a dilemma. For us in research, we focus primarily on the managerial role, but looking at the bigger picture, it is fundamental to reflect on what managers can do, because the public debate is calling for the need for transparency around these surveillance tools.
Managers also have to understand what these surveillance tools can do because remember, data is cumulative. The way you conduct yourself is not just seen right now, but it builds up, which means the entire history of everything you have done will at some point be easily available for scrutiny. There are lots of ethical questions around how we gather data. That's true for society and for consumer behaviour, and companies that gather consumer data.
The entire history of everything you have done will at some point be easily available for scrutiny
But I think here and related to our research, it's relevant for managers making decisions to ask themselves these questions: What kind of data are you collecting about your employees? What type of behaviour sanctioning are you considering? Are you giving room for experimentation? Or are you actually clamping down on every step of the way in order to have everything controlled and logged into retrospect? These are huge questions that managers need to think carefully about when they adopt these types of regulatory technologies.
Ivanka Visnjic: I think one of the things that's interesting and concerning about this phenomenon is that it has an impact on different layers and actors in society. I see that academia, businesses and policymakers should be part of this conversation, but who should be leading it? Who should be the one that stands up and says more research should be done and more light should be shed on these questions?
Stefan Haefliger: I believe managers play a crucial role here because companies are often the pioneers in testing something. Entrepreneurs see an opportunity for business, so they jump in, they rush ahead and experiment. And oftentimes this can take many different forms that will later be criticised.
So I think managers have a critical role to play here in how to use these technologies. They need to be sensible and make a business case. They need to see the bigger picture of who these technologies are affecting and what external costs may be incurred by introducing a system that is violating individual freedoms or stifling innovation, or just making an organisation a less fun place to work at.
Ivanka Visnjic: That sounds like something to be added to our business schools’ syllabus as well, I suppose.
Stefan Haefliger: I believe regulation and control and the way technology is used to monitor people is a hugely important topic that the Strategy and Information Systems class will have to touch upon.
Ivanka Visnjic: Thank you very much, Stefan.
Join the Do Better community
Become a member and enjoy our free benefits. Get recommendations, receive personalised content in your inbox and save your favourite articles to read later.