Supported Browser
  • About Us
  • Subscribe
  • Contact us
Strategy - BLOG

Don’t Reinvent the Regulatory Wheel

Annet Aris, INSEAD Adjunct Professor of Strategy |

How internet companies under siege can learn from the finance industry.

The Cambridge Analytica scandal had at least one good outcome: It finally woke us up. For years, experts, politicians and the media warned us about the risks of the rapid digitisation of society, but most of us didn’t seem to care that much. It’s not entirely clear why this scandal in particular was the straw that broke the camel’s back, especially since the data were harvested and put to use some time ago. But the era in which Facebook and other internet companies had almost unlimited freedom seems to be over.

Up to 87 million Facebook users had their data exposed to Cambridge Analytica, which used it for the political gain of its paying customers. Facebook had sealed the breach that allowed the data firm to plunder information about the friend networks of quiz takers years before the scandal erupted, yet Facebook founder Mark Zuckerberg continues to find himself in front of government bodies – the United States Senate and the European Parliament, for example – apologising and promising more transparency.

Facebook isn’t the only one in the hot seat; other internet companies are also adjusting their policies. Up until recently, they were able to convince governments to leave them alone by highlighting the importance of innovation and the general utility of their services to citizens in general and SMEs in particular. Internet companies’ public policy departments were focused mainly on preventing them from being subject to regulation.

Now these times seem to be over and the tech firms face a new challenge: What is the best way to shape regulation? Is it possible for tech companies to take effective and credible measures through self-regulation or is external oversight preferable? It’s clear that the digital ecosystem is still in its infancy. For too long, an idealistic virtual worldview prevailed: Individuals use their online freedom altruistically and companies will resist any perverse incentives that may encourage them to manipulate their customers in order to maximise profits. However, natural reciprocal corrective mechanisms such as ratings, which at first appeared to be stronger online than in the physical world, were ultimately not effective enough.

Limited choices

Now that internet companies are facing increased scrutiny, they must react quickly. The genie is finally out of the bottle and many politicians are eager to take decisive action. Tech companies have two options. One is to keep trying to stall the process of regulation, fighting tooth and nail against every new law. The other is to follow the adage ‘the best defence is a good offence’. In this case, they could look at the industry with the most regulatory experience, namely the financial sector, and translate the hard lessons it has learned by trial and error to the digital world. This should not be too challenging, because both industries ultimately revolve around transparent data management and cash flows.

I can speak from my own experience in The Netherlands as a supervisory board member of a financial institution. Though I’m often exasperated by the extreme regulatory burden, I must concede that it has resulted in a high degree of transparency about the data we use, where it is being sourced and who is using it... Regulations also ensure transparency about the calculation models and assumptions used as the basis for financial products, prices and reporting. Even the way in which the institutions communicate with customers is subject to constant critical review.

Financial firms are set up with extensive checks and balances, such as the 'three lines of defence' model. Regulators focus on an open and transparent culture and there are strict requirements for the professional qualifications of customer advisors as well as board members. Introducing all this was not easy. It has been, and remains, a laborious and intensive process to get and keep our proverbial house in order, but it has led to major improvements for our customers.

If you can’t beat ‘em…

Given its organisational agility, the tech industry can adopt many of the measures taken in the financial industry without too many alterations. In fact, the industry can probably implement these measures more quickly and effectively than banks or insurance companies. Therefore, rather than recruiting more lobbyists to avoid regulation, the most productive idea might be to bring in executives from the financial sector who have already dealt with the onset of regulations successfully. In the short term, the going may be tough, but in the long term, it’s probably the only way to avoid winding up on a very short leash with external regulators in control.

Annet Aris is an Adjunct Professor of Strategy at INSEAD. She is also a board member of Thomas Cook PLC in London, ASML Holding N.V. in Veldhoven, ProSiebenSat.1 Media SE in Munich, ASR Nederland N.V. in Utrecht and Jungheinrich AG in Hamburg.

Annet was named one of the 50 most inspirational women in the European technology sector for 2016 by Inspiring Fifty. Marking her position as an important role model, she is a permanent member of the Inspiring Fifty: Europe Hall of Fame.

Follow INSEAD Knowledge on Twitter and Facebook.

Add a comment Already a member?
We welcome your comments and encourage lively debate. However, to ensure the quality of discussion, our moderators reserve the right not to publish personal attacks, abusive comments or overly promotional content. You can view our Terms & Conditions
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Your Privacy

INSEAD takes your privacy very seriously. For this reason, we inform you that the data collected via the form above is processed electronically for the purpose(s) specified in this form and will not be used outside this framework. In accordance with the Data Protection Act of 6 January 1978 amended by the GDPR, you are granted statutory rights of access, modification, update, deletion and limitation of treatment of your personal data. You may exercise these rights at any time by writing or sending an email to INSEAD at insead.knowledge@insead.edu. You have the right, on legitimate grounds, to object to the collection and processing of your personal information. For more information, please see our privacy policy.