If you are working in the field of compliance, you know how grueling the compliance process can be. Rules need to be decided, written, communicated to employees and third parties, who need to be trained on such rules. Then, the company needs to find out if the rules have been breached and sanction those who breached them. This is how law works in general, so the various phases of the process are not surprising. It is also a largely imperfect method, which can become overly complicated in companies where internal rules are pervasive and complex.
Wouldn’t it be wonderful if the whole process could be governed by digital means? And I am not talking about placing all your compliance material in one big digital repository (something obviously useful, but not inherently changing the nature of the process). Imagine a company built on the principle of compliance-by-design, where the behavior of employees is limited by external tools that simply do not allow non-compliant conducts. (For example, if you place digital limits on banking payments, you will not need to convince employees that they cannot exceed certain payment limits, since the digital code would directly enforce such payment thresholds and the only way to circumvent them would be to hacker the banking program.)
Certain Scholars have seen in blockchains an opportunity for compliance programs and organizational models pursuant to legislative decree 231/2001. Under 231 Italian legislation an entity is punished for not having set up sufficient organizational measures to prevent the commission of a certain crime: in theory, a digital prevention system may be an ideal tool to prevent crime commission with the utmost diligence. If you look for automated solutions online, you will find heaps of offers that promise that compliance will be made easy: the RegTech phenomenon is already well established and generating huge revenues.
I am generally a fan of innovative solutions, but I question how much effort is required in translating compliance information into digital rules. As anyone who deals with artificial intelligence may confirm, the process is generally neither quick nor cheap.
I also wonder whether the field of compliance, based on ethical principles, and therefore inherently human centric, can benefit from a full digitalization. Some have warned against the risk of “brutalization of a workplace relations” and worry that digital compliance systems “imitate predictive policing”.
Compliance requires sophisticated human judgment, and 0/1 binary codes are not always appropriate to automate complex decisions on human interactions based on ethical principles.