Technology is changing the world where we live and work with incredible speed.

Innovation and disruption, however, while welcomed by many, is not without unique hazards, especially for regulators who increasingly find themselves at risk of falling hopelessly off pace or derelict with their responsibilities.

That conundrum is the topic of a new Deloitte report on the future of regulation. “The Regulator’s New Toolkit: Technologies and Tactics for Tomorrow’s Regulator” focuses on how regulators can leverage new technologies and business tools to increase their efficiency and effectiveness while reducing business compliance costs in the process.

Regulators find themselves allocating increasing amounts of staff time and funding to understanding the business dynamics and regulatory implications of new markets and industries, the report says. At the same time, they face a host of traditional challenges: identifying “bad actors,” monitoring compliance, and speeding up regulatory processes to better serve and protect the public.

The good news, according to Deloitte: “While emerging technologies and new business models can pose challenges for regulators, they also present opportunities.”

Breaking out of silos

To adapt to evolving trends, regulators need to change their longstanding mindset, breaking out of traditional “silos.”

Mike Turley, Deloitte’s global public sector leader, recalls a recent conversation with his colleagues that illustrated the challenge. “One of them, from our automotive business, was saying that driverless cars and autonomous vehicles were all about the automotive sector,” he said. “Then, one of my colleagues in the tech sector said, ‘Well, actually, it’s all about technology; it’s all about data, platforms, and interoperability.’ I said, ‘It’s all about governments, because they will regulate all this.’ ”

The conversation, he said, parroted debates regulators are having and “highlighted the fact that there’s no systemic dialogue between different sectors and the regulators.”

Also consider Uber’s phenomenal growth, Turley suggested. In London alone, the service boasts 40,000 drivers; 65,000 serve New York City. “That is a hundred thousand drivers, in two cities, in a relatively short period of time,” he said. “These companies scale so fast. How do you regulate that?”

Uber, Turley said, also illustrates the jurisdictional blurring regulators face. Is it a technology platform that connects users with drivers? Is it a car-sharing platform? Is it a cab? Is it a restaurant business, because it delivers food?

All of those are regulated in different ways,” he says.

Overworked and understaffed

A common problem faced by regulators throughout the world is that they lack needed resources.

The U.S. Patent and Trademark Office, in an example cited by the report, had 526,579 patent applications pending at the end of 2017, potentially harming fledgling businesses by hampering their ability to attract funding and sell products. An internal study concluded that each year of delay in reviewing initial patent applications that ultimately receive approval reduces a company’s employment and sales growth by 21 percent and 28 percent, respectively, over five years.

“We did some work on the federal code of regulation in the U.S. The average time between updates was going on 20 years,” Turley says. “In a world that is changing rapidly, it is hard to see how you can have that ‘regulate and forget’ approach. You need to think about regulation more like we do with software. You have upgrades, and it becomes live and adaptable.”

Technology tools to the rescue

Among the tools becoming business mainstays that can also offer regulators new efficiencies are: artificial intelligence-based technologies, including machine learning, image recognition, speech recognition, natural language processing, and robotics.

The fundamental step in any effort to modernize regulation and reduce administrative burdens is a review of existing regulations, looking for those that are outdated, duplicative, or blocking innovation.

Deloitte’s Center for Government Insights used text mining and machine learning to parse through more than 217,000 sections of the 2017 U.S. Code of Federal Regulations. It found nearly 18,000 sections containing text that was extremely similar to passages in other sections. A regulator could similarly use text mining to analyze previous regulations for duplicative, overlapping, or unused rules that should be discarded.

“The use of sandboxes can actually help you understand what it is you’re going to regulate, rather than try and regulate before you understand it. You need a way in which you can test this, understand the implications, and understand how people are going to use it; then you can regulate in a way that looks at outcomes rather than just inputs.”

Mike Turley, Global Public Sector Leader, Deloitte

AI can also augment regulators’ decision making by parsing through masses of forms and data.

Many regulatory agencies already use data analytics and AI to identify fraud, the report notes. The Securities and Exchange Commission uses machine learning to identify patterns in the text of public company filings. These patterns are compared to past examination outcomes to, for example, uncover red flags in investment manager filings.

SEC staff, according to Deloitte, says that these techniques are five times more effective than random selection at finding language that merits referral to enforcement.

Crowdsourcing is another modern phenomenon that may help regulators “tap into their constituents’ collective intelligence and use it to regulate more effectively,” the report says.

In the United Kingdom, for example, a Red Tape Challenge program asked citizens to suggest ways to simplify existing regulations.

Given the complexity —and frequent unpredictability —of new technology, companies and regulators alike are turning to “sandboxes,” controlled environments where innovators can test products and applications.

The report notes that the Canadian Securities Administrators maintains a sandbox that provides time-limited relaxation from certain regulatory requirements placed on startups. In the United Kingdom, the Financial Conduct Authority, in collaboration with 11 other financial regulators, has created a global FinTech sandbox.

“The use of sandboxes can actually help you understand what it is you’re going to regulate, rather than try and regulate before you understand it,” Turley says. “You need a way in which you can test this, understand the implications, and understand how people are going to use it; then you can regulate in a way that looks at outcomes rather than just inputs.”

Another tool, robotic process automation (RPA), can include software that mimics the steps humans would take to complete various tasks such as filling out forms, transferring data between spreadsheets, or accessing multiple databases.

Based on an analysis of the U.S. federal government workforce, Deloitte estimates that automating manual tasks through techniques such as RPA could free up millions—as many as 60 million hours a year in regulatory staff-hours.

Government entities have also started to use RPA to sift through large data backlogs and take appropriate action, leaving more difficult cases to human experts. The Food and Drug Administration’s Center for Drug Evaluation and Research (CDER), for example, uses RPA in its application intake process.

When CDER automated a part of the drug application intake process, it was able to slash processing time for applications by 93 percent, eliminate 5,200 hours of manual labor, and save $500,000 annually, the report says.

As for “big data,” Deloitte concluded that “most regulatory data collection today is being done with little or no standards.”

“Regulators need to develop common standards to collect and store data to improve rulemaking and oversight,” the report says. Advanced text and data analytics can then “help regulatory agencies make sense out of massive amounts of data, predict trends, and identify potential risks in ways that were not previously practical through manual analysis.”

These new and emerging tools, the report adds, can also be particularly useful in helping regulatory agencies find redundant, outdated, and overlapping regulations. 

“They can also be used to analyze data about their interactions with businesses, drawing on internal and external sources such as survey data, call center and issue-tracking systems, help desk complaints, social media scans, and Web scans,” it says.

Blockchain—the distributed, encrypted digital transaction ledger at the core of Bitcoin—could be useful for agencies dealing with high volumes of sensitive records. For example, a central bank could deploy it for interbank settlements or cross-border transactions.

“In the new world, most data is outside the organization, rather than inside,” Turley says of data collection, offering an example of how strategies are evolving. “If you want to look at food hygiene regulation, the best information you can get might be off social media, including Facebook posts or Twitter tweets from people who’ve got food poisoning. You use that to supplement your internal processes … That’s part of how to use big data to do regulation better.”

“Another piece is how you shift to self-regulation in some cases,” Turley added. “How do you use the algorithms that have been developed for many processes to give you a better risk-based approach to how you apply the regulation? How do you then develop your inspection regimes in a way that moves from what some organizations have called ‘officer intuition’ to intelligence-based inspections?”

All well and good, perhaps, but can you trust these alternative sources of data?

“That’s why you have to use some of the artificial intelligence processes to weed out patterns,” Turley says. “You need to build a picture based on a richer set of data, rather than just skewing it entirely to one set of potentially rogue reports. You build from multiple sources and then use machine learning [to determine patterns], rather than having humans poring over it.”

Navigating public comments

As part of their rulemaking processes, and the Administrative Procedures Act, government agencies must allow the public to comment on proposed regulations. That important process is another pain point for regulators.

“Each year, millions of people comment on pending rules and regulations, and agencies must find what is relevant in such comments,” the report says. “But as technology is advancing, individuals and organizations are increasingly using bots to post ‘fake’ comments to amplify their positions.”

It is estimated that “bots” were responsible for more than a million of the 22 million comments the Federal Communications Commission (FCC) received on its call to consider repealing Obama-era net neutrality protections.

The FCC, Deloitte says, is using analytics and AI to identify and combat such activity. The agency contracted with FiscalNote, a government relationship management company, to analyze all 22 million net neutrality comments, using natural language processing techniques to cluster them into groups and identify similarities in structure and word usage. The analysts discovered hundreds of thousands of comments with identical sentence and paragraph structure.

Analytics and AI can also be used to assess the relevance and sophistication of each comment.

“This calculation may draw on a number of factors, including comment length; the number of attachments submitted with the comment; and the complexity (or coarseness) of the language,” the report notes. The FCC is also developing a tool that would score each comment it receives for its “probable substantive value,” in other words, how likely it is that the agency should consider the comment.

“Regulators are well-positioned to build such tools, because they often have historical information to validate the variables used to flag comments worth further consideration,” the report says. “Agencies will have records from past rulemaking processes in which certain comments were tagged as warranting a substantive response. These records can be used to build supervised machine-learning algorithms.”

Reaching out to disruptors

A key challenge for regulators is how to create and foster a more constructive dialogue with business disruptors.

“Startups that disrupt established industries, whether taxicabs, hotels, or banking, often enter markets with entirely new business models—and typically without asking for permission from government,” the report says. “The lack of dialogue between innovators and regulators often causes friction and can lead to restrictions or outright prohibitions that may not be in the public interest.”

“I would like to see more of a more constructive dialogue between disruptors and regulators,” Turley says. “Some of the early disruptors sort of said, ‘Come after us if you can,’ which is not a particularly helpful way of looking at things.”

“That continuing and evolving process will be one that separates the most successful disruptors and the most successful regulators,” he says.