AI & Technology in Public Speaking

The future of regulation | Deloitte Insights

July 1, 2025
51 8 minutes read
The future of regulation | Deloitte Insights
4538 banner 11200 x 627.jpeg

Concept in practice: The UK Financial Conduct Authority’s regulatory sandbox

The United Kingdom has been a pioneer in the use of accelerators and sandboxes as part of the regulatory process. Its Financial Conduct Authority (FCA), as part of its broader Project Innovate, launched the first fintech regulatory sandbox in June 2016. This sandbox allows businesses to test innovative products and services in a safe, live environment, with the appropriate consumer safeguards, and, when appropriate, is exempt from some regulatory environments.62 After its first year of operation, 90 percent of firms that completed testing in its first cohort were continuing toward a wider market launch, and more than 40 percent received investment during or following their sandbox tests.

The FCA released a report on what it learned from its first year. Some key lessons include:

  • Reduced time to market. Access to the regulatory expertise the sandbox offers reduced the time and cost of getting innovative ideas to market.
  • Facilitated investor funding. The feedback received from participating firms indicated that investors can be reluctant to work with companies not yet authorized by the FCA due to regulatory uncertainty.
  • Product and market testing. Many firms in the sandbox used the platform to assess the consumer traction and viability of their business models. Testing in the live environment helped businesses understand consumers’ reception to new pricing strategies or new technologies. This enabled them to constantly iterate on the business model.63
  • Testing viability of the underlying technology. The FCA conducted technology and cybersecurity reviews of the firms when setting up the sandboxes. This allowed the firms to test the viability of their underlying technology and build in appropriate measures to minimize cyber risk.64
  • Better consumer safeguards. Working closely with the FCA encouraged fintech startups to develop business models that mitigated risks for consumers. For example, all firms testing the use of digital currency for payment transfers were required to guarantee the funds being transferred and pay full refunds if they were lost in transfer.65
  • Reduced challenges in data sharing. For a few firms, their business model relied on obtaining users’ transactional data on loans, credit cards, current accounts, and pension balances from other financial institutions. Without a formal mechanism for data sharing in place, it was difficult for such firms to directly approach institutions.

3. Outcome-based regulation

Focus on results and performance rather than form

Traditionally, regulations have tended to be prescriptive and focused on inputs. When the focus of regulation shifts from inputs to outcomes, the way government intervenes in markets changes. This shift can create operational efficiencies for regulators and greater freedom for innovators.

Outcome-based regulation specifies required outcomes or objectives rather than defining the way in which they must be achieved. This model of regulation offers businesses and individuals more freedom to choose their way of complying with the law.

Prioritizing performance and outcomes enables governments to develop regulations (or other, softer mechanisms such as guidelines) that focus on the positive effects regulators are looking to encourage (or the negative effects they’re looking to prevent). Consider three different ways of structuring UAS regulations:

  • You must have a license to fly a drone with more than xx kilowatts of power (input—not very helpful).
  • You cannot fly a drone higher than 400 feet, or anywhere in a controlled airspace (output—better).
  • You cannot fly a vehicle in a way that endangers human life (outcome—best; addresses the impact or effect it has).

Often, emerging technologies’ real potential can be harnessed only when they are meshed together, such as using blockchain to secure data generated by autonomous vehicles, or using a combination of machine learning and natural language processing to prescribe medication via a chatbot. For such connections to happen, innovators need room to innovate. Outcome-based regulation can provide the leeway needed to experiment.

Concept in practice: Australia’s guidelines for autonomous vehicles

Australia has developed performance-based guidelines for autonomous vehicles. “Guidelines are preferable to legislation as they allow the flexibility to be quickly amended and updated, if required,” states a policy paper by Australia’s National Transport Commission (NTC). The paper goes on to say that regulations for automated vehicles should be “proportionate, performance-based, and regularly reviewed.”66

Paul Retter, NTC chief executive, believes multiple issues should be addressed before making autonomous vehicle a reality on the road. “Our focus is on ensuring the regulatory system remains flexible enough to accommodate evolving technologies as they come to market while always prioritizing public safety,” says Retter.

Industry stakeholders also are evaluating performance-based standards. The Australian Automobile Association suggests that standards for automated vehicles should be performance-based and technology-agnostic, and that the responsible parties and processes for certifying vehicle modifications should be clearly identified and unambiguous.67

4. Risk-weighted regulation

Shift from one-size-fits-all regulation to a data-driven, segmented approach

Speed to market is imperative for businesses, especially startups with business models predicated on emerging technologies. Speed to market also can make digital services and products more effective. As they are used, they usually collect data on their users. With the help of advanced analytics and, in many cases, AI, the data can then be analyzed to detect new patterns and trends, information that can make the product more accurate, safe, effective, and personalized. Because of this iterative factor, the sooner safe and effective products get to the market, the better.

One way to accelerate the approval of business models based on emerging technologies would be to draw inspiration from the precheck systems for airline travel used in many countries. These work by using data to certify low-risk flyers, who then receive a lower level of scrutiny and inspection.

A similar approach could be used to help expedite approvals of new business models. It would allow certain companies to go through a streamlined and predictable approval process, contingent on their providing access to key information.

The State of New Jersey allows commercial trucks enrolled in NJPass to bypass weigh stations. Qualification is based on their Federal Motor Carrier Safety Administration rating and data on history of roadside inspections.68 “This system [focuses] on higher-risk carriers and provide[s] more efficient use of our limited New Jersey State Police resources,” explains Paul Truban, NJDOT’s manager of the Bureau of Freight Planning and Services.69

A data-driven, risk-based approach shouldn’t be just limited to preapprovals, however. It can be extended to a dynamic, regulatory approach, based on real-time data flows between companies and their regulators. Already, many regulatory bodies, from the US Securities and Exchange Commission to the European Commission, have established such data flows with industry.70

The resulting data could then be analyzed and compared with regulations or expected outcomes to decide whether a firm is in compliance. Firms in compliance would be listed as safe, and if not, the data systems could produce a set of action items to meet the standard, or, in the case of a more serious violation, issue reprimands or penalties such as removal from the safe list.

Regulators also can use open data to complement their own data or for independent inspection. In the case of digital health software, a regulator could monitor products through publicly available data on software bugs and error reports, customer feedback, software updates, app store information, social media, and GitHub.71 Once the data flows are integrated, this part of the regulatory process can be automated. Enforcement can become dynamic and reviewing and monitoring can be built into the system.

Consider an experiment in the city of Boston. The city’s usual food safety process, which relied on random selections of restaurants for further scrutiny, needed improvement. The city’s data portal72 hosts public data on restaurant food safety inspections as well as many other aspects of city life. To more effectively identify restaurants in need of regulatory attention, the city collaborated with Yelp and Harvard Business School to sponsor an open competition to develop an algorithm that could predict health code violations. More than 700 contestants participated, using restaurant inspection data and years of Yelp reviews.73

While participants analyzed the reviews, looking for common words and phrases,74 Harvard economists evaluated the submissions against the city’s actual inspection reports. The verdict: The winning algorithm could improve inspectors’ ability to find violations by 30 percent to 50 percent.75

Yet another form of risk-based regulation could lower the high entry cost of regulatory certification. Daniel Castro of the Center for Data Innovation suggests moving to a “cloud computing model of regulation,” in which scalability is built into the regulatory model. For instance, if a company’s product or service were targeted toward only a few users, it might receive fewer checks since its potential adverse impact would be limited. Only after that company grew and began selling its products more widely would it encounter a more thorough investigation.76

Concept in practice: The FDA’s Pre-Cert process

For certain digital health products, the FDA already uses risk-based approaches that balance potential risks with patient benefits.

As part of its Digital Health Innovation Action Plan, the FDA created a Pre-Cert pilot program for eligible digital health developers that demonstrate a culture of quality and organizational excellence based on objective criteria—for example, excelling in software design, development, and testing. The pilot intends to look “first at the software developer or digital health technology developer, not the product.”77

The idea behind this is to allow the FDA to accelerate time to market for lower-risk health products and focus its resources on those posing greater potential risks to patients. Precertified developers could market lower-risk devices without additional FDA review, or with a simpler premarket review.

But precertification is just one part of the model; the FDA intends to monitor the performance of these companies continuously, with real-world data. Scorecards and corresponding Pre-Cert levels could go up or down based on performance and effectiveness data. If scores fall below a defined threshold, the organization might lose certain benefits, such as expedited reviews for less-risky products or eligibility for Pre-Cert status until it can resolve any product issues through a new assessment.78

5. Collaborative regulation

Align regulation nationally and internationally by engaging a broader set of players across the ecosystem

A recent global survey of more than 250 experts and leaders of financial institutions indicated that regulatory divergence—inconsistent regulations across different nations—costs financial institutions from 5 percent to 10 percent of their annual revenue. The patchwork of international financial regulations costs the global economy $780 billion annually.79

As the digital economy expands, with new business models, technologies, products, and services, regulators around the world can benefit from collaborative approaches such as co-regulation, self-regulation, and international coordination. Through multi-stakeholder meetings that produce concrete policy guidance and voluntary standards, regulators and firms as well as other interested parties can be engaged in the process.

This ecosystem approach—when multiple regulators from different nations collaborate with one other and with those being regulated—can encourage innovation while protecting consumers from potential fraud or safety concerns. In this approach, private, standard-setting bodies and self-regulatory organizations also have key roles to play in facilitating collaboration between innovators and regulators.

The fintech space has shown glimpses of regulatory convergence (see figure 6). For example, Singapore has signed 16 agreements with entities in 15 different countries. These agreements include information exchanges with other nations’ regulators and regulated businesses, referrals of firms attempting to enter a regulatory partner’s nation, and guidance for companies on the regulations of nations they wish to enter.80 Such agreements could lead to standard frameworks and guidelines across nations.

Global and regional institutions can play a key role in facilitating these cross-border agreements. The Asia-Pacific Economic Cooperation, for example, enables cross-border data flow among its members through a set of principles and guidelines designed to establish cross-border privacy protections while avoiding barriers to information flows. Businesses agree to follow the privacy rules; independent entities monitor and hold the companies accountable for privacy breaches.81


Source link

July 1, 2025
51 8 minutes read

Related Articles

How Perfectionism Kills Public Speaking

How Perfectionism Kills Public Speaking

15 hours ago
4 Reasons To Arrive Early To Your Speech

4 Reasons To Arrive Early To Your Speech

1 day ago
How To Wow An Audience

How To Wow An Audience

1 day ago
The Optimization of Broadcasts and Virtual Events in the Evolving Pharmaceutical Speaker Bureau Landscape

The Optimization of Broadcasts and Virtual Events in the Evolving Pharmaceutical Speaker Bureau Landscape

2 days ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button