Both of us have worked on regulatory systems heretofore. You have operated on the other side, as regulator. You know I am a proponent of the ‘light touch’ approach to regulation. The problem in my view is that while our regulators continue to say this is the framework to which they subscribe, the regulatory operating support systems they deploy in enabling the regulatory processes are not fit for purpose. Most simply ignore the basic premise of the philosophic position; what you know and, when you know it are essentials.

The regulator may not prescribe the operating support systems but if the regulator enjoins the regulated to record and keep the records of all material transactions, this requirement informs the kinds of operating support systems to be deployed. If the regulator insists on the right to sample evidence of transactions as indispensable to enforcement and, that samples could be collected with barge-in tools, then this requirement could serve as a prior restraint on wayward transactions.

I have argued and proposed that intelligence garnered from the public space, including anonymous sources, is axiomatic of regulatory oversight in the digital age. Regtech is at best, application of Web 2.0 tools and the processes usually evident in the way search is monetized by the data companies; collect a lot of public facing data to which algorithms are applied to discern patterns and connections. And from those patterns and connections, one knows, can even predict and stand a chance to get ahead of a detrimental action. Now that we have these Web 3.0 tools – like the LLMs! – to exploit, the regulator is in a stronger position to collect actionable intelligence at Internet speed.

[I recall from personal experience my utter surprise when hired to review regulatory processes and make recommendations for update, I suggested to staff the need to know what others are saying about them and even more importantly, what the regulated is saying to others. I suggested a document management system with RSS feeds as a baseline. They had never heard of RSS feeds! They thought it sounded too much like spying.]

All this aside, the SSL debacle was really about a failure to act. Because the evidence will show regulators were aware long before now that things were awry in that operation. You can access the regulations yourself and pass a critical eye. Check out the elements that speak to monitoring and evaluation and you can discern the gaps yourself.

Carlton