Comments on: Having trust issues? Why fully digitised and trust-less systems and processes will be the future of business https://ict-pulse.com/2023/01/having-trust-issues-why-fully-digitised-and-trust-less-systems-and-processes-will-be-the-future-of-business/?utm_source=rss&utm_medium=rss&utm_campaign=having-trust-issues-why-fully-digitised-and-trust-less-systems-and-processes-will-be-the-future-of-business&utm_source=rss&utm_medium=rss&utm_campaign=having-trust-issues-why-fully-digitised-and-trust-less-systems-and-processes-will-be-the-future-of-business Discussing ICT, telecommunications and technology Issues from a Caribbean perspective Fri, 03 Feb 2023 11:01:08 +0000 hourly 1 By: 4 strategies leveraging technology to ace your company’s ESG scorecard | ICT Pulse – The leading technology blog in the Caribbean https://ict-pulse.com/2023/01/having-trust-issues-why-fully-digitised-and-trust-less-systems-and-processes-will-be-the-future-of-business/#comment-172511 Fri, 03 Feb 2023 11:01:08 +0000 https://www.ict-pulse.com/?p=167708#comment-172511 […] more gravely, the organisation could be unaware of those breaches. As was discussed in the article, Having trust issues? Why fully digitised and trust-less systems and processes will be the future of …, monitoring, being able to track activity and having scrupulous records that are auditable, are […]

]]> By: Carlton Samuels https://ict-pulse.com/2023/01/having-trust-issues-why-fully-digitised-and-trust-less-systems-and-processes-will-be-the-future-of-business/#comment-172507 Sat, 21 Jan 2023 17:35:53 +0000 https://www.ict-pulse.com/?p=167708#comment-172507 Quite a lot to digest in this post Michelle. I can agree with you that the zero trust framework is the one that is optimal. But a practical solution – maybe the good enough – is the one where you trust but verify. Digital systems properly architected and configured will deliver that. To some extent.

Both of us have worked on regulatory systems heretofore. You have operated on the other side, as regulator. You know I am a proponent of the ‘light touch’ approach to regulation. The problem in my view is that while our regulators continue to say this is the framework to which they subscribe, the regulatory operating support systems they deploy in enabling the regulatory processes are not fit for purpose. Most simply ignore the basic premise of the philosophic position; what you know and, when you know it are essentials.

The regulator may not prescribe the operating support systems but if the regulator enjoins the regulated to record and keep the records of all material transactions, this requirement informs the kinds of operating support systems to be deployed. If the regulator insists on the right to sample evidence of transactions as indispensable to enforcement and, that samples could be collected with barge-in tools, then this requirement could serve as a prior restraint on wayward transactions.

I have argued and proposed that intelligence garnered from the public space, including anonymous sources, is axiomatic of regulatory oversight in the digital age. Regtech is at best, application of Web 2.0 tools and the processes usually evident in the way search is monetized by the data companies; collect a lot of public facing data to which algorithms are applied to discern patterns and connections. And from those patterns and connections, one knows, can even predict and stand a chance to get ahead of a detrimental action. Now that we have these Web 3.0 tools – like the LLMs! – to exploit, the regulator is in a stronger position to collect actionable intelligence at Internet speed.

[I recall from personal experience my utter surprise when hired to review regulatory processes and make recommendations for update, I suggested to staff the need to know what others are saying about them and even more importantly, what the regulated is saying to others. I suggested a document management system with RSS feeds as a baseline. They had never heard of RSS feeds! They thought it sounded too much like spying.]

All this aside, the SSL debacle was really about a failure to act. Because the evidence will show regulators were aware long before now that things were awry in that operation. You can access the regulations yourself and pass a critical eye. Check out the elements that speak to monitoring and evaluation and you can discern the gaps yourself.

Carlton

]]>