RegTech and creating public value: opportunities and challenges

Abstract Regulatory technology (RegTech) has its origins in private sector applications of information technology in pursuit of more efficient compliance with government regulations. Initially, the term “RegTech” referred to either the technical solutions intended to aid financial service providers in managing regulatory issues or to the companies and organizations that develop and deliver such solutions. Increasingly, regulatory experts are stretching the term’s coverage to include efforts by governments to harness technical solutions in pursuit of more efficient targeting and conduct of regulatory monitoring and enforcement. Whether deployed within the private or public sectors, RegTech holds significant potential to improve regulatory compliance, reduce compliance costs, and improve the speed and accuracy with which known harms can be addressed and emerging risks can be identified. Here, we focus on the potential for RegTech to support the creation of public value. We suggest public value is most likely to be realized when governments (1) keep focused on regulatory purpose and effective design and (2) build effective collaboration with RegTech providers and regulated entities. KEY MESSAGES: Governments hunger for more efficient and effective ways to deliver public value. Increasingly digital/digitisation is being seen as the way to deliver this. With regard to the regulation of harms, RegTech is the latest in a line of proposed approaches. RegTech holds promise but we know it is not failsafe because it can exhibit both data science and human implementation problems. Implementation of RegTech brings both practical opportunities and challenges.

Regulatory design and regulatory enforcement have long represented major areas of government activity.This has been the case especially in advanced market economies, where effective social and economic outcomes are recognized as emerging from the well-coordinated interplay between centralized, governmental actions and the myriad decentralized actions of businesses, non-market organizations, and individuals.As societies become more complex, the need for effective regulation tends to grow.For example, developments in transportation (railways, private cars, and air travel) have all generated demand for regulations to ensure safe and effective operations.Likewise, developments in medical science have produced demand for regulations relating to the training and ethical practice of medical specialists, the scope and appropriateness of specific medical technologies, and the rights and protection of privacy of patients.In large part, effective regulatory monitoring and enforcement work continues to rely upon a vast array of application and approval processes, supported by monitoring and enforcement procedures.With the development of routinized and semiautomated bureaucratic systems, these regulatory regimes have become increasingly efficient, but room for improvement exists.Recent private sector efforts to apply information technology in pursuit of more efficient compliance with government regulations represents an important development in the broader regulatory space.These applications of regulatory technology have come to be termed "RegTech."Regulatory experts are now starting to stretch the term's coverage to include efforts by governments to harness technical solutions in pursuit of more efficient targeting and conduct of regulatory monitoring and enforcement.
The article proceeds as follows.In the next section, we consider the concept of public value.Taking our lead from the seminal contributions of Mark Moore (1995Moore ( , 2013)), we suggest deployment of RegTech is likely to create public value when those leading the charge are explicit about their strategic goals, pay close attention to relevant operational capabilities, and engage in effective dialogue with key entities that comprise their authorizing environment.This leads into a section where we provide a primer on RegTech, noting its nature and appeal and its potential for creating public value.This overview provides insights into where RegTech is most likely to prove effective in the immediate future.With explicitly and systematic reference to Moore's Public Value framework, we then consider challenges that could impede the effective deployment of RegTech in the regulatory space.We conclude the article by suggesting RegTech will best contribute to the creation of public value when governments (1) keep focused on regulatory purpose and effective design and (2) build effective collaboration with RegTech providers and regulated entities.

A focus on creating public value
Mark Moore's public value framework (1995,2013) has been highly influential both among scholars of public policy and public management and practitioners working in and around the public sector.The framework emphasizes three aspects of public management: Delivering services, achieving social outcomes, and maintaining trust and legitimacy.Here, we use the term "public value" as Moore did in his initial definition.It is "the public sector equivalent of private value in corporate management" (1995).Under this definition, public managers seek to enhance the value to citizens of government activities.
Moore originally presented his framework in Creating Public Value (1995).There, Moore illustrated the framework's applicability using examples from state and local government settings in the United States.With John Benington, Moore subsequently assembled scholarly investigations that amassed broader evidence concerning the applicability of the framework.Contributions to Benington and Moore's edited collection drew on evidence from Australia, New Zealand, the United Kingdom, and elsewhere (Benington and Moore 2010).Moore subsequently produced another book, Recognizing Public Value (2013).This elaborated on his original formulation and explored how public managers might track and measure the public value generated by their efforts.
Since Moore popularized the term "public value," it has been the subject of some contestation in the public policy, public management, and public administration literatures (see, e.g.Alford and O'Flynn 2009;Bozeman 2007Bozeman , 2009;;Mintrom and Luetjens 2017;Moore 1995Moore , 2013;;Moulton 2009;Talbot 2009).Current explorations of public value fall into two distinct streams.Barry Bozeman (2007) focuses on the broad, societal level.Bozeman has proposed that research on public value can be interpretive, exploring the apparent values held and espoused by a given society.At the same time, Bozeman has portrayed his work as normative, to the extent that he explores instances of "failure" where desired forms of public value are not being generated by society, market processes, or government.Others have contributed to this stream.For example, Stephanie Moulton (2009) has explored how cognitive frameworks and practices associated with specific forms of service delivery are shaped by broader institutional settings that, in turn, are shaped by broader public values.In contrast to Bozeman's work-and work inspired by it-Mark H. Moore's (1995) contribution is action-oriented.This has allowed Moore and others to use the conception of public value as a tool for assessing many instances of activity among public managers.We see Moore's use of the concept as amenable to exploring the opportunities and challenges associated with greater application of information technologies and RegTech in the public sector.For a recent exploration of the broader contribution of information technology to public value creation, see Picazo-Vela et al. 2021.That is why we take Moore's work as our point of departure here, while recognizing and acknowledging the breadth and richness of current thinking about public value found in the public management literature (see, e.g.Bryson, Crosby, and Bloomberg 2014;Williams and Shearer 2011).
The core of Moore's public value framework consists of "the strategic triangle."Energetic, results-oriented public managers must seek to align the three points or corners of the strategic triangle: value, mandate, capability.Those public managers begin by considering how-from their positions in government-they might create public value.Toward this end, they formulate "strategic goals."Those goals might emerge from thinking about how best to add public value for citizens through specific programs, services, or regulations.But public managers cannot engage in unilateral action.They must seek support and legitimacy for their strategic goals from what Moore terms "the authorizing environment."To do this, public managers must leverage their current powers with the intention of getting others to share their perceptions of specific situations and how public value might be increased within them.
The authorizing environment is comprised of various authority figures and stakeholders.In the regulatory arena, the authorizing environment could consist of government ministers, heads of regulatory agencies, the leaders of regulated entities, peak-bodies, and community members.By engaging the authorizing environment, public managers gain awareness of the formal and informal mandates governing their work and what discretion they might have in pursing legitimized "strategic goals."Explicit in Moore's framework is the notion that public managers can perform at their best when they enjoy a degree of earned autonomy, and when they feel confident in exploiting it.For regulators, this suggests having a degree of discretion over how to best to work with regulated entities to reduce known harms.Within the framework, significant levels of political savvy are expected to be deployed by those seeking to create public value.For regulators, we might interpret this to mean having a sound awareness of their operating context and appreciation for the fluidity of authority within it.
The third corner of the strategic triangle concerns the harnessing of operational capability.Acting in their own sphere of authority, public managers will often have control over the allocation of resources, even if just their own, to the pursuit of strategic goals.However, effective forms of horizontal cooperation across traditional organizational boundaries can create synergies to enable greater capability.Beyond that, effective negotiation with key figures in the authorizing environment can secure more operational capability.Importantly, those with greater political or organizational authority can make calculated tradeoffs among a set of public goals.At the same time, such authority figures must be cognizant of the opportunity costs associated with the pursuit of one set of strategic goals over others.Careful construction of arguments and generation of support from coalitions of relevant stakeholders can be critical to securing operational capability for the pursuit of particular public value goals.
In sum, Moore's public value framework highlights key considerations for public managers who aspire to create public value and whose roles allow them a degree of decision-making discretion and control of operational capability.In the process, public managers need to be pragmatic, flexible, and determined but non-dogmatic.What works well in one set of circumstances might not necessarily work well elsewhere.That said, scope exists for public managers to learn from the actions of others and acquire new understandings of practices and approaches they might adopt to improve their effectiveness in public value creation.

Analytical approach: applying the public value framework
In the past few years, there has been considerable discussion of the potential value of RegTech to regulated entities.Thus, John Humphries and Daniel Flax enjoined RegTech companies to "focus on value" because the end goal of companies in general is "delivering extreme value" (Humphries and Flax 2019, 343).This can be extrapolated to the use of RegTech in public settings, where the end goal should be on delivering public value.Our interest lies in considering how governmental efforts to support and harness advances in the deployment of RegTech could create public value.Our analytical approach is straight-forward.When we discuss the nature and appeal of RegTech to support regulatory processes in government, we systematically address three questions that emerge from Moore's Public Value framework.The questions are: (1) What is the strategic goal to be pursued?(2) What is the relevant authorizing environment relating to this goal?And (3) What operational capability is required to effectively attain this goal?When we discuss a series of challenges to broader application of RegTech in the public sector, we ask: (1) What is the strategic challenge to be addressed?(2) What is the relevant authorizing environment relating to this challenge?And (3) What operational capability is required to address this challenge?This analytical approach allows us to effectively assess opportunities and challenges to the creation of public value through greater application of RegTech.

The nature and appeal of RegTech
RegTech involves "the use of new technologies to solve regulatory and compliance requirements more effectively and efficiently."That definition coined in 2015 by the Institute of International Finance has come to be commonly followed (e.g.Becker, Merz, and Buchkremer 2020).Like subsequent definitions, the above definition does not name specific technologies that are used in RegTech applications.That is helpful because it allows the term to be used as an umbrella, even as applications are extended and new technologies are harnessed or developed to facilitate valued outcomes.We should also note RegTech is often used to describe the firms that develop and provide RegTech solutions to regulated entities.
Initial applications of RegTech occurred in the private sector, especially in the financial industry.Banks and other financial institutions working in complex regulatory terrain covering multiple jurisdictions and involving multiple levels of government turned to RegTech to reduce compliance costs and noncompliance risks.Entities specializing in providing RegTech solutions have evolved to offer automated means of analyzing regulatory requirements, monitoring compliance, and meeting reporting needs.Other RegTech applications to date include creation of secure portals for safe sharing of sensitive information, improving the speed and accuracy with which fraud is detected, applying artificial intelligence to better train customer service representatives, and monitoring financial advice to ensure it meets required standards.
As these examples indicate, RegTech solutions can facilitate many day-to-day interactions that make doing business simpler and safer, without being apparent to most consumers.
Regulators have witnessed the benefit of RegTech in the private sector and there is increasing appetite to adopt it within public functions.For example, many are exploring RegTech's potential to fundamentally transform the efficiency and effectiveness of regulatory compliance and activities for the benefit of customers, companies and regulators themselves.Recently, government regulatory agencies have begun collaborating with RegTech providers with the goal of enhancing regulatory performance.As a result, RegTech is now being applied both by private sector obligation holders required to comply with government regulations and by public sector regulators seeking to monitor regulated entities and ensure appropriate compliance is routinely occurring (Bagby and Packin 2021).This background suggests that adoption of RegTech by regulatory agencies can create public value in three key ways.First, it can support more thorough monitoring of regulated activities and promote compliance.Second, it can support more systematic identification of the emergence of new risks and potential harms.Third, even as it brings more consistency and speed to regulatory efforts, it can reduce the costs of regulation to both the government agencies tasked with regulatory enforcement and those obligation holders required to abide by regulatory requirements.For RegTech to be adopted by government agencies, support must be gained from the authorizing environment.This will typically mean senior public sector leaders, government decision-makers, and the industries and organizations subjected to changing regulatory practices.The successful implementation of RegTech initiatives and on-going support for them calls for careful attention to be paid to the operational capability of relevant regulatory agencies.This is something we discuss further in our exploration of challenges in the regulatory space.
We next present examples of RegTech applications to gambling, trucking, and environmental regulation.Given the agenda-setting intention of this article, these examples have been deliberately chosen to illustrate the breadth of potential applications of RegTech to support regulatory monitoring and enforcement efforts within government.RegTech could support government efforts to regulate (1) many social activities, (2) many aspects of the private infrastructure central to the smooth running of the contemporary economy, and (3) a vast array of activities that have the potential to advance sustainable development-including environmental protection-or undermine it.Of course, all current areas of government regulation could potentially be enhanced through effective adoption of RegTech.Looking to the future, we would encourage the development of focused and extensive case studies of RegTech applications, using cases that range along the full spectrum from spectacular success to regrettable failure.Such research could generate many practical insights to guide future adoption of RegTech while advancing our knowledge of RegTech management practices that create public value.
Like the financial industry, the gambling industry faces specific regulatory challenges.These include combating fraud and establishing robust anti-money laundering systems (Patani 2019).Increasingly, gaming establishments are also being expected to actively address issues relating to problem gambling as well (Delfabbro, Thomas, and Armstrong 2016).All these regulatory requirements fall into the category of "knowing your customer."Hence, scope exists for dataset development and analysis that will support improved compliance.But aspects of this can impose significant costs on gaming establishments.In this climate, scope exists for RegTech to be usefully deployed.Machine learning algorithms can partially automate systems that flag potentially criminal or socially harmful behavior.As data grows, the possible unique combinations of variables expand, and machines can become more effective and accurate at spotting abnormal behavior, in real time (Patani 2019).This is significant because it increases the capability of gaming establishments to anticipate problems and demonstrate to regulators how they have addressed them before any harms have occurred.
Over the past two decades, companies in the trucking industry in many countries have been harnessing information technology for improved fleet management (Guerrero 2014).Data generated by monitors on individual trucks is now routinely gathered to provide managers with real-time information on the performance of specific vehicles and their drivers.As company databases have become more extensive and sophisticated, it has become apparent that granting regulatory agencies select access to them could serve to reduce compliance costs.For transportation regulators, such access has also opened the way for reducing monitoring costs and road infrastructure wear and tear, and improving overall road safety.In Australia, governments have been using data from trucking firms and from road cameras in a concerted bid to enforce driver compliance with speed limits.Transport for NSW (2017) has noted a substantial reduction in fatal crashes and serious injury crashes since it introduced this automated approach to heavy vehicle average speed enforcement.
The potential for RegTech to improve the effectiveness of environmental regulation has also been recognized (Amesheva 2019).In Australia, the Murray Darling Basin Authority has trialed satellite imagery to assist with water usage compliance checking.Satellite imagery has been used for studies into landscape change and monitoring across large areas.This technology can consistently measure and track water resources and their use.A review of the trial highlighted the significant benefits to support compliance activities and the potential for technology to improve ecological monitoring in the future (Murray Darling Basin Authority 2018).This integration of remote sensing into databases and systems of artificial intelligence holds vast potential implications for improving resource management in many domains (Miller et al. 2020).
RegTech is also seen as having potentially immense contributions to make in supporting and advancing the clean energy revolution.One major application involves improving the accurate reporting and assignment of carbon credits, applying the use of novel techniques to enhance more traditional accounting processes (e.g.Ballard 2022).Such accounting work is essential if progress is to be made toward the UN Sustainable Development Goal of slowing and reducing climate change.Other applications involve the integration of smart meter technologies with energy management systems to promote real-time energy savings and optimize energy use (Amesheva 2019).
This overview of the nature and appeal of RegTech suggests ongoing developments and applications within public organizations could generate significant public value.However, given the complexity of the regulatory terrain and the solutions required to effectively navigate it, the promised benefits will be realized only when government regulators, regulated entities and RegTech developers collaborate for collective gain (Humphries and Flax 2019).There is potential here for missed or bungled opportunities to diminish value realization.Returning to our earlier discussion, this is where there is merit in policymakers, regulatory designers, and regulators adopting a public value lens when assessing ways to advance RegTech applications.

Challenges in the regulatory space
As outlined, RegTech holds a lot of promise but that doesn't mean it will necessarily fit easily into the fabric of existing public institutions.Moreover, even if the perfect product is deployed to meet the apparent needs of a regulatory agency, the ongoing maintenance and training required to maximize its benefits may not be guaranteed once the initial excitement of the latest shiny tool has worn off.So it is prudent to ask whether RegTech will really make things better, or if it is merely the latest novelty item in the policy showbag.
A range of challenges must be addressed if RegTech is to live up to the hype and create public value.In what follows, we review six such challenges to the creation of public value and consider how they might be addressed.We do not want to suggest that these challenges represent all that might accompany the greater use of RegTech in the public sector.But there is a logic to how we have chosen the challenges to highlight.They run from challenges emerging from expectations of what RegTech can achieve through to challenges emerging from reluctance to adjust standard operation procedures in public agencies.
Before jumping into deeper discussion of these challenges, we briefly indicate the logic of our organization of that discussion.First, creation of public value can be jeopardized when misperceptions exist about what an innovative can do.In the case of RegTech, those misperceptions could lead to poorly prioritized and poorly utilized applications.This challenge relates to the importance of specifying how and why, in any given instance, RegTech is necessary to create public value.Second, creation of public value can be jeopardized by lack of readiness for an innovation.In the case of RegTech, if regulatory staff are insufficiently trained to use new technology, then many of its potential benefits might not be realized.This relates to organizational capability and how it contributes to creating public value.Third, creation of public value can be jeopardized when innovations are subject to insufficient oversight and guidance.In the case of RegTech, oversight needs to come both from technical and regulatory experts.Poor balance in oversight could see opportunities squandered for creation of public value.This relates to organizational capability and establishing effective engagement between those seeking to implement RegTech and members of the relevant authorizing environment.Fourth, creation of public value can be jeopardized when human biases are reflected in technological processes.In the case of RegTech, this could result in poor targeting of obligation holders and the creation of unnecessary compliance costs and subsequent inquiries into enforcement practices.Loss of confidence in specific systems could gravely harm the reputation of a regulatory agency and destroy public value.This relates to organizational capability and training and how it contributes to creating public value.Fifth, creation of public value can be jeopardized by seemingly quotidian matters such as careful guidance of the commissioning of major projects.The contracting out of work programs to technical consultants is now routine in many governments around the world.But with this comes risk of poor communication, which can undermine the realization of promised benefits.In the case of RegTech, the risk is high, because commissioning requires interactions among regulatory agency representatives and third-party technology suppliers who may not share a common professional vocabulary or common understandings of effective ways to work across specializations.This relates to organizational capability and to establishing effective engagement between those seeking to implement RegTech and members of the relevant authorizing environment.Sixth, public value associated with an innovation can be jeopardized due to insufficient risk management and accountability.Again, this relates to organizational capability and to establishing effective engagement between those seeking to implement RegTech and members of the relevant authorizing environment.
None of these challenges can be assumed to resolve themselves.For the public value of RegTech to be realized, these challenges must be met with dedicated and focused attention.We next discuss each challenge in more detail, keeping a central focus on the creation of public value.To that end, for each challenge we consider further the strategic concern, the relevant authorizing environment relating to the challenge, and the operational capability required to address it.

Addressing misperceptions about what RegTech can achieve
Opportunities to create public value can be undermined when misperceptions exist concerning new processes or new technologies.Such misperceptions have their basis in poor communication.The strategic challenge is to address those misperceptions so that public value can be created through RegTech applications.Advocates for greater uptake of RegTech must clearly explain its benefits and limitations and what implementation will entail.By doing so, they can ease the challenge of gaining support from the broader authorizing environment.This is critical for ensuring adequate resources will be devoted to the initiative.Similarly, organizations seeking to utilize RegTech need to actively seek to understand if it is genuinely suited to their needsjust because it worked elsewhere and advocates for it are big on promises, does not mean it will be an effective tool in all situations.In addition, all staff members whose actions shape the regulatory agency's operational capability must also be effectively briefed on what is being proposed, what it is intended to achieve, and any known limitations.
Unresolved challenges in the regulatory space can impede the effective deployment of RegTech.Indeed, while much of the promise of RegTech is in addressing longstanding policy design and regulatory implementation issues, these issues will simply be replicated and potentially amplified in the applications of the technology if sufficient and deliberate consideration is not paid to addressing them.RegTech can make processes smoother, and more efficient, but technology alone cannot overcome poor regulatory design and application.
Similarly, RegTech does not reduce the overall amount of activity regulators are obligated to undertake.It does not remove responsibilities.Rather, it is a tool that can help to speed up or improve the quality of regulatory efforts.Ultimately, someone still needs to decide what harms those efforts ought to be applied to and which should be downplayed for now.Further, mechanisms are also needed to check that decisions informed by RegTech are consistent with expectations, to avoid incidents such as the now infamous Robodebt scandal in Australia (where Australian welfare recipients were sent incorrect payment demands) (Robodebt Royal Commission 2022).What operational capability is required to address misperceptions about what RegTech can achieve?RegTech's success will hinge on two things: First, sufficient time being given to ensuring the proposed technology fits the design and regulatory functions of an agency; Second, deliberate, systematic efforts are made to ensure inhouse capability can adequately support RegTech implementation.

Addressing lack of readiness within regulatory agencies
As with all organizational and regulatory change mechanisms, the readiness and culture of an agency will determine the trajectory of success and the creation of public value.The strategic challenge is to address that lack of readiness.An organization will likely struggle to benefit from RegTech if it is mired in external reviews flagging contemporary concerns around clarity of regulatory requirements and processes, agency staff responsibilities and collaborative abilities, stakeholder acceptance of agency mandate and the like.Given many RegTech products merely speed up existing processes, if those processes are unclear, if staff do not appreciate their role in overseeing them, and stakeholders don't accept their conclusions, then the addition of technology will at best serve as an expensive continuation of the status quo.
Moreover, even if processes and roles and responsibilities are clear, if organizational culture is poor then the introduction of new tools which automate aspects of the agency's work may encounter resistance and further diminish culture.Staff need to feel trusted and that they can trust the organization.They need to feel they add value and that their efforts and skills are appreciated (Cuddy 2016).This is perhaps even more the case in public sector organizations, where there can be a sense of identity alignment to organizational activities (Mintzberg 1996).Organizational culture can be greatly undermined when new tools and technologies are introduced without sufficient deference and respect being given to the expertise of current staff (Pfeffer 2007).
To avoid this, it helps to start from a position of positive organizational culture, i.e.where trust, respect and lines of communication are already high.The most significant element of the authorizing environment relating to this challenge is senior leadership of regulatory agencies.To address this challenge agency leaders must attend to operational capability.Engaging staff in the process is critical.Agency leaders must ensure that staff are engaged in identifying: (1) what regulatory activities and processes are suitable for the application of RegTech; (2) what kinds of technology may be useful to enable that application; and (3) what the automation of existing manual tasks will mean for staff activities and roles (i.e., what do those staff whose jobs have been automated do next?).A robust communications program about the need and benefits of the RegTech should accompanying this activity.For example, such a program would indicate how those whose roles have been made obsolete will be supported to continue to meaningfully contribute their expertise to the public good, and how the shift is intended to reduce harms.These adjustments to operational capability can increase the prospects of RegTech applications creating public value.

Ensuring oversight by both technical and regulatory experts
Regulation is a complex field of public sector activity that calls for significant subjectmatter expertise.Public value is generated and sustained when those subject-matter experts are given the scope and resources to do their work effectively.The strategic challenge here is that the introduction of RegTech will be accompanied by discounting of the contributions and importance of this human, subject-matter expertise.Such discounting can have devastating effects on both organizational culture and capability.Advanced data science tools aren't black boxes and require skilled oversight.This oversight needs to exist both in the form of technical and subject matter experts.Technical expertise is required to monitor and amend the functioning of a particular RegTech as needed.Subject matter experts who understand the regulatory frameworks and domains of harm the RegTech is being employed to address are also needed to interpret and validate the outputs of the RegTech.The most significant element of the authorizing environment relating to this challenge, as with the lack of readiness challenge already discussed, is the senior leadership of regulatory agencies.They have it in their powers to balance expertise in their agencies.
While both technical and regulatory experts can be contracted in, doing so is less likely to be valuable when it comes to embedding the use of RegTech.This need for context-specific expertise arises because RegTech doesn't take away the need for the application of judgment.It cannot yet boil complex regulatory decisions down into neat 'Computer says "yes/no"' answers.Regulatory agencies will continue to need to demonstrate leadership in their respective areas.The operational capability required to address this challenge will be attained through careful attention being given to maintaining and, where necessary, bolstering in-house subject matter expertise.That is necessary to enable robust regulatory design and implementation.Smaller organizations may struggle to make such resources available.
Further, the recommendations of technical and regulatory experts may not always align.This misalignment will inevitably lead to situations where decisions are subsequently questioned with the benefit of hindsight and agencies will need to be able to justify the choices made.Such justification will need to reflect not only the balance of harms/benefits in the regulatory context but also in the context of what the technology had recommended or implied as the optimal course of action.Hence, agencies ultising RegTech will also need to develop and uphold clear policies and processes articulating how and why decisions taken may deviate from specific recommendations made by both RegTech and subject matter experts.This transparency will not only aid public acceptance of regulatory decisions but also help ensure a positive regulator culture.All of this can add powerfully to the creation of public value.

Avoiding human biases being reflected in technological processes
Any system that effectively automates decision-making holds the potential to create public value through improving the timeliness, ability to deal with complexity, and the consistency of those decisions.But poorly designed or managed systems can rapidly destroy public value.This is most obviously apparent when systems generate harms for members of the public.Trust in government can be rapidly eroded through such episodes.The strategic challenge is to avoid such scenarios arising.While RegTech promises to replicate and potentially amplify what is already working in regulatory agencies, it also carries the risk of replicating and amplifying what is not working.Technology is impacted by human input, conscious and subconscious (Zou and Schiebinger 2018).Consequently, the perspectives of those who provide the context for its structure (i.e. the regulatory insights) as well as those who build it (i.e. the regulatory developers) will shape the final applications.Human cognitive limitations have long been known to result in people deploying a range of mental heuristics or short-cuts.Common instances include making judgements based on what worked well previously (availability), by making small adjustments from a previous judgment (anchoring), or by making attributions based on limited information (stereotyping).Even with the best will in the world, heuristics mean human biases will inevitably end up reflected in the decision (Tversky and Kahneman 1982;Bossaerts and Murawski 2017).The consequences of these biases have been widely documented, ranging from things as apparently innocuous as assumptions that all technology users will be right-handed (Bock and Wells 2014), through to more perverse outcomes like inbuilt racism resulting in (un)intentional exclusion (Garcia 2016).
Unintentional human bias is an inherently difficult issue to address which is arguably ubiquitously present, even when relying on technology as a decision support.It highlights the need for RegTech users to not simply set and forget their systems, but to ensure clear and timely feedback mechanisms.That way any unintended consequences can be quickly and appropriately addressed.Such biases also reinforce the importance of having an array of regulatory staff being actively involved in developing and maintaining technological tools.The leaders of regulatory agencies hold the necessary authority to monitor and reform internal operating procedures to reduce the risk of such unintended problems arising.A primary way to do this is to ensure that the agency has sufficient staff possessing specialist knowledge to (1) be able to review recommendations emerging from automated decision-making and (2) anticipate where biases could emerge and seek to ensure that they do not.

Supporting thorough commissioning processes
Once a decision to employ RegTech has been made, thoughts turn to how to commission and maintain it.The strategic challenge is to establish a highly-effective commissioning process.Often, commissioning is not given the careful attention it requires (Mintrom and Thomas 2018).Should it be led in-house or contracted out, is perhaps one of the most critical questions.Here, again, management of RegTech can have major implications for the creation of public value.Good commissioning processes can generate previously unrealized value.Poor commissioning can potentially undermine long-established public value, as well as trust in government systems more broadly.In all cases, the onus for effective commissioning lies with agency leaders.
If contracted out, there is a need for regulatory bodies to be savvy about what they are asking for, the level of input they will have, and what the final product will look like.While many, if not most, regulators are unlikely to have inhouse expertise when it comes to the development, application and maintenance of advanced data science tools, outsourcing everything can lead to system lock in and future path dependence.By relying solely on external service providers, regulators may find themselves unable to obtain the bespoke products they need, pivot to alternative providers in future, synchronize with other government and private sector platforms, and update how the technology interacts with other aspects of the regulatory framework in future.
What operational capability is required to address this challenge?This large array of concerns might suggest establishing inhouse expertise is worthwhile -enabling much greater control over the product.However, there are problems with this too, particularly from a feasibility perspective.For example, the time and cost involved in building an inhouse product may be too great, capacity and capability being common reasons that governments often use consultants.Consider, for example, the Australian government's decision to build a bespoke CovidApp rather than using a preexisting provider as other governments did (Karanasios and Molla 2022).Moreover, RegTech development and application is unlikely to be a one-off build.It will require maintenance and updating in response to regulatory changes and system feedback.External organizations may be better placed to retain a skilled RegTech managing workforce and thus to provide a more consistent and sufficiently resourced team to keep up with that pace of change.Whereas inhouse teams are likely to be buffeted by machinery of government and budgetary changes that can accompany shifts in government and ideology.
Bringing these options together, when deciding how and what to procure, consideration must be given to: (1) upfront and ongoing costs, and (2) the relative inertia of institutions compared to the relative speed of technical innovation.What is innovative and high-end efficient today may not be tomorrow.Unless there is a deliberate and difficult-to-rewind decision to attract skilled employees and commit to enduring resourcing of inhouse RegTech teams, outsourcing may be a more viable option for ensuring the ongoing relevance and suitability of the technology applied.However, if a central agency were to host such an inhouse team charged with providing advice and support to regulatory bodies across their jurisdiction, these outsourcing benefits may not be as strong.Further a centralized approach may also enable improved data sharing and linking, enhancing the end-user experience and potentially increasing the knowledge capabilities of government (subject to data sharing and accessibility legislation).Notice here that the creation of public value in these instances would require coordination of commissioning across a broader governmental authorizing environment.

Bolstering risk management and accountability
Related to decisions of commissioning and procurement are those of risk management and accountability.Again, the potential to create or destroy public value looms large here.The strategic challenge is to reduce regulatory risks and ensure clarity around accountability for specific decisions and their consequences.Good government is based on the core foundation that operational risks are appropriately managed, and public managers will be held to account when operations do not go as planned.Data hacking breaches have shown the need for vigilance in designing and maintaining data management systems, particularly those which have links to other high-value content.
While enhanced encryption may be one solution, these breaches have resulted in greater societal questioning of who ought to be trusted with an individual's data and when.There is an implicit trust that data provided to government will be securely stored, with perhaps few realizing that data might be held by third party contractors.Different governments will have different ideologies about whether it is more appropriate from a risk perspective for government or private organizations to hold that data.
Governments can take major reputational hits when technology does not work as intended and new harms emerge.Given that, the relevant authorizing environment relating to risk management and accountability can expand beyond agency leaders to include senior elected officials and representatives of those who could be harmed by events like data privacy breaches.Ultimately decisions about security and mitigating risks from RegTech come down to government accountability.If something goes wrong, regulatory agencies and ministers need to be able to explain what happened, and ideally why that was the most appropriate outcome.Where they cannot, blame will be directed at government and may result in a fixation on finding a scapegoat, rather than getting to the bottom of what needs to be fixed and get on with fixing it.In such instances, the strategic triangle of an agency or government is weakened: having failed to deliver the expected public value, the mandate or social license to act is revoked, inhibiting an agency's ability to move beyond the meat and potatoes of government and exercise innovation in their activities.
What operational capability is required to address this challenge?The challenge calls for establishment of systems which provide confidence to the community and government alike that RegTech applications are being safely managed, can be trusted, and that there is a timely and accessible process for review when errors occur.Bolstering operational capability in this way will be imperative to broader acceptance of RegTech in public life, and thus the mandate for its use in public value creation.

Conclusion
Effective regulatory monitoring and enforcement work relies on a vast array of application and approval processes, supported by monitoring and enforcement procedures.With the development of routinized and semi-automated bureaucratic systems, these regulatory regimes have become increasingly efficient.But it is generally agreed that regulatory burden can be a drag on a range of transactions, including compliance and enforcement activities, and room for improvement exists.Given this, the emergence of RegTech brings much promise.Here, we have considered the promise of RegTech through the lens of the public value framework.That framework invites us to consider new initiatives in the governmental space and how well they align with the interests of those who represent the authorizing environment and those who contribute to organizational capability.
While we claimed that increasing use of RegTech could create public value in important ways, we have also discussed some key challenges in the regulatory space.In our view, those seeking to promote adoption of RegTech in specific agency contexts should consider six matters.We believe public value is more likely to be realized by adoption of RegTech when efforts have been made: to address misperceptions about what RegTech can achieve; to address lack of readiness in regulatory agencies; to ensure oversight by technical and regulatory experts; to avoid human biases being reflected in technological processes; to support thorough commissioning processes; and to bolster risk management and accountability.These steps will better position agencies to determine if their needs can be met by available RegTech applications, and to incrementally add them to their toolkit in a way which enables rookie mistakes to be quickly picked up and addressed.In the event an agency does this work and finds RegTech is not for them, at the very least they will have a stocktake of where improvements are needed and have provided a platform on which to have a culture building conversation with staff and stakeholders.It may also be beneficial for regulators to share where they are at and what they are considering with peers, as this may lead to opportunities to collaborate on data sharing, tool design, and specialist procurement or recruitment.
In sum, there is a viable path and place for RegTech within regulatory practice, and great potential for such tools to drastically enhance public value creation.This will require governments to keep focused on regulatory purpose and effective design.It will also require them to build effective collaboration with RegTech providers and regulated entities.All of this is entirely achievable.Foresight, planning, and reflection will go a long way to addressing obvious challenges and ensure optimal public value is achieved.