Technologies of Compliance: Risk and Regulation in a Digital Age

By Bamberger, Kenneth A. | Texas Law Review, March 2010 | Go to article overview
Save to active project

Technologies of Compliance: Risk and Regulation in a Digital Age

Bamberger, Kenneth A., Texas Law Review

Legal scholarship has been silent about a phenomenon with profound implications for governance: the automation of compliance with laws mandating risk management. Regulations-from bank capitalization rules, to Sarbanes-Oxley's provisions on financial fraud and misrepresentation, to laws governing information-privacy protection-frequently require regulated firms to develop internal processes to identify, assess, and mitigate risk. To comply, firms have turned wholesale to technology systems and computational analytics that measure and predict corporate risk levels and "force" decisions accordingly. In total, the third-party market for compliance-technology products-known generally as "governance, risk, and compliance" (GRC) software, systems, and services-alone grew to $52 billion last year, and this growth is poised to increase exponentially.

While these technology systems offer powerful compliance tools, they also pose real perils. They permit computer programmers to interpret legal requirements; they mask the uncertainty of the very hazards with which policy makers are concerned; they skew decisionmaking through an "automation bias" that privileges personal self-interest over sound judgment; and their lack of transparency thwarts oversight and accountability. These phenomena played a critical role in the recent financial crisis.

This Article explores these developments and the failure of risk regulation to address them. While regulators have lauded the turn to technology, they have ignored its perils. By contrast, this Article investigates the accountability challenges posed by these and other technologies of control, and suggests specific reform measures for policy makers revisiting the governance of risk. This Article argues for more activist regulator oversight backed by sanctions before disaster has occurred. But it also emphasizes collaboration in developing risk-management systems, drawing both on the granular expertise of firms and the broader vantage of administrative agencies. Most importantly, it seeks better to reflect the human decisionmaking element at both levels: to recognize the ways in which technology can hinder good judgment, to reintroduce human inputs in the decision process, and to reflect the limits of both human and computer reasoning.

I. Introduction

In December 2006, executives at financial-services firm Goldman Sachs quickly convened a meeting of senior risk managers and traders. After three hours examining the breadth of its trading positions, the firm decided to limit exposure to a housing-market downturn by selling some of its mortgagebacked securities and diversifying its holdings to hedge the risk of others.1 While Goldman suffered losses in 2007, they reached nowhere near the scale of those suffered by its contemporaries.2 The firm avoided the fate of nowdefunct competitors such as Bear Stearns, Lehman Brothers, and Merrill Lynch,3 and went on to earn record profits in 2009.4

The meeting's fortuitous timing was no coincidence. Since the 1980s, Goldman had invested heavily in risk-modeling technology.5 Unlike some of its competitors, Goldman's system had incorporated into its monitoring capacity daily trend reporting based on sophisticated, quantitative riskprediction programs.6 In December 2006, Goldman's system indicated a problem - the firm's daily profit and loss reports showed that its mortgage business had posted a loss for ten straight days.7 The generation of those ten daily reports triggered the meeting, and the evaluation of firm-wide exposure measures generated by its risk-assessment technologies, in turn, prompted the subsequent realignment.8

Goldman's experience underscores a phenomenon about which legal scholarship has been remarkably quiet: the increasingly pervasive reliance on technology - in the form of information-technology and decision-automation system software and analytics - in assessing and controlling risk, and in complying with government regulation mandating its management.

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
Loading One moment ...
Project items
Cite this article

Cited article

Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited article

Technologies of Compliance: Risk and Regulation in a Digital Age


Text size Smaller Larger
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

While we understand printed pages are helpful to our users, this limitation is necessary to help protect our publishers' copyrighted material and prevent its unlawful distribution. We are sorry for any inconvenience.
Full screen

matching results for page

Cited passage

Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited passage

Welcome to the new Questia Reader

The Questia Reader has been updated to provide you with an even better online reading experience.  It is now 100% Responsive, which means you can read our books and articles on any sized device you wish.  All of your favorite tools like notes, highlights, and citations are still here, but the way you select text has been updated to be easier to use, especially on touchscreen devices.  Here's how:

1. Click or tap the first word you want to select.
2. Click or tap the last word you want to select.

OK, got it!

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.

Are you sure you want to delete this highlight?