Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's RegTech and Platforms'

RegTech Opportunities in the Platform-Based Business Sector

Version of 31 January 2020
Proc. Bled eConference, June 2020, pp. 79-106

Roger Clarke **

© Xamax Consultancy Pty Ltd, 2019-20

Available under an AEShareNet Free
for Education licence or a Creative Commons 'Some
Rights Reserved' licence.

This document is at


The notion of RegTech has emerged in recent years, but its application appears to have been mostly limited to the use of technology to assist with organisations' compliance with regulatory requirements. A model is presented that encompasses RegTech's full scope, embracing its capacity to address the needs not only of regulatees, but also of regulators and the intended beneficiaries of regulatory regimes. The model is then applied to the recently-popularised platform-based business model, whose mature form is evidenced by Uber and Airbnb. A range of opportunities is identified for practitioners and researchers to contribute to the application of information technologies in the regulatory space.


1. Introduction

The term 'RegTech' emerged in 2015 to refer to technologies supporting regulatory processes. Reflecting its origins as a variant of FinTech, the main interest has initially been within financial services corporations. It has also been viewed narrowly from the perspective of those organisations, and hence the emphasis has mainly been on compliance aspects.

The conference theme for the Bled eConference in 2020 is 'Enabling Technology for a Sustainable Society'. Organisations generally, but especially in the private sector, have their focus on the short term. As a result, sustainability issues are beyond their horizon. Sustainability is therefore dependent on interventions by other parties, especially parliaments, policy agencies and regulatory agencies whose function is to address externalities and protect public good interests. Researchers, particularly those funded from the public purse, have an obligation to not just reflect the interests of the for-profit corporations that drive economic progress, but to also conduct research that contributes to the sustainability of the economy, society and the environment (Clarke & Davison 2020). For researchers into applications of IT, that obligation translates into the need to consider RegTech's broader application.

This paper accordingly encompasses not only compliance applications but also RegTech's potential to serve the interests of regulators, and of beneficiaries of regulatory schemes. Previous work has developed a framework whereby IS professionals and academics can properly understand regulatory regimes, can identify opportunities for the development and deployment of RegTech, and can conceive, design and deliver appropriate technological support to relevant organisations. The purpose of this paper is to briefly present that framework and to demonstrate its efficacy by applying it to one particular and very topical form of business.

The platform-based business model has been much-discussed in recent years, and the Airbnb and Uber approaches have generated particular excitement. The model is a variant of the longstanding notion of 'marketspace' (Rayport & Sviokla 1994, Clarke 2001). I adopt here the approach of Taeuscher & Laudien (2018), who propose four defining features of a platform-based digital marketplace (p.320):

The large majority of the academic literature on platform-based corporations is concerned with business strategy, business models, and the application and exploitation of Internet, Web and mobile technologies to achieve the aims of that corporation, subject to the constraints of adequately reflecting the interests of the actors on the demand and supply sides. The focus here, however, is primarily on the regulation of the behaviour of platform-based corporations, in order to satisfy the interests of other parties. Those parties include not only platform users, but also other entities that are affected by the platform's operations, industry sectors and segments as represented by industry and consumer associations, government policy agencies, and organisations that perform regulatory functions in relation to the relevant marketplace.

This paper commences by reviewing RegTech's origins and nature. An assessment is provided of the literature that has emerged during the first few years since the term was coined. A framework is then presented for studying the field of regulation and the opportunities for technology to support it. Characteristics of platform-based business models are discussed, and the framework for RegTech research applied to such models in order to identify opportunities and provide insights into the framework's value.

2. RegTech

The term 'RegTech' appears to have been first published in a UK Government report of March 2015 on financial technologies (UKGOS 2015), sometimes referred to as 'the Blackett review'. The earliest occurrence found using Google News is a single, fleeting mention in an article on the UK Budget (Glick 2015). The earliest mentions found by Google Scholar are Arner et al. (2015) and Treleaven (2015).

The contraction derives directly from the use by software marketers of the term 'FinTech' to refer to technologies applied within the financial services sector, particularly those that are perceived to be disruptive or potentially profitable. The motivation for projection of the term RegTech was the desire for "regulatory reporting and analytics infrastructure ... typically to improve efficiency and transparency [in financial regulation]" (UKGOS 2015, pp.12, 47).

The RegTech notion was very quickly co-opted by the financial services industry association, the Institute of International Finance, without attribution (IIF 2015). IIF adopted a narrow definition of "the use of new technologies to solve regulatory and compliance requirements [in the financial services sector] more effectively and efficiently" (IIF 2016, p.2). A slightly different but also narrow approach was adopted by the UK Financial Conduct Authority: "RegTech is a sub-set of FinTech that focuses on technologies that may facilitate the delivery of regulatory requirements more efficiently and effectively than existing capabilities" (FCA 2016, p.3). Academic papers on the topic have generally adopted such definitions as their starting-point (e.g. Arner et al. 2015, Daly & Butler 2018, Anagnostopoulos 2018, Currie et al. 2018). In Butler & O'Brien (2019), it was reported that the UK's financial regulators had developed a proof-of-concept tool for 'Digital Regulatory Reporting', expressing laws and policies in machine-processable form.

It is only natural for the idea to loom large for financial services corporations. This is because of the imposts arising from regulatory measures to safeguard against the economic and social costs arising from the spectacular failure of softer regulatory forms, resulting in financial crises (RBA 2014). In addition, the industry has borne the brunt of frequently-changing interventions by legislatures and law enforcement agencies under the pretence that organised crime, the drug trade, human trafficking, terrorism and child pornography will all be magically defeated provided that the public accepts that every financial transaction must be identified and monitored (Zagaris 2004, Gilmore 2004).

RegTech providers naturally 'follow the money' and focus on large corporations that have substantial obligations imposed on them by formal regulatory instruments, and hence need to perform onerous compliance activities. The financial services industry will inevitably remain an important focus. RegTech's potential scope is, however, far wider than that. Other industry sectors are subject to formalised regulatory requirements, and many looser and less stringent business processes can also benefit from technological support.

Regulatory arrangements are important wherever natural controls fail to curb excesses. This paper contends that, particularly in view of the scale of contemporary economies and societies, technologies need to be harnessed in support of activities of all participants in regulatory processes. This paper conceptualises the central concept in this paper as follows:

RegTech means technological applications in support of the activities of regulators, of regulatees, and/or of entities that are intended to be beneficiaries of regulatory activities

This paper works on the assumption that regulation is an applications area for IT in just the same way as are Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), eHealth and Geographical Information Systems (GIS). As with any such applications area, both professionals and researchers require some degree of technical expertise in the area in order to make well-informed and meaningful contributions. The following section briefly identifies relevant literature. That is then built upon by presenting a framework for the development of research projects and programs in the area.

3. The Emergent RegTech Literature

The previous section noted the first uses of the term 'RegTech' in 2015. A series of searches was conducted in order to detect the rate and nature of development of a literature on the topic, commencing with the source that draws on the largest catchment area, and moving on to collections with a narrower focus. Using the search-term <RegTech "information systems">, Google Scholar returned only 40 hits in late 2017, of which few were relevant and only 2 were in the formal IS literature. In early 2020, the counts showed as 80 in 2015-17 combined, 70 in 2018 and 150 in 2019. The large majority were specifically in the context of FinTech, with only a small proportion evidencing the broader interpretation adopted in the present paper.

Among the Basket of 8 IS journals, in early 2020, 7 journals returned zero hits for <RegTech>. Only 2 papers were located, both in JIT (Siering et al. 2017, Currie et al. 2018). An indication of the challenges involved in search-strategies is that the Siering article, which develops "a taxonomy of [financial] manipulations ... to guide the development of appropriate decision support systems for fraud detection" (p.251), does not contain the string 'RegTech' in the text but only in the title of a paper in the reference list.

The AIS eLibrary's collection, searching on <RegTech>, yielded 4 hits in late 2017, 8 in late 2018, but still only 10 in early 2020, in a corpus of 44,000 items. However, of the 16,000 refereed articles, only 1 mentioned the term, proposing a particular form of RegTech (Moyano & Ross 2017). See also the unrefereed paper Huang & Chiang (2017). However, the term was in neither the Abstract nor the Title of those two papers, and hence the present paper may become the first to be discoverable using a '<term> in Abstract OR Title' search-strategy.

The application of technology in support of regulation of course started long before the term 'RegTech' was coined. It was therefore important to conduct broader searches. The primary term used was <regulat*>, where appropriate supplemented by <AND "information systems">. That string was chosen in order to encompass variants such as 'regulation', 'regulatory', 'regulator' and, less commonly, 'regulative'. This search strategy of course misses instances of papers that do not contain that string even though they mention regulatory topics, and in some cases even have them as a primary focus. For example, papers may use such terms as 'compliance' and 'standards' alone, without ever mentioning 'regulation'.

In practice, studies of this kind are constrained by the poor quality both of repositories and of the search-facilities that they provide. Searching on Google Scholar, extensive though its catchment is, can only be performed using its populist but sub-professional facilities, and mediated by its obfuscated precedence algorithm. In addition, the search-facilities of many of the commercial services that have trapped both the Basket of 8 journals and the AIS eLibrary are not of sufficient quality to enable reliable, fine-grained searches. Most provide access to far less than the full corpus of articles in each venue. Few support search within Abstract only. Some, including Elsevier, do not support wild-cards within search terms, over 50 years since such facilities became mainstream. Some also evidence serious bugs, such as bepress, which underlies the AIS eLibrary, which appears not to process either <regulat*> or <regulative> correctly. It was accordingly necessary for the search-procedures to reflect the vagaries of each particular repository.

Using this strategy, searches using Google Scholar still only brought to light relatively small numbers of articles relevant to this study. The paucity of research on regulation in IS contexts has been previously noted (Eggert et al. 2013). In the Introduction to a Special Issue on FinTech, Alt et al. (2018) comment that "a brief analysis undertaken on Google Scholar confirmed the impression of only limited available research in the RegTech domain. This is remarkable since legal and regulatory requirements and checks have accrued in view of the growing regulation that has occurred in the financial industry after the financial crisis of 2008".

Searches in the Basket of 8 journals located 25 titles and 70 abstracts of potential relevance among the c.8,000 articles published to date. Within the AIS eLibrary, in early 2020, 65 articles were located with a relevant term in the title, and 280 in the abstract. This compares with 361 in the abstract for health, 275 for ERP, and 177 for <GIS OR geographic>. The highest peak was in 2008-09 (29 and 45 articles respectively). The counts in 2018-19 (15, 16) were similar to those in 2005-06 (16, 19) and 2011 (18); so there was little evidence of a surge of publications since the emergence of the RegTech notion. However, many of the articles identified in this way are concerned with matters outside the scope of this article, such as personal self-regulation, regulatory focus theory, and organisations' internal governance mechanisms including compliance by staff with IT security policies.

In all, the literature research generated 40 relevant articles in IS or cognate journals, of which 24 are in Basket of 8 journals, and a further 20 papers in IS conferences. Despite these small numbers, the list of authors includes over a dozen highly-cited IS academics. A further indicator of the perceived relevance of the topic-area was that the number of individuals in the AIS Faculty Directory who nominate regulation as an interest is considerably greater than the numbers for, for example, the busy application areas of health and geographic information systems.

The relevant papers encompass a wide array of topics, primarily in the broad areas of compliance within the financial services sector, and privacy. Few major works were found, such as systematic literature reviews - but see Cleven & Winter (2009), Akhigbe et al. (2015) and Hashmi et al. (2018) - or research agendas - but see Coglianese (2004), Abdullah et al. (2010), Cousins & Varshney (2014) and Akhigbe et al. (2017). Few of the works are highly-cited. The largest Google citation-counts that were identified were between 70 and 80 for Coglianese (2004) and Abdullah et al. (2010), c.40 for Duncombe & Heeks (2003), and c.25 for Cleven & Winter (2009).

Few papers were found that adopt the perspective of individuals and organisations that are intended to be the beneficiaries of regulatory regimes. A modest number have the design of regulatory measures as the central focus (Neo 1992, Clarke & Jenkins 1993, Williams 1994, 1996, Hosein & Whitley 2002, Knackstedt et al. 2013), while some at least acknowledge that regulators have a perspective different from those of regulatees (e.g. Gomber et al. 2018).

Because most of the published research has been specifically from the perspective of regulatees, the primary focus has been on compliance and the limitation of damage to regulatees' interests. Some papers are concerned with operational aspects of IS, in particular the influence of regulatory measures on IT applications and their use (Mlcakova & Whitley 2004). Others study regulatory regimes' impacts on system design (El Kharbili 2012, Knackstedt et al. 2014), on business process management (Schultz 2013, Fellman & Zasada 2014, Sadiq & Governatori 2015), and on shared infrastructure (Reimers et al. 2015). Difficulties in achieving compliance were considered in Smith et al. (2010) and Gozman & Currie (2014), while Clemons & Madhani (2010) considered circumstances in which new business models overwhelm existing regulatory mechanisms.

Regulation's strategic impacts were recognised even during the early years of strategic IS research, although it was originally regarded almost exclusively as a constraint rather than as an opportunity. For example, among the 14 considerations in the 'Organizational Strategy Set' of King (1978) was "organization must be responsive to regulatory agencies".

Porter's work on competition and corporate strategy (1980, 1985) has been highly influential. Yet, despite mentioning "government policy" in eight locations, Porter's books treat government actions as having almost entirely negative impacts on business, with only reduced regulation and subsidies mentioned in a positive manner. Porter's theory overlooks the ways in which regulatory measures definitively shape some industries, e.g. through legislated monopolies and oligopolies maintained by very high entry barriers such as licensing requirements. Porter's theory also fails to recognise that both the fact of regulation, and its nature, can create scope for competitive advantage. In practice, corporations are adept at 'regulatory arbitrage' (architecting business structures and processes to circumvent regulatory measures - Fleischer 2010) and 'jurisdictional arbitrage' also referred to as 'forum shopping' (arranging the jurisdictional location of business operations to avoid inconvenient regulatory measures - Whytock 2011).

This blindness may reflect the origins of Porter's theory in the Harvard Business School and case studies of US enterprises, in contexts in which government regulation was, and remains, very meek. Driven by this worldview, the IS literature has continued to wear blinkers. Farbey et al. (1995) referred to "regulatory or legal necessity" (p.42). See also Fisher & Harindranath (2004) and Greenaway et al. (2015). Moreover, some studies have even extended beyond discussions of regulatory compliance to actively consider its subversion (Henry et al. 2007).

Contrary to the engrained assumptions, impacts of regulatory regimes on strategic IS can be not only significant, but also positive or enabling (Knackstedt et al. 2013). One example is where regulatory measures provide comfort to the individuals and organisations that buy products and use services. This contribution to trust arises from the feeling that the buyer's risks are reduced, and that recourse is available when things go wrong (Clarke 2001, Tang et al. 2008, Tsatsou et al. 2010, Xu et al. 2012, Wall et al. 2016). The aura can be sustained by a mixture of careful handling of issues as they arise and management of media and government relations. Further, to the extent that regulators take enforcement actions against corporations that fail to fulfil their compliance obligations, the negative impacts of maverick competitors can be reduced, and the positive images associated with mainstream providers can be enhanced.

In addition, regulatory measures can create or strengthen barriers to entry by competitors (Klapper et al. 2006, Lane & Koronios 2001), and can increase barriers to exit by customers. A common example is the obligations imposed on financial institutions in many countries, including the USA, UK, Canada and Australia, to 'Know Your Customer', i.e. to gather a considerable amount of data about the person or organisation, and to conduct identity authentication processes. These represent a barrier to entry, in that new providers have to invest considerable time and money on compliance, as a condition of doing business. Further, users of these companies' services are confronted by onerous and time-consuming documentary requirements in order to establish a relationship with each alternative or additional provider, and these high switching costs naturally reduce customer churn.

In some sectors, regulatory arrangements can strongly influence and even dictate industry structures and processes. This has occurred, for example, in many countries, when they have privatised or otherwise broken the legislated monopolies of PTTs (postal, telephone and telecommunications agencies) and electricity, water and gas utilities (Hulsink 1999). When changes occur, and especially major changes such as privatisation, de-regulation and re-regulation, organisations that are well-prepared for events can acquire large market-shares in new or re-defined industry segments, and can take advantage of new revenue-sources or government subsidies. Rukanova et al. (2009) studies international trade, Watson et al. (2010) investigates opportunities in the environmental protection and energy sectors, and Rai et al. (2015) recognises that regulatory measures are determinative of industry structure in the electricity industry.

The Bled Conference series presents an opportunity to evaluate the extent to which a venue specialising in eInteraction (Clarke & Pucihar 2013) evidences interest in and contributions to the literature relating to regulation. The papers for 2001-19 (913 in all) are searchable in the AIS eLibrary. Searches for <RegTech> in <All Fields> found zero hits. Searches for <regulat*> found zero in <Title> and 6 in <Abstract>. In <All Fields>, on the other hand, 152 were found (16.7% = 1/6th), in all years 2001-19, ranging from 5 to 15 p.a., with a mean of 8.

In the large majority of cases, the mentions are incidental, mostly referring to regulation as a 'hurdle', 'barrier' or 'issue' confronting business, and often mentioning the need for compliance with regulatory 'mandates'. In a few cases, the stimulatory or enabling effects of regulation are mentioned.

This study is less concerned with the mainstream of compliance by organisations with regulatory requirements to which they are subject, and instead has its primary focus on the interests of organisations that perform regulatory functions, and of the intended beneficiaries of the regulatory measures, most commonly consumers and small business. A total of 16 papers were identified that were relevant to this focus.

The significance of regulation for corporate strategy in a particular business sector or segment was the focus in 5 of the 16 papers. These were concerned with retail pharmacy (Lane & Koronios 2001), the design of marketspaces (Clarke 2001), insurance intermediaries (Bouwman et al. 2005), ICT innovation (de Reuver et al. 2007) and critical infrastructure organizations (Holgate et al. 2012).

On the other hand, 6 of the papers examined public policy issues, and from the perspective of the the public interest rather than that of corporations. The issues arose in the contexts of spectrum management (Delaere & Ballon 2007), pharmaceutical pedigree (Higgins et al. 2009), financial market surveillance (Alic et al. 2013, Alic 2015), drug counterfeiting (Kipp & Schellhammer 2019) and taxi services (Heikkila & Heikkila 2019). A further 5 papers considered a range of regulatory mechanisms (Polanski 2005, 2006, Clarke 2006, Burgemeestre et al. 2010, Smit et al. 2016).

Key conclusions from the survey of the literature are that the IS discipline has paid only limited attention to regulation, that the large majority of such studies have been compliance-oriented, but that some research is conducted with regulators and beneficiaries in mind.

The author contends that considerably more opportunities are available to IS practice and IS research, provided that a sufficient framework is established to enable those opportunities to be addressed. IS professionals can make practical contributions to the quality of regulatory regimes, as well as to the application of information technologies in support of compliance with those regimes. There are of course also many implications for IS research.

4. A Framework for RegTech Research

In previous work, the author has reported on the development and exposition of a framework whereby IS professionals and academics can properly understand regulatory regimes, can identify opportunities for the development and deployment of RegTech, and can conceive, design and deliver appropriate technological support to relevant organisations (Clarke 2018). This section provides a necessarily very brief rendition of that framework. The following sections then demonstrate its value as a means of considering how RegTech can be applied in a particular sector.

During the pre-theoretic phase in a new sub-field of IS, a research framework provides structure to themes and issues, including descriptions of fundamental concepts and processes (Wand & Weber 2002, Avgerou 2008, Newell & Marabelli 2015, Clarke 2019). The framework presented here comprises four models. The first model draws on the literature to articulate the Nature and Purposes of a regulatory regime. The model defines the function that regulation performs, identifies the central players - distinguishing regulators, regulatees and beneficiaries, and describes the relationships among them, the processes whereby regulation is achieved, and the criteria whereby the appropriateness or otherwise of a regulatory regime can be evaluated

The second model partitions the space, by distinguishing the Layers within which regulatory measures are commonly conceived (Ayres & Braithwaite 1992, Drahos 2017, Drahos & Krygier 2017). The highest levels of Figure 1 depict the formal alternatives, and beneath that are shown the self-governance alternatives, and two forms of systemic governance.

Of particular significance for the analysis presented here, the second-lowest Layer is 'infrastructural regulation'. Regulatory functions can be performed by physical artefacts, such as the mechanical steam governor. IT can be harnessed to the same purpose. A highly-cited expression of this is 'West Coast Code' (Lessig 1999, Hosein et al. 2003). This involves features of the infrastructure supporting or reinforcing positive aspects of the relevant socio-economic system, and precluding or inhibiting negative aspects. Those features may be byproducts of the artefact's design, or they may be retro-fitted onto it, or architected into it. A simple example is the prevention of a transaction being conducted until particular data has been entered and authenticated.

Figure 1: A Hierarchy of Regulatory Mechanisms

The third model articulates the categories of Players that act within the regulatory space. The fourth model, Play, examines the dynamics within that space, as each of those actors seeks to satisfy its own interests. Figure 2 builds on the basic set of regulators, regulatees and beneficiaries, and embodies a sufficiently deep model to support analysis of complex real-world environments.

Figure 2: Players in Regulatory Schemes

The combined understanding of the regulatory space, layers, players and plays enables not only policy-makers, but also IS executives, practitioners and academics, to perform the 'sense-making' activities that necessarily precede the conception, design, development and deployment of new IS, and the adaptation of existing IS. The framework also provides the foundations for description, interpretation and critical analysis of the comprehensiveness, effectiveness and efficiency of a design, and assessment of its likely impact and implications.

The framework overviewed in this section is intended to support the analysis of individual industry sectors and segments. The following section outlines a category of industry sectors that have been attracting considerable attention, and that represent an appropriate basis for testing the framework's suitability for its intended purpose.

5. The Platform-Based Business Sector

A definition of platform-based digital marketplaces was provided in the Introduction to this paper, based on Taeuscher & Kaudion (2018). A regulatory agency recently offered a simplified description of digital platforms as "applications that serve multiple groups of users at once, providing value to each group based on the presence of other users" (ACCC 2019, p.41). Platform-based corporations consolidate suppliers into a managed collective, and provide them with means of being matched with customers. Exemplars of such sharing or crowdsourcing platforms that have attracted particular attention in recent years include eBay (since 1995), (1996), Expedia (1996), Tripadvisor (2000), Mechanical Turk (2005), YouTube (2005), Airbnb (2008), (2009), Pinterest (2009) and Uber (2009). Claims are made by and for such platforms that they provide information infrastructure to enable more efficient matching of supplier capabilities with customer needs and more efficient use of assets and labour to deliver services.

The emergence and proliferation of the platform model has excited a great deal of enthusiasm in the formal and informal business media (Kavadias et al. 2016, Smith 2016, Uenlue 2017a, Kumara et al. 2018, Teece 2018). Common themes are inefficiencies arising from longstanding regulatory arrangements, and the benefits of de-regulation (Cannon & Summers 2014, Geradin 2015, Wallsten 2015, Kaplan & Nadler 2015). A sub-set of the conversation is concerned with the adaptation of regulatory schemes. In some jurisdictions, regulatory schemes have collapsed and negative impacts of unregulated markets have been felt, resulting in a focus on re-regulation (Ballon & Van Heesvelde 2011, Rauch & Schleicher 2015, Wyman 2017, Heikkilä & Heikkilä 2019).

New platforms typically launch by harnessing new entrants, e.g. consumers with used assets to sell (e.g. eBay), home-owners with spare space that in the past has not been systematically let out for use by other people (Airbnb), and car-owners who have not previously offered fee-for-service car-rides (Uber). Many such schemes have taken advantage of loopholes in existing regulatory schemes to under-cut the prices in existing, regulated markets and thereby gain a meaningful market-share. This can achieve the ratchetting down of the regulatory regime, and may also enable the recruitment of existing suppliers into the scheme. In time, a re-concentration of market power may occur, accruing to the platform-based company, and this may in turn enable price-increases. Stock market valuations suggest a belief among investors that operations that initially make very large losses are likely to later achieve super-profits from the monopoly power that they develop.

Alternatively, a parliament or a regulator may assert its authority. This is likely to force the disruptor to comply with the law and significantly adapt its business model, thereby reducing its cost-advantage. It may even preclude the corporation from operating in that jurisdiction unless it establishes a local subsidiary that adopts a materially different business model.

Responses by regulators in some sectors have been very slow and piecemeal, whereas others have moved more decisively. An Australian regulatory policy agency has recently examined digital content platforms, in particular Google Search, Facebook, YouTube and Instagram, with a focus on their impacts on news reporting and journalism (ACCC 2019). It found that the fundamentally different approach taken by digital content platforms is enabling them to avoid a range of existing regulatory measures, and that this has created serious threats to transparency, to competitive markets in digital content and in advertising, to the economic viability of news reporting, and to consumers' interests. Its Report recommended many adaptations to the regulatory regime for digital content.

The following section draws on and applies the concepts and insights provided by the framework for RegTech research outlined earlier, in order to identify contributions that can be made by technology, and by the IS profession and discipline, to the regulatory processes involved in the platform-based business sector.

6. RegTech Opportunities in the Platform-Based Business Sector

The Framework for RegTech Research introduced earlier was originally articulated to enable the analysis of sectors that have established a degree of maturity and stability. However, it can also assist in analysing circumstances in which disruption is occurring. It provides a basis for mapping the existing regulatory context that the disruptor is challenging. It can assist in reviews of the hierarchy of regulatory mechanisms, with a view to strengthening enforcement of existing requirements, or to easing the regulatory burden while still achieving the purposes for which what are now seen as unduly onerous requirements were imposed. Further, it can assist in identifying areas of particular inefficiency or disadvantage, which may represent an opportunity for de-regulation or rationalisation.

This section applies the Framework to the new platform-based entrants disrupting existing industry sectors, as outlined in the previous section. It commences by considering platforms in the abstract, then examines the regulatory implications of Uber's operations.

6.1 Generic RegTech Opportunities

Many of the generic measures identified in the Annexes to Clarke (2018) have application to the platform-based approach. In all of the upper five layers of Figure 1, system features need to support formal and self-regulatory mechanisms. When incidents are reported, and complaints are made, management systems are needed, to ensure that each case is logged, tracked and managed, and the findings are used to stimulate action. Statistical reporting, on operations generally, on exceptions, on incidents and on complaints, needs to go beyond support for operational management to enable the organisation to achieve compliance, demonstrate to regulators that it has been achieved, and hence avoid the additional costs of unnecessary interruptions to the business management focus of managers and executives.

Regulators of platform-operators need case management systems for own-motion investigations and the handling of individual complaints. Some need information systems to manage registration or licensing. RegTech can also serve needs of beneficiaries of regulation, although in many cases an intermediary, representative or advocacy organisation may need to act as a proxy for their interests. Laws, policies, codes and undertakings need to be accessible and searchable. Guidance is needed in relation to particular patterns of corporate behaviour and the extent to which they are and are not reasonable, and are and are not compliant with laws, policies, codes and undertakings. Complaint preparation needs to be supported by guidance notes, templates and/or document-generators. Individual complaints, but particularly representative complaints on behalf of all or a class of individuals, need support, e.g. correspondence generation and filing, and reminders of deadlines for responses.

Infrastructural regulation has attracted remarkably little attention in many industry sectors and segments. Many regulatory schemes are of long standing, and their design reflects much less sophisticated computing, data management and data communication technologies than are now available. Yet researchers appear to have overlooked the scope for IT to make greater contributions. For example, published research agendas for digital platforms (e.g. de Reuver et al. 2018, Constantinides 2018) make only limited mention of regulation, and almost none of infrastructural regulation. Even a book concerned with public values overlooks the possibility (van Dijck et al. 2018).

An important exception is Boudreau & Hagiu (2009). The focus of those authors is on the platform-operator regulating its contributors and users for the good of itself, not with the regulation of the market segment as a whole for the benefit of external beneficiaries. However, there are likely to be ways in which the self-interest of the platform-operator coincides with the interests of other parties, giving rise to at least some incidental public benefits.

The Annexes to Clarke (2018) catalogue generic infrastructural measures that have application to the platform-based approach. Regulatees need data and process integrity controls, access controls, audit trailing, and automated monitoring of audit trails, all embedded within their operational systems. Platform-operators also require exception-detection mechanisms embedded within their systems, to provide themselves with the opportunity to address individual problems and systemic issues, and to do so before they give rise to harm to regulatory beneficiaries and come to the attention of regulators. Automation of statistical reporting to the corporation's executives ensures forewarning of compliance issues that need addressing, such that anticipatory action can be taken in advance of queries from regulators.

Regulators, meanwhile, can be most effectively supported by automated statistical reporting directly from regulatees' systems, and auto-notification of exceptional individual cases. Direct access to databases in regulatees' systems exists in some financial services contexts. Operational features can be embedded in regulatees' systems that are for the benefit of the regulator rather than the regulatee, such as the prevention of transactions where mandatory conditions are not fulfilled. Examples arise particularly in the context of share trading platforms. Scope also exists for infrastructural features for regulatory beneficiaries, such as auto-reporting to individuals when access to their personal data occurs. This approach is already common when individuals' passwords are changed, or an access occurs from a new IP-address, but it has also seen application in some healthcare contexts.

6.2 A Test-Case: The Uber Platform

The particular platform that has attracted most attention, by consultants and academics alike, is the Uber 'ride-sharing' platform, which has had major impacts in many economies. In addition to its own significance, Uber has stimulated a range of look-alike disruptors in ride-services markets. Many of these are additional or alternative new entrants in the market for taxi-fares, or a substitute for taxis (e.g. Lyft, Bolt, Didi, Ola). In some cases, however, they have instead displaced use of public transport, bicycle-riding and walking. Other Uber-like start-ups have been in the motor-cycle and motor-vehicle courier markets (e.g. Foodora, Sherpa, Zoom2U), and in the heavy goods vehicle arena (e.g. Flexport, Convoy, Saloodo).

On the supply side of the Uber platform, drivers are attracted by ready access to work, no need to have any knowledge of local geography, flexible hours, the ease and speed of joining up, and the limited need for business management. On the demand side, Uber's value proposition comprises easier ordering, shorter delay before pickup, cheaper trips, and no-effort payment. For a comprehensive review of Uber's business model, see Uenlue (2018).

Perceptions of Uber's impact vary, because of enormous differences in contexts across the company's areas of operation (Carson 2018). In the author's regional city, for example, taxis continue to dominate weekdays, but are challenged by Uber in the evenings and on weekends. This appears to be in part 'cherry-picking' behaviour, servicing only the periods offering lower idle-time factors and higher prices (termed 'surge' by Uber). In the process, this adds capacity when it is most needed. Anecdotally, another key factor is that most Uber drivers in the city in question use it only as a second income, and have a full-time weekday job. One study suggests that whereas large cities may have seen Uber and its imitators take as much as half of what was previously the taxi-market, the market-share achieved in smaller cities and large towns appears to be far lower, and the impact in regional and rural areas very limited (IPART 2019).

Uber is a particularly appropriate choice as a case study on RegTech opportunities, because its culture generally is somewhat extreme (Jordan 2017), and prominent within that culture is its wilful disregard for existing regulatory regimes. The range of regulatory non-compliance Uber has been accused of is very wide (Henley 2017, DWO 2018). More than half of the issues arise from the nature of the business. A major category is operation without the necessary business licences and not meeting the standards to qualify for one - such as driver qualifications and local knowledge, worker protections and a sufficiently broad area of service. In some jurisdictions, Uber has been associated with an elevated incidence of driver offences such as indecent assault. Another cluster involves breaches of competition law (price-fixing, collusion, misleading practices), and of tax law. Breaches of labour laws have also been common (wrongfully denying employee entitlements and rights, using the pretence that they are independent contractors). Many platform-based corporations have ushered back in the much-maligned 'piecework' mode of remuneration for labour, with substantial reductions in workers' income camouflaged by the enthusiastic use of terms such as 'gig economy' and 'crowdsourcing' (Kaine et al. 2017, Akhtar 2019).

Even where acting entirely legally, Uber and other ride-sharing platforms can have material impacts that require adaptation by regulators. For example, there is evidence that Uber is exacerbating traffic congestion in many cities, leading to adjustments to congestion fee regulations in order to achieve a reduction in traffic and recover displaced use of public transport (Bond 2019, Giordano 2019). In Heikkilä & Heikkilä (2019), the scope is investigated for applying the commons governance principles of Ostrom (1990).

The model of regulatory players in Figure 2 is readily applicable to the specifics of Uber. As the diagram indicates, multiple regulatory schemes and policy agencies are relevant. A particular challenge that arises from Uber's operation in multiple countries is the diversity of approach, structure and processes among Regulators. In the most comprehensive analysis seen to date of the regulatory aspects of the Uber-driven taxi market, Wyman (2017) identified the "pillars of taxi regulation" as entry, fares, consumer safety, worker protections and universal service requirements (pp.31-74). In some analyses, the Beneficiaries are customers, while in others they are Uber's drivers, and on occasions the jurisdiction's revenue-collection function is in focus. A category of Consultants of particular relevance in Uber's case is what Uenlen refers to as 'lobbyists', whose role is to hold off regulatory enforcement.

Several further insights arise that suggest refinements to the current players model. A key issue in the Uber context is that drivers are regulatees (in relation to their competencies, their responsibility for their vehicle, and their behaviour in relation to customers), but also beneficiaries of regulation (in relation to their working conditions and remuneration). This highlights the need for the model to depict 'Beneficiary' as a plural rather than a singular entity, so as to encompass both passengers and drivers. There is also a need to support different segments within heterogeneous populations, differentiating, for example, business customers from consumers, controlled markets such as for school transport, and urban, suburban, regional and remote locations (Heikkilä & Heikkilä 2019). An important segment is customers in wheel-chairs, who may be impacted quite differently from ambulant ride-seekers. Similarly, on the supply side, drivers fully-dependent on ride-sharing for their livelihood have somewhat different interests from part-time, second-income drivers.

Another challenge is the need for some 'Business Partners' to be factored into analyses. Of particular importance are technology providers that deliver custom-built or customised tools for collecting and managing data, matching demand and supply, providing convenience and ease-of-use, and satisfying customers' and drivers' hedonic needs. Motor vehicle providers may also become significant, to the extent that they deliver, or trial, Uber-favouring features such as embedded vehicle-tracking, automated navigation, and driverless operation. Uber's partners may of course intersect with the 'RegTech Providers' that are already included in the model - resulting variously in cross-leveraging and compromise.

The framework, particularly if subjected to some modest adaptations, therefore provides a strong basis for describing the concepts and processes underlying platform-based business sectors. How well does it deliver against its second purpose, the identification of opportunities for the development and deployment of RegTech in a specific context such as Uber and similar ride-sharing services?

The previous section identified a range of generic opportunities. Most of those ideas are applicable to the specific case of Uber, but both qualifications and adaptations are necessary. At the formal regulatory and self-regulatory levels, statistical reporting and analysis loom large for Uber. It generates a vast treasure-trove of data, not only from the high volume of transactions, but also from its embedded and extensive tracking of both drivers and customers. Apart from supporting strategic decision-making, the analysis of this data supports Uber's ongoing battles with regulators. In part, this battle is engaged indirectly, by addressing the media, the public, policy agencies and parliamentarians. The company's focus is less on compliance and more on demonstrating that the game has changed, that it has changed for the better, and that (preferably) selective de-regulation or (at worst) re-regulation is needed. This can be achieved through anecdotes, supported by data, that convey the image of the platform business model delivering public value.

A key example of this is supply-side elasticity during peak demand periods. The conservatism long evident in most jurisdictions has resulted in no more taxis being available during high-demand periods than at other times, e.g. few jurisdictions issue peak-hour-only taxi-permits. This is reinforced by the rusted-on norm of a fixed tariff - in many cases with higher overnight rates, which is the inverse of the rationalist economic recommendation to use upward price-flexibility to stimulate supply. (Even conservative government public transport services use time-of-day-dependent tariffs in order to shift some of the demand to off-peak periods). Uber's data on ride-availability during 'surge pricing' periods is capable of demonstrating the efficacy of price-flexibility in varying supply and thereby satisfying customer needs. This goes well beyond predictable morning and evening CBD demand, to include sporting and entertainment event peaks and (perhaps less convincingly) wet weather peaks.

Given the central role that IT plays in the Uber platform, there is a heavy emphasis on infrastructural regulation. For Uber to continue to hold regulators at bay, ongoing public goodwill is vital, and hence the media needs to carry feel-good stories, to not discover newsworthy bad news, and most of all to not have the opportunity to snowball bad news stories. This depends on early problem identification, and early action to pre-empt negative reports. That in turns requires automated exception and incident reporting, and an incident management system that nags those responsible for managing issues, all deeply embedded in the corporation's operational systems.

Regulatory purposes can also be served. In order to bolster the argument that existing regulatory regimes are appropriate, quality reporting processes are needed on service-quality, driver-performance and safety-incident reports, supported by apps in the same way that ride-requesting is supported - and even by the same apps. The resulting data can be funnelled through services not controlled by the platform, such that Uber cannot massage the results. Similarly, direct transaction-feeds to regulators can be built into such systems to enable monitoring of key factors such as resource-utilisation, load-patterns, pollution-generation, and revenue-flows to individual drivers.

There is limited evidence of such discussions in the literature, although Wyman (2017) gives consideration to the contributions that could be made by RegTech: "Technology might be harnessed to address concerns that formally removing the existing legal limits on the number of street-hailed taxis might lead to oversupply in certain geographic areas. ... [V]ariable congestion charges might be used ..., and the app provider might be charged with collecting the congestion charge on behalf of the governmental authority" (p.39).

Similar approaches can be applied to the many other instances of platform-based markets. However, the opportunities may not always be apparent to regulators. For example, in the Short-term Holiday Letting (STHL) market segment, driven by the Airbnb model (Uenlue 2017b), a review of options for reconsidering the role of regulation (NSW 2017) was limited to formal laws and self-regulation, and completely overlooked the possibility of using information technology as a tool within the mix.

This case study provides evidence in support of the contentions that RegTech creates many opportunities for IS practitioners and researchers, and that the Framework for RegTech Research outlined in this paper enables their discovery and supports their articulation.

7. Conclusions

This paper has outlined a Framework for RegTech Research. It has also considered the usefulness of that Framework in understanding regulatory layers, players and play, and in identifying opportunities for applications of IT to regulatory matters. The particular context on which the Framework's usefulness was demonstrated is the currently very topical field of platform-based businesses.

An examination of the existing literature concluded that, to the limited extent that regulatory applications and RegTech have been addressed, the interests of regulatees dominate research discussions and research design. A great deal of the literature is concerned with organisations achieving compliance as efficiently as practicable (where the regulator is strong) or achieving the appearance of compliance (where it is not). Even in this mainstream area, the Framework assists in unearthing additional research opportunities.

Although this study generated many suggestions in relation to compliance by corporations with regulatory requirements, the paper's most significant contributions lie elsewhere. Consistently with the conference theme of 'Enabling Technology for a Sustainable Society', the main focus has been on IT applications and features that support regulators, or serve the interests of the intended beneficiaries of regulation - most commonly individuals and small business, but in some contexts the physical environment.

The interests of regulators and of the beneficiaries of regulation are currently not well served by research. The Framework creates the scope for a great many projects and programs that contribute to the greater good rather than just to the interests of particular corporations. Opportunities exist for IS theorists and professionals to study aspects of the platform approach beyond business models, extending to strategic impact, and to public policy. Researchers can make contributions to rational debate in disrupted markets. Professionals can design and prototype IS and IS features that implement or support desired safeguards and controls, and that do so not only effectively, but also efficiently, flexibly and adaptively.


Abdullah N.S., Sadiq S. & Indulska M. (2010) 'Emerging Challenges in Information Systems Research for Regulatory Compliance Management' Proc. 22nd International Conference on Advanced Information Systems Engineering, Hammamet Tunisia, June 2010

ACCC (2019) 'Digital Platforms Inquiry: Final Report' Australian Competition ansd Consumer Commission, June 2019, at

Akhigbe O., Amyot D. & Richards G. (2015). 'Information Technology Artifacts in the Regulatory Compliance of Business Processes: A Meta-Analysis' Proc. 6th International MCETECH Conference on E-Technologies, Montreal Canda, May 2015

Akhigbe O., Amyot D., Mylopoulos J. & Richards, G. (2017) 'What can Information Systems do for Regulators? A Review of the State-of-Practice in Canada' Proc. 11th IEEE International Conference on Research Challenges in Information Science, Brighton UK, May 2017

Akhtar A. (2019) 'More Uber and Lyft drivers are using the app to fit their schedules, but those who make it a full-time job are barely earning a livable wage' Business Insider Australia, 7 May 2019, at

Alic I. (2015) 'Financial Market Surveillance Decision Support: An Explanatory Design Theory' Proc. Bled eConference, June 2015

Alic I., Siering M. & Bohanec M. (2013) 'Hot Stock or Not? A Qualitative Multi-A ribute Model to Detect Financial Market Manipulation' Proc. Bled eConference, June 2013

Alt R., Beck R. & Smits M.T. (2018) 'FinTech and the transformation of the financial industry' Electronic Markets 28, 3 (2018) 235-243, at

Anagnostopoulos I. (2018) 'Fintech and regtech: Impact on regulators and banks' Forthcoming, Journal of Economics & Business, online July 2018

Arner D.W., Barberis J. & Buckley R.P. (2015) 'The Evolution of FinTech: A New Post-Crisis Paradigm?' University of Hong Kong Faculty of Law Research Paper No. 2015/047, UNSW Law Research Paper No. 2016-62, October 2015, at

Avgerou C. (2008) 'Information systems in developing countries: a critical research review' Journal of Information Technology 23 (2008) 133 - 146, at

Ayres I. & Braithwaite J. (1992) 'Responsive Regulation: Transcending the Deregulation Debate' Oxford Univ. Press

Ballon P. & Van Heesvelde E. (2011) 'ICT platforms and regulatory concerns in Europe' Telecommunications Policy, 2011, at

Bond S. (2019) 'Uber spent $2m to help push New York congestion charge' The Financial Times, 3 April 2019, at

Boudreau K.J. & Hagiu A. (2009) 'Platform Rules: Multi-sided Platforms as Regulators' In A. Gawer (Ed.) 'Platforms, Markets and Innovation', Edward Elgar Publishing Limited, pp. 163-191

Bouwman H., Faber E. & van der Spek J. (2005) 'Connecting Future Scenarios to Business Models of Insurance Intermediaries' Proc. Bled eConference, June 2005

Burgemeestre B., Hulstijn J. & Tan Y.-H. (2010) 'e Role of Trust in Government Control of Businesses' Proc. Bled eConference, June 2010

Butler T. & O'Brien L. (2019) 'Understanding RegTech for Digital Regulatory Compliance' In: Lynn T., Mooney J., Rosati P. & Cummins M. (eds) 'Disrupting Finance' Palgrave, 2019, pp.85-102, at

Cannon S. & Summers L.H. (2014) 'How Uber and the Sharing Economy Can Win Over Regulators' Harv. Bus. Rev., 13 October 2014, at

Carson B. (2018) 'Where Uber Is Winning The World, And Where It Has Lost' Forbes Magazine, 19 September 2018, at

Clarke R. (2001) 'Towards a Taxonomy of B2B e-Commerce Schemes' Proc. 14th Int'l eCommerce Conf., Bled, Slovenia, 25-26 June 2001, pp. 591-615, PrePrint at

Clarke R. (2006) 'A Pilot Study of the Effectiveness of Privacy Policy Statements' Proc. Bled eConference, June 2006, PrePrint at

Clarke R. (2018) 'The Opportunities Afforded by RegTech: A Framework for Regulatory Information Systems' Xamax Consultancy Pty Ltd, November 2018, prePrint at

Clarke R. (2019) 'Risks Inherent in the Digital Surveillance Economy: A Research Agenda' Journal of Information Technology 34,1 (Mar 2019) 59-80, PrePrint at

Clarke R. & Davison R. (2020) 'Through Whose Eyes? The Critical Concept of Researcher Perspective' Forthcoming J. Assoc. Infor. Syst. 21, 2 (February 2020), PrePrint at

Clarke R. & Jenkins M. (1993) 'The Strategic Intent of On-Line Trading Systems: A Case Study in National Livestock Marketing' Journal of Strategic Information Systems 2,1 (March 1993) 57-76, PrePrint at

Clarke R. & Pucihar A. (2013) 'Electronic Interaction Research 1988-2012 through the Lens of the Bled eConference' Electronic Markets 23. 4 (December 2013) 271-283, PrePrint at

Clemons E.K. & Madhani N. (2010) 'Regulation of Digital Businesses with Natural Monopolies or Third-Party Payment Business Models: Antitrust Lessons from the Analysis of Google' J. of Mngt Infor. Syst. 27, 3 (2010) 43-80

Cleven A. & Winter R. (2009) 'Regulatory Compliance in Information Systems Research - Literature Analysis and Research Agenda' Proc. BPMD- S/EMMSAD Proceedings, 2009, pp. 174-186, Springer, 2009

Coglianese C. (2004) 'Information technology and regulatory policy: New directions for digital government research'. Social Science Computer Review, 2004, at

Constantinides P., Henfridsson O. & Parker G.G. (2018) 'Introduction-- Platforms and Infrastructures in the Digital Age' Information Systems Research 29, 2 (2018) 381-400

Cousins K. & Varshney U. (2014) 'The Regulatory Issues Affecting Mobile Financial Systems: Promises, Challenges, and a Research Agenda' Communications of the Association for Information Systems 34, 75

Currie W.L., Gozman D.P. & Seddon J.J.M. (2018) 'Dialectic tensions in the financial markets: a longitudinal study of pre- and post-crisis regulatory technology' Journal of Information Technology 33 (2018) 304-325

Daley M. & Butler B. (2018) 'Conduct risk: towards a model for assessment and remediation' Journal of Decision Systems 27 (2018), at

Delaere S. & Ballon P. (2007) 'Business Model Implications of a Cognitive Pilot Channel as enabler of Flexible Spectrum Management' Proc. Bled eConference, June 2007

van Dijck J., Poell P. & de Waal M. (2018) 'The Platform Society: Public Values in a Connective World' Oxford University Press, 2018

Drahos P. (ed.) (2017) 'Regulatory Theory: Foundations and Applications' ANU Press, 2017. at

Drahos P. & Krygier M. (2017) 'Regulation, institutions and networks' Ch. 1 in Drahos (2017), at

Duncombe R. & Heeks R. (2003) 'An information systems perspective on ethical trade and self-regulation' Information Technology for Development 10 (2003) 123-138, at

DWO (2018) 'Sharing economy: rapid expansion, rise in legal issues' Digital Watch Observatory, undated but apparently 2018, at

Eggert M., Winkelmann A., Lohmann P. & Knackstedt R. (2013) 'The Regulatory Influence On Management Information Systems - A Contingency Perspective' Proc. ECIS 2013, 9

Farbey B., Land F.F. & Targett D. (1995) 'A taxonomy of information systems applications: the benefits' evaluation ladder' European Journal of Information Systems 4, 1 (1995) 41-50

FCA (2016) 'Call for input on supporting the development and adopters of RegTech' Feedback Statement FS16/4, Financial Conduct Authority, July 2016, at

Fellmann M. & Zasada A. (2014) 'State-of-the-Art of Business Process Compliance Approaches' Proc. European Conference on Information Systems (ECIS) 2014, Tel Aviv Israel, 2014

Fisher J. & Harindranath G. (2004) 'Regulation as a barrier to electronic commerce in Europe: the case of the European fund management industry' Euro. J. Info. Syst. 13, 4 (2004) 260-272

Fleischer V. (2010) 'Regulatory Arbitrage' Texas Law Review 89, 2 (2010) 227-289

Geradin D. (2015) 'Should Uber be Allowed to Compete in Europe? And if so How?' George Mason University Law & Economics Research Paper Series 15-29, 2015, at

Gilmore W.C. (2004) 'Dirty Money: The Evolution of International Measures to Counter Money Laundering and the Financing of Terrorism' Council of Europe Publishing, 2004

Giordano C. (2019) 'Uber to increase fares in central London to help pay new congestion charge' The Independent, 6 April 2019, at

Glick B. (2015) 'Budget 2015: First look at the policies for technology' UK ComputerWeekly, 18 Mar 2015, at

Gomber P., Kauffman R.J., Parker C. & Weber B.W. (2018) 'On the Fintech Revolution: Interpreting the Forces of Innovation, Disruption, and Transformation in Financial Services' Journal of Management Information Systems 35, 1 (2018) 220-265

Gozman D. & Currie W. (2014) 'The role of Investment Management Systems in regulatory compliance: a Post-Financial Crisis study of displacement mechanisms' Journal of Information Technology 29, 1 (Mar 2014) 44-58

Greenaway K.E., Chan Y.E. & Crossier R.E. (2015) 'Company information privacy orientation: a conceptual framework' Info Systems J 25, 6 (2015) 579-606

Hashmi M., Governatori G., Lam H.-P. & Wynn M.T. (2018) 'Are We Done with Business Process Compliance: State-of-the-Art and Challenges Ahead' Knowledge and Information Systems, January 2018

Heikkilä J. & Heikkilä M. (2019) 'Global service platforms in local markets: case taxi services' Proc. Bled eConf., June 2019

Henley J. (2017) 'Uber clashes with regulators in cities around the world' The Guardian, 30 Sep 2017, at

Henry K., Fox M.S. & Sengupta A. (2007) 'How To Build Enterprise Data Models To Achieve Compliance To Standards Or Regulatory Requirements (and share data)' Journal of the Association for Information Systems 8, 2, Article 5

Higgins A., Mangan A., Kerrigan A., Laffan S. & Klein St. (2009) 'Activity, ICT, and Material Infrastructure in Complex Multi-Organisational Settings: An Assessment of Innovation Potential for Pharmaceutical Cold Chain Transport and Handling' Proc. Bled eConference, 2009

Holgate J., Williams S.P. & Hardy C.A. (2012) 'Information Security Governance: Investigating Diversity in Critical Infrastructure Organizations' Proc. Bled eConference, June 2012

Hosein G., Tsavios P. & Whitley E. (2003) 'Regulating Architecture and Architectures of Regulation: Contributions from Information Systems' International Review of Law, Computers and Technology 17, 1 (2003) 85-98

Hosein I. & Whitley E.A. (2002) 'The regulation of electronic commerce: learning from the UK's RIP Act' Journal of Strategic Information Systems 11, 1 (March 2002) 31-58

Huang G.K.J. & Chiang K.-H. (2017). 'RegTech Evolution: The TrustChain' Proc. ICEB 2017, 42

Hulsink W. (1999) 'Privatisation and Liberalisation in European Telecommunications: Comparing Britain, the Netherlands and France' Routledge 1999

IIF (2015) 'RegTech: Exploring Solutions for Regulatory Challenges' Institute of International Finance', October 2015, at

IIF (2016) 'RegTech in Financial Services: Technology Solutions for Compliance and Reporting' Institute of International Finance', March 2016, at

IPART (2019) '2019 Point-to-Point Transport Survey Report' Orima Research, Sydney, November 2019, at

Jordan J.M. (2017) 'Challenges to large-scale digital organization: the case of Uber' Journal of Organization Design 6, 11 (December 2017), at

Kaine S., Veen A., Goods C. & Josserand E. (2017) `The way they manipulate people is really saddening': study shows the trade-offs in gig work' The Conversation, 19 June 2017, at

Kaplan R.A. and Nadler M.L. (2015) 'Airbnb: A Case Study in Occupancy Regulation and Taxation' The University of Chicago Law Review 82 (2015) 103

Kavadias S., Ladas K. & Loch C. (2016) 'The Transformative Business model: How to tell if you have one' Harv. Bus. Rev., October 2016, at

El Kharbili M. (2012) 'Business Process Regulatory Compliance Management Solution Frameworks: A Comparative Evaluation' Proc. Eighth Asia-Pacific Conference on Information Systems, Melbourne, 2012

King W. (1978) 'Strategic Planning for Management Information Systems' MIS Quarterly 2,1 (1978) 27-37

Kipp A. & Schellhammer S. (2019) 'Facilitating Standardization through Living Labs - 4e Example of Drug Counterfeiting' Proc. Bled eConference, 2019

Klapper L., Laeven L. & Rajan R. (2006) 'Entry regulation as a barrier to entrepreneurship' Journal of Financial Economics 82 (2006) 591-629, at

Knackstedt R., Braeuer S., Heddier M. & Becker J. (2014) 'Integrating Regulatory Requirements into Information Systems Design and Implementation' Proc. ECIS 2014

Knackstedt R., Eggert M., Heddier M., Chasin F. & Becker J. (2013) 'The Relationship of IS and Law - The Perspective of and Implications for IS Research' Proc. ECIS 2013, 18

Kumara V., Lahiria A. & Dogan O.B. (2018) 'A strategic framework for a profitable business model in the sharing economy' Industrial Marketing Management 69 (February 2018) 147-160

Lane M.S. & Koronios A. (2001) 'e-Pharmacy ( A Successful Online Pharmacy in Australia' Proc. 14th Bled Electronic Commerce Conf., June 2001

Lessig L. (1999) 'Code and Other Laws of Cyberspace' Basic Books, 1999

Mlcakova A. & Whitley E.A. (2004) 'Configuring peer-to-peer software: an empirical study of how users react to the regulatory features of software' European Journal of Information Systems 13, 2 (2004) 95-102

Moyano J.P. & Ross O. (2017) 'KYC Optimization Using Distributed Ledger Technology'. Business & Information Systems Engineering 59, 6 (2017) 411-423

Neo B.S. (1992) 'The implementation of an electronic market for pig trading in Singapore' Journal of Strategic Information Systems 1, 5 (December 1992) 278-288

Newell S. & Marabelli M. (2015) 'Strategic Opportunities (and Challenges) of Algorithmic Decision-Making: A Call for Action on the Long-Term Societal Effects of 'Datification'' The Journal of Strategic Information Systems 24, 1 (2015) 3-14, at

NSW (2017) 'Short-term Holiday Letting in NSW: Options Paper' NSW Dept of Planning & Environment, July 2017, at

Ostrom E. (1990) 'Governing the Commons: The evolution of institutions for collective action' Cambridge University Press, 1990

Polanski P.P. (2005) 'Common Practices in the Electronic Commerce and Their Legal Significance' Proc. Bled eConference, June 2005

Polanski P.P. (2006) 'Convention on E-Contracting: The Rise of International Law of Electronic Commerce?' Proc. Bled eConference, June 2006

Porter M.E. (1980) 'Competitive Strategy' The Free Press, New York, 1980

Porter M.E. (1985) 'Competitive Advantage' The Free Press, New York, 1985

Rai A., Arikan I., Pye J. & Tiwana A. (2015) 'Fit and Misfit of Plural Sourcing Strategies and IT-Enabled Process Integration Capabilities: Consequences of Firm Performance in the U.S. Electric Utility Industry' MIS Quarterly 39, 4 (2015) 865-885

Rauch D.E. & Schleicher D. (2015) 'Like Uber, but for Local Government Law: The Future of Local Regulation of the Sharing Economy' Ohio State L.J. 76, 4 (2015) 901-963

Rayport J. F. & Sviokla J. H. (1994) 'Managing in the Marketspace', Harvard Bus. Rev. 72, 6 (November-December 1994) 141-150

RBA (2014) 'The Regulatory Response to the Global Financial Crisis' Chapter 3 of Submission to the Financial System Inquiry, March 2014, at

Reimers K., Li M., Xie B. & Guo X, (2015) 'How do industry-wide information infrastructures emerge? A life cycle approach' Information Systems Journal 24, 5 (September 2014) 375-424

de Reuver M., Haaker T. & Bouwman H. (2007) 'Business Model Dynamics: A Longitudinal, Cross- sectional Case Survey' Proc. Bled eConference, June 2007

de Reuver M., S[[questiondown]]rensen, C. & Basole R. C. (2018) 'The digital platform: a research agenda' Journal of Information Technology, 33,2 (2018) 124-135

Rukanova B., Van Stijn E., Henriksen H.Z., Baida Z. & Tan Y.-H. (2009) 'Understanding the influence of multiple levels of governments on the development of inter-organizational systems' European Journal of Information Systems 18, 5 (Oct 2009) 387-408

Sadiq S. & Governatori G. (2015). 'Managing regulatory compliance in business processes' Handbook on Business Process Management 2, Springer, 2015, at

Schultz M. (2013) 'Towards an Empirically Grounded Conceptual Model for Business Process Compliance' Proc. International Conference on Conceptual Modeling, 2013, at

Siering M., Clapham B., Engel O. & Gomber P. (2017) 'A taxonomy of financial market manipulations: establishing trust and market integrity in the financialized economy through automated fraud detection' Journal of Information Technology 32 (2017) 251-269

Smit K., Zoet M. & Berkhout M. (2016) 'A Framework for Traceability of Legal Requirements in the Dutch Governmental Context' Proc. Bled eConference, June 2016

Smith J.W. (2016) 'The Uber-All Economy of the Future' The Independent Review 20, 3 (Winter 2016) 383-390

Smith S., Winchester D., Bunker D. & Jamieson R. (2010) 'Circuits of Power : A Study of Mandated Compliance to an Information Systems Security De Jure Standard in a Government Organization' MIS Quarterly 34, 3 (September 2010) 463-486

Taeuscher K. & Laudien S.M. (2018) 'Understanding platform business models: A mixed methods study of marketplaces' European Management Journal 36, 3 (June 2018) 319-329, at

Tang Z., Yu J. & Smith M.D. (2008) 'Gaining Trust Through Online Privacy Protection: Self-Regulation, Mandatory Standards, or Caveat Emptor' J. of Mngt Infor. Syst. 24, 4 (2008) 153-173

Tsatsou P., Elaluf-Calderwood S. & Liebenau J. (2010) 'Towards a taxonomy for regulatory issues in a digital business ecosystem in the EU' Journal of Information Technology 25, 3 (Sep 2010) 288-307

Teece D.J. (2018) 'Business models and dynamic capabilities' Long Range Planning 51 1 (February 2018) 40-49

Treleaven P. (2015) 'Financial regulation of FinTech' EY Journal of Financial Perspectives 3, 3 (Winter 2015), at

Uenlue M. (2017a) 'The Complete Guide to the Revolutionary Platform Business Model' Innovation Tactics, June 2017, at

Uenlue M. (2017b) ' Business Model Canvas Airbnb' Innovation Tactics, August 2017, at

Uenlue M. (2018) ' Business Model Canvas Uber' Innovation Tactics, January 2018, at

UKGOS (2015) 'FinTech futures: the UK as a world leader in financial technologies' UK Government Office for Science, March 2015, at

Wall J.D., Lowry P.B. & Barlow J.B. (2016) 'Organizational Violations of Externally Governed Privacy and Security Rules: Explaining and Predicting Selective Violations under Conditions of Strain and Excess' J. Ass. Infor. Syst. 17, 1 (2016)

Wallsten S. (2015) 'The Competitive Effects of the Sharing Economy: How is Uber Changing Taxis?' Technology Policy Institute, June 2015, at

Wand Y. & Weber R. (2002) 'Research Commentary: Information Systems and Conceptual Modeling-- A Research Agenda' Information Systems Research 13, 4 (December 2002) 363-376, at

Watson R.T., Boudreau M.-T. & Chen A.J. (2010) 'Information Systems and Environmentally Sustainable Development: Energy Informatics and New Directions for the IS Community' MIS Quarterly 34 1 (March 2010). 23-38

Whytock C.A. (2011) 'The Evolving Forum Shopping System' Cornell L. Rev. 96 (2011) 481, at

Williams T.A. (1994) 'Government regulation through voluntary cooperation: the strategic impact of information technology Journal of Strategic Information Systems 3, 2 (June 1994) 107-122

Williams T.A. (1996) 'Government regulation through voluntary cooperation: a follow-up study of the strategic impact of information technology' Journal of Strategic Information Systems 5, 2 (June 1996) 149-156

Wyman K.M. (2017) 'Taxi Regulation in the Age of Uber' N.Y.U. J. Legislation & Public Policy 20, 1 (April 2017) 1-100, at

Xu H., Teo H.H., Tan B.C.Y. & Agarwal R. (2012) 'Research Note--Effects of Individual Self-Protection, Industry Self-Regulation, and Government Regulation on Privacy Concerns: A Study of Location-Based Services' Information Systems Research 23, 4 (2012) 1342-1363

Zagaris B, (2004) 'The Merging of the Anti-Money Laundering and Counter-Terrorism Financial Enforcement Regimes after September 11, 2001' BerkeleyJ. Int'lLaw 22, 1 (2004) 123-158, at

Author Affiliations

Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor associated with the Allens Hub for Technology, Law and Innovation in UNSW Law., and a Visiting Professor in the Research School of Computer Science at the Australian National University.

xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 26 December 2019 - Last Amended: 3 July 2020 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2022   -    Privacy Policy