Quality Control: A Mental Model for Regulation

Regulation has a bad rap.

It is regularly vilified as a barrier to innovation and as a contributor to costs.

But every so often, we are starkly reminded of the important purpose it serves: to protect consumers and ensure industries operate as they are supposed to.

There is a large part of the crypto industry that is unregulated. We are now seeing some of the issues that can cause via FTX et al.

But, there is also a large part of the crypto industry that is regulated. Wealthsimple’s Chief Legal Officer, Blair Wiley, published a fantastic opinion piece in this weekend’s Globe and Mail on how our securities regulations have benefitted Canadians, despite the added set of costs and complexity that come along with compliance.

In Canada, we do have a regulatory framework for crypto and it’s been working, and working well… Globally, Canada has led other markets in crypto regulation. Following the 2019 insolvency of Quadriga – at its heart a result of misuse of client funds in ways eerily similar to FTX – Canadian securities regulators began to work closely with homegrown crypto trading platforms to adopt a regulatory framework that both protects Canadian investors and supports responsible innovation.

Crypto is a relatively young industry. Across jurisdictions, rules are still being debated, the approach to regulation has varied, and the path forward in many countries (especially the U.S.) is relatively unclear.

The FTX debacle is likely to see the pendulum in crypto swing toward more regulation versus less – but what should influence how much regulation is needed?

To answer this, we need to get back to the first principles of regulation.

First Principles: Shared Stories, Trust and Quality Control

Simon Taylor in the latest edition of his Fintech Brainfood newsletter (an invaluable fintech resource, so subscribe if you have not already) made a compelling case for why the future of trust in finance needs a new vision.

Trust is everything in finance. Truer words could not be spoken.

But trust is everything in almost all human-made social structures.

You must trust in your bank that your money will be kept safe and made available upon request.

You must trust in the food and drug industry that the things you are consuming are both safe and effective.

You must trust in the transportation industry that you will get from Point A to Point B in a safe and timely manner.

Each of these industries is a microcosm of human cooperation organized around the production of some value-creating good or service. Trust is what holds these industries together and trust ultimately comes down to the shared story industry participants tell themselves to co-operate at scale (a la Yuval Noah Harari’s thesis in Sapiens).

When it comes to individual industries, we all have a shared story of how things are supposed to work. When I look at my bank, I am supposed to be able to withdraw my money upon request, not be blindsided by any hidden fees, and have reasonable certainty my money will be kept safe if the economy or institution falters.

Industry Shared Story = How Things Are Supposed to Work

Yet, it is not just the shared story that is important, but rather everyone’s continued willingness to believe it. Continuity requires trust. Without trust, the shared story collapses, cooperation deteriorates, and the value creation potential of the industry breaks down.

For individual industries, trust is a promise that things will work as intended. That promise is often constructed based on a core set of principles that include consumer protection, competitive fairness, responsible business conduct, and so on.

Industry Trust = A Promise Things Will Work as They Should

Back to Simon Taylor: Trust is a steady, compounding process that builds through consistency. Without consistency, trust cannot be built, and the shared story and industry fall apart. Crypto has a consistency problem, because each time trust starts to accrue, the promise that things will work as they should gets shattered by an unanticipated event.

A Mental Model: Regulation as Quality Control

What is needed to fix consistency problems? Quality control. Regulation often serves the function of quality control in an industry, there to ensure consistency and trust in the shared story that holds everything together.

Regulation = Quality Control For “How Things Are Supposed to Work”

For example, banking is a highly regulated industry and one in which I am currently employed. The Bank Act is the piece of legislation that governs the industry in Canada. We have two primary regulators as a federally regulated bank: OSFI and the FCAC.

The Office of the Superintendent of Financial Institutions (OSFI), is responsible for prudential regulation and financial stability (ie. making sure banks do not engage in overly risky activities or do things like misuse customer deposits…). They provide quality control over the risk management and governance practices of their constituents. This means they develop rules and interpret legislation (ie. set the standard for “how things are suppose to work”) and then provide oversight of those rules by monitoring regulated entities’ financial conditions, risk management and compliance (ie. acting as quality control when things go outside the bounds of the rules).

The second regulator watching over the Canadian banking industry is the Financial Consumer Agency of Canada (FCAC) who oversees market conduct with regard to financial services, products, and payments. This mandate ensures consumer protection is front and center in industry activities. The agency operates in a similar way to OSFI, interpreting consumer protection measures set out in legislation, public commitments, and codes of conduct (ie. “how things are supposed to work”) and supervising the compliance of regulated entities (ie. quality control).

Of course, the term “quality control” is used broadly to reference anything that would compromise the ability of an industry to produce a product or service in-line with how things are supposed to work. Fraudulent misuse of customer funds is not how a trading platform is suppose to work. Opening up accounts on behalf of clients without their consent is not how banking sales processes are suppose to work. Quality, in this sense, means things work as reasonably expected. Control means monitoring for any breaches of that covenant,

Quality Control Meets Automation

Most regulation is structured this way, even in professional sports where regulators = referees.

Referees are the interpreter of a sport’s rules much like a regulator is the interpreter of an industry’s applicable legislation.

In baseball, for example, an umpire is there to make judgements about balls and strikes, whether runners are safe or out, and whether balls in play stay fair or foul. They keep the shared story of baseball consistent, interpreting “how things are supposed to work” and ensuring it plays out on field to the best of their abilities. The more consistent the umpire can be, the more trust that will be built up in the game. Quality control in baseball, however, is a role that requires human judgement, which is admittedly fallible.

What happens to quality control when technology changes the environment?

In baseball, advances in machine learning, analytics, and data/video storage capabilities have led to “automated umpires” that are able to more consistently call balls and strikes than their human counterparts. While some still like the game to be played the “old school” way, many are increasingly coming around to the idea of using automated umpires full time.  Why? Because it enhances the degree of consistency in the game, and as we’ve established, consistency builds trust, which helps the industry to continue to deliver its product.

In a way, crypto has the potential to enable the same thing for financial services that robot umpires enable for baseball. Two of the primary characteristics of most blockchains are transparency and immutability. Consequently, any asset that is on-chain is therefore both visible and nearly impossible to fabricate. Those that operate in crypto, by its very nature, are able to provide data to almost anyone who wishes to execute quality control. This idea had been placed on the backburner of industry discussion, but is starting to pick back up as proof-of-reserves (assets and liabilities) and other related conversations gain momentum post-FTX.

Of course, many activities of centralized crypto firms take place off chain (ie. any dealings with traditional assets or currency, the liability side of the balance sheet, etc.). So automation, like in baseball, has the ability to potentially improve quality control execution, but does not solve every issue.

Regulation or Not, Quality Control Should be the Goal of Any Industry

That brings us back to the question posed at the top: what should determine how much regulation is appropriate?

I’m here to argue that it depends on how quality control is achieved.

Toyota did not set out to create the Toyota Production System to comply with regulations, they did so to eliminate variance from their assembly lines to help them compete more effectively by producing cars more efficiently with a lower rate of defects.

Four Seasons did not create a distinct hospitality experience built with strong service standards because regulators compelled them to. Instead, market forces did, leading to a higher level of service quality across the business.

Quality control for both products and services can be achieved through the actions of industry constituents and market forces in addition to regulation. Industry associations, consumers and competitors can police a standard of quality just as well as regulators can. Kraken and many other crypto exchanges, for example, have done proof of reserve audits since 2014, without a compulsory regulatory reason to do so. Going forward, this will likely be a best-practice symbol that any centralized exchange in the industry will have to observe if they want to attract users in a competitive market.

My point here is that regulated or not, quality control should be the goal of any industry and all of its participants (not just the regulators). Regulation can be leaned on when needed, but it is the responsibility of all stakeholders to ensure that industry trust is upheld so the shared story does not get shattered. Collaborative efforts to construct policy, share best practices, or call out firms for sketchy behavior can all be collectively carried out by an industry.

For crypto, the answer to how much regulation is appropriate depends on how much quality control takes place because of market forces and how much is required to shore things up through specific regulations. Can we reasonably expect things work “how they are supposed to work”? Can the industry collaborate to start rebuilding trust and implementing systems of quality control? Or will regulatory intervention be required? The answer to this question is almost certainly yes, but the degree of that intervention will depend on the industry’s response in the quarters ahead.

Concluding Thoughts

Crypto aside, for all regulated industries, we should always be evaluating how much quality control is needed in light of evolving environmental factors and industry developments.

Regulation as quality control is just a simple mental model, but one that highlights that the job of regulators can also be conducted by the firms that comprise the industry as well (or in DeFi’s case, the code that is written and executed on-chain).

It is also a good reminder for those who feel the regulatory barrier is too steep. Those perceived barriers are often there to protect us, to keep our collective industry stories intact, and to build trust consistently over time so that the industry can keep delivering value to its constituents. After all, that’s what we’re all here to do.

[I will add in Scott Adam’s standard disclaimer here: BOCTAOE – But Of Course There Are Obvious Exceptions. There are too many nuances to the regulatory conversation. The quality control mental model is not a perfect analogy. There are lots of directions to take this conversation.]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: