Using Big Data and Blockchain as Corporate Compliance Technologies

Par David Restrepo Amariles, Professor of Law & AI at HEC-Paris, Member of the European Incubator of the Brussels Bar

The development of blockchain and big data technologies is transforming corporate social responsibility and its traditional role as a self-regulation tool.  Regulation is traditionally divided into three prominent systems: public regulation, self-regulation and co-regulation[1]. In public regulation, public authorities set the standards and binding actions for the purpose of achieving public policy aims[2]. In self-regulation, private parties act together to perform a regulatory function[3], usually without interference from public authorities[4], for instance by abiding to CSR standards or best practices. Co-regulation can be defined as “cooperative forms of regulation that are designed to achieve public authority objectives—the cooperation being performed by public authority and civil society”[5]. The advent of enforcement through big data and blockchain could signal the emergence of regulation with distributed enforcement. This refers to a regime where algorithmic processes could enforce CSR standards (among others), without any intervention from stakeholders or States. Enforcement would be provided by the combination of distributed processes, e.g. the combination of a smart contract, information contained within a blockchain and retrieved by the smart contract, and stakeholders recording that information –hence the “distributed” enforcement.

In recent years, scholars have wondered if data-driven policing, applied in the area of corporate social responsibility, could have prevented major corporate scandals such as the BP Oil spill or the Rana Plaza building collapse[6]. “Data-driven policy” refers to a policy motivated by serendipitous results generated through data analysis, instead of being motivated by the trust vested in a theoretical frame (e.g. Keynesian State interventionism through fiscal stimulus), an attempt at testing a hypothesis or sheer intuition or politics. Predictive policing is an example of a data-driven process. While most penal policies have long relied on the intuition that punishing criminals deters crime, data has revealed counterintuitive facts, such as that financial sanctions can actually increase crime rates[7] or that crime and earthquakes can be predicted using similar algorithms[8]. Professor Peter Seele suggested applying techniques used in predictive policing to CSR to develop what he calls “predictive sustainability control”, i.e. “the use of analytical techniques to identify subjects for mutual deliberation, supervision and intervention with the goal of preventing future harm related to environmental, social and governance issues, solving past scandals, and identifying potential actors/corporations of unsustainable activities and their stakeholders in the near future”[9].

For instance, predictive policing uses spatio-temporal models for different purposes. In particular, Twitter messages are tagged with spatial and temporal coordinates, which allow to identify discussion topics automatically across designated places such as major cities through linguistic analysis and “statistic topic modelling”[10]. Such model could be transposed, Peter Seele claims, to predictive sustainability control to identify socially unsustainable behaviours such as in the Foxconn case[11] –workers of Foxconn, a manufacturer producing, inter alia, smartphones and gaming consoles, committing suicide, apparently as a result of their labour conditions[12]. Presumably, Peter Seele’s contention is that analysis of these workers’ topics of conversation on Twitter could have helped reveal their poor working conditions and hence, prevented their suicide by alerting stakeholders of their situation. In other words, his contention is that CSR risks could be anticipated by analyzing clusters of data and building probabilities of future events, much in the same way start-up PredPol uses earthquakes models to predict crime[13].

Additionally, CSR standards could be enforced through the combination of contractual mechanics and algorithmic determinism, without requiring court intervention or voluntary compliance from stakeholders once the contract has been concluded. Smart contracts could automatically retrieve the information they need to assess the parties’ level of compliance with its terms and conditions –leave it to the parties and freedom of contract to include CSR standards as one of these terms. They can, for instance, monitor the CSR score of a company on CSRHub, or the quantity of hostile social media content targeting that company in a given geographical location –say, the region where the supplier’s factories are located, using natural language processing (NLP) and statistic topic modelling on Twitter messages as suggested by Peter Seele. However, one obstacle to the implementation of such smart contracts is that the parties will not necessarily be forced to include such clauses, which is why smart contracts will not replace traditional enforcing mechanisms in the immediate future (in addition to the technical obstacles of implementing such contracts) but keep coexisting with other forms of regulation.

Distributed enforcement can beneficially coexist with other forms of regulation, as traditional and newer CSR instruments have a complementary effect. For instance, text and data mining efficiently supplement human investigation in detecting tax evasion and optimization schemes. In that respect, text and data mining acts as a support for public regulation by supplementing (if not replacing) traditional judicial or administrative regulation. Similarly, it can provide support or replacement for enforcing mechanisms in co-regulation and self-regulation models .

Complementary Effect of CSR Instruments on Detection of CSR Violations (model)

Restrepo Amariles et al. [2018]

This figure is a speculative model describing how the technologies on which distributed enforcement is based can combine with other forms of CSR enforcing mechanisms to improve overall enforcement. While these technologies may prove more effective than traditional enforcing mechanisms and hence provide for better enforcement in selected areas of CSR, their use in combination with those older mechanisms will also offer a more comprehensive cover CSR issues. Additionally, if a mechanism is more effective, it can eventually replace it. For instance, as more sources of data become available for tax control, it may be able to replace non-digital investigations. In such a scenario, good policing would include considerations such as weighting the cost of maintaining competing enforcement mechanisms against that the benefits of their cumulative effect.

Cumulative Effect of CSR Instruments on Detection of CSR Violations (model)

Restrepo Amariles et al. [2018]

This figure illustrates how, from a speculative point of view, different CSR enforcing mechanisms produce a cumulative effect on detection of CSR violations when used in combination, depending on areas of CSR. Drawing on the plane analogy, ships and planes can operate together to absorb the demand for means of transportation across, e.g, the Atlantic Ocean. Together, they can absorb more traffic than each would individually.

The second feature of the new regulatory regime is the occurrence of unplanned regulatory effects at the intersection of the different regulatory mechanism. This feature is an inherent corollary of big data analysis[14]. Scholars and judges have expressed concerns that, e.g., analysis of judicial decision by text and data mining, even if conducted for the sole purpose of increasing legal certainty by identifying trends in judicial decisions, might result in a negative by-product, i.e. uniformization of judicial practices[15]. That is, they fear that the increased visibility of certain recurrent outcomes in judicial decisions may provide an incentive for courts to follow these outcomes –either because they expect a deviant decision to be overturned by a higher court, or because a decision deviating from the statistical norm may appear unfair in the eyes of the general public. As a result, although legal certainty would greatly benefit from such an analysis, equity and fairness could be harmed in the process, as the courts would be deprived of their discretionary power.

Insofar as CSR is concerned, the advent of distributed enforcement could be counterproductive. CSR aims at producing specific kinds of regulatory effects and uses specific kinds of behavioural incentives: compliance is produced by providing guidance rather than through the use of deterring punishments[16]. Punishment are usually meant to prevent further violations, e.g. by establishing plans of action or compliance guides[17]. Self-enforcement, which relies on mechanisms similar to court enforcement, might distort CSR by assimilating it to traditional law enforcement, taking away its specificity, which made it attractive to corporations in the first place. Although it is counterintuitive, self-enforcement could impair compliance with CSR.

In conclusion, blockchain and big data heralds a new but ambiguous era for corporate social responsibility. While the secure nature of public blockchains and the diverse uses of big data could strengthen enforcement by making it automatic and virtually inescapable, it could also deter stakeholders from using CSR standards at all. The paradox promises at least that the landscape of CSR will profoundly change in the next few years.

This text is based on D. Restrepo Amariles, A. Van Waeyenberge & L. Colombani, Responsabilité sociale des entreprises: Enjeux globaux et technologiques, [2018] Revue française de gestion 161-182

[1] (Chapter 2 Corporate Social Responsibility, Corporate Governance and Corporate Regulation)

[2] Ibidem.

[3] Julia Black, ‘Constitutionalising Self Regulation’ (1996) 59(1) Modern Law Review 24, 27.

[4] Chapter 2 Corporate Social Responsibility, Corporate Governance and Corporate Regulation. (2013). In M.

Rahim, Legal Regulation of Corporate Social

Responsability – A Meta-Regulation Approach of Law For Raising CSR in a Weak Economy (pp. 25-27).

[5] Palzer, C., & Scheuer, A. (2003). Self-Regulation, Co-Regulation, Public Regulation.

Promote or Protect(170).

[6] Seele, P. (2017, 06). Predictive Sustainability Control: A review assessing the potential to

transfer big data driven ‘predictive policing’ to corporate sustainability management. Journal of Cleaner Production, 153, pp. 673-686.

[7] Gneezy, U., & Rustichini, A. (2000). A fine is a price. The Journal of Legal Studies,

29(29), 1–17.

[8] Huet, E. (2015, February 11). Server And Protect: Predictive Policing Firm PredPol

Promises To Map Crime Before It Happens. Retrieved June 3, 2017, from Forbes:

[9] Seele, op. cit.p.1

[10] Seele, op. cit., p.682

[11] Ibidem.

[12] Pomfret, J., Yan, H., & Soh, K. (2010, November 5). Foxconn worker plunges to death at China plant: report. (Reuters, Editor) Retrieved August 29, 2017, from Reuters:

[13] Huet, E. (2015, February 11). Server And Protect: Predictive Policing Firm PredPol

Promises To Map Crime Before It Happens. Retrieved June 3, 2017, from Forbes:

[14] A sense of the unplanned nature of those results is better conveyed by Google’s “T-SNE MAP” experiment (although, strictly speaking, T-SNE MAP uses machine learning), a virtual landscape created by machine learning algorithms that organizes artworks by visual similarity alone. T-SNE MAP was able to identify cultural influences in the artworks of various artists. Interestingly, some of those influences had previously gone unnoticed by art experts.

[15] Melleray, F. (2017). La justice administrative doit-elle craindre la « justice pre?dictive » ?

AJDA, 193.

[16] Deumier, P. (2013). La responsabilite? socie?tale de l’entreprise et les droits fondamentaux, § La RSE transnationale : élever la protection des droits fondamentaux ?. Recueil Dalloz.

[17] Deumier, op. cit.