Category Archives: Disintermediation

Disruptive technologies are those that overturn the existing social order

Cool Robot

What makes a disruptive technology disruptive?

This is a question that came up in a discussion with my cohort in the doctor in law and policy program at Northeastern, and I’ve been puzzling on it for a few months.  One characteristic is that technologies that emerge with new value propositions come from the convergence of two or more existing technologies.  For instance, cell phones existed for years before they became truly disruptive.  It was when the smartphone converged the cell phone converged with the internet we began to see real disruption from mobile technologies.

With the smartphone, information becomes accessible and sharable anytime and anywhere, and it enables alternatives to existing services.  Smartphones have taken market shares from cameras, music CDs, taxi companies, and even cellular service itself.  They accelerated the disintermediation of the recording industry that had already begun with Web-based music sharing.  Most recently, apps on smartphones have begun the disintermediation of the personal transportation and the hospitality industries.

Convergence and displacement still don’t quite get at the disruptive effect of a new technology-enabled business model.  One more thing is needed — a threat to social order.  Consider the case of farming drones such as those offered by HoneyComb and PrescisionHawk.  These drones and the associated analytic software can enable crop tracking, and better decisions by farmers on where and when to irrigate or apply pesticides and herbicides.  They can provide a level of detail above what a farmer can get by walking the fields, and do so quicker and less expensively than services from agricultural airplane operators.  Many drones are financially within the reach of family farmers, thus disintermediating the farming aircraft operators and services.

However, crop-dusters and aerial surveyors who provide agricultural services have investments in expensive general aviation aircraft and equipment, and drones will destroy business value of these assets.  Hence, most general aviation services incumbents are opponents of drones, and they have cited safety concerns as a reason to ban their use.  For now, FAA rules effectively ban most commercial use of drones.

This government ban is only a short term win for agriculture aircraft business.  Imagine trying to get investment in such a business now?  Investors could be reticent to fund the acquisition of assets that could shortly be obsolete.  On the other hand, with the FAA restrictions they may also feel inhibited from investing in drone-based business services.  This stalemate effectively freezes time for agricultural aviation technology; it’s like in Cuba where 1950s era automobiles are still plentiful.  Even if a crop-duster wishes to shift his business to drone technology, it just isn’t reasonable to do so right now.  But the demand from farmers is there.

Government regulations though are not always able to intercept and freeze the disruptive effects of technology.  New business models that can capture a market rapidly enable the creation of a counter lobby to threatened incumbents.

Uber is a case in point.  This simple app connects the owner of a smartphone to the owner of a sedan or automobile, thus disintermediating limousine services and taxi companies.  Personal transportation services, unlike agricultural aviation services, are used by large numbers of people who can become a social lobby to counter the incumbent lobby.  Usage of emerging consumer apps can spread virally through word-of-mouth and social media, rather than being dependent on trade press and industry conferences.  This wide and rapid adoption enables entrepreneurs to run faster than the regulators.

Furthermore, regulation of personal services typically operates at a state and local level rather than at the national level.  The chance of finding friendly or just plain slow jurisdictions is pretty high, and by the time the incumbent lobby organizes itself, the new technology’s entrepreneurs and investors have the support of a large and growing number of consumers who can mobilize through social media — i.e., a social lobby.  By the time the backlash mobilizes, the entrepreneurs have generated enough revenue, social capital, and momentum to compete effectively in the lobbying game.

To summarize, the most disruptive technologies will include the following characteristics:

1 — Convergence of two or more existing technologies that enables the emergence of a new business model

2 — Displacement of incumbents that have significant investments in legacy assets, and thus a political stake in maintaining the status quo

3 — Disintermediation of the regulators through a vector that enables rapid development of a social lobby in favor of the new business model

Bottomline – Disruptive technologies are those that overturn the existing social order.



Disintermediating the three lines of defense, and the regulators too

Source: University of North Carolina, Charlotte

Source: University of North Carolina, Charlotte

The three lines of defense paradigm for audit, risk management, and compliance is so commonly accepted, so ingrained in the way that we think of GRC functions, that no one questions it.  Until now.  Last week at MetricStream’s London GRC summit, Paul Moore, former chief compliance officer and famed whistleblower at HBOS, said the three lines model doesn’t work.  That conclusion raises the question of what can replace it.

The three lines model assumes that risks will follow the same hierarchical process oriented structure that the organizational model follows.  But we all know the hierarchical org chart is not the real model for how value is created.  Value chains don’t follow organizational hierarchies nor are they limited to a single business entity, and neither do the risks associated with the processes, regulatory requirements, and assets that are incorporated within those value chains.  The real work is done across teams, across divisions, departments, geographies, and even across companies.

The three lines of defense model assumes that business units are identifying and managing the risks, risk and compliance managers are ensuring that the business units have effective controls and risk management processes, and internal auditors are providing an independent opinion to management and the board on the effectiveness of risk management and compliance activities.  This model assumes specialization and segregation of each of the lines of defense, and increasing objectivity from the first to the third lines.

This model leaves out the people closest to the risks.  The person with the best knowledge of a risk should be the person closest to the processes or the assets that create value for the organization.  This might be a front line employee, a business partner, or even a customer.  It’s rarely an auditor, a risk officer, or a business unit leader.  Enabling those people at the front lines to recognize risks, and to manage and mitigate them is critical to sustainable performance.

The three lines model is no doubt going to persist for a while, but already it is  being disintermediated aggressively.  Regulators are demanding more and more corporate data that enables them to independently evaluate risks and controls.  SEC chairwoman Mary Jo White attributes the record number of enforcement actions in 2014 to the innovative use of advanced data analytics technology.

Social media has also served as a check on companies.  As more corporate data is available to crowds of networked individuals, key influencers can mobilize a “social lobby” to respond to what they perceive as poor industry or corporate practices.  Armed with social technologies, the people formerly known as the customers (or the voters, citizens or constituents) become the new regulators.

Companies can learn from these big data and social lobby developments.  Crowd sourcing risk management can be used to tap into the collective intelligence of customers, partners, employees, or experts.  Data based risks and controls monitoring with advanced analytics can enable quicker identification of potential risk events or control failures, and discover risks that might fall between organizational and risk management silos.

Disintermediation is usually not complete.  iTunes has not replaced recording companies for instance, but it and other music industry cybermediaries have forced a huge shift in the recording industry’s business models.  We should expect cybermediaries to arise that offer GRC services that force a shift in the three lines of defense model;  even more revolutionary, imagine GRC cybermediaries that compete with regulators and statutory auditors.