555-555-5555
mymail@mailservice.com
Three Ways to Reduce the Risk of Digital Public Infrastructures (DPIs)
Stay up-to-date on trends shaping the future of governance.
David Porteous and William Frater
In a
previous article, one of us drew lessons from the recent story of Open Banking in the UK about how to govern digital public infrastructure (DPI). In essence, the case showed how the governance of Open Banking Ltd, the not-for-profit company established to set up the scheme, largely achieved its purpose—namely, enhancing the wellbeing of UK consumers and small businesses--while failing in its oversight role. This latter failure triggered a whistle-blower complaint to the responsible regulator in 2020 and then an independent investigation, which has resulted in resignations and in the appointment of new directors in late 2021.
The investigation showed that members of one stakeholder group, people working for Open Banking, suffered in various ways, even if another, UK consumers, benefited from the scheme gaining traction overall. Failure in oversight usually results in a particular group of stakeholders being negatively impacted like this. However, the opposite type of failure--where the purpose fails while oversight is upheld--is at least as great a risk for DPI. This type of failure results in ‘white elephant’ projects on which enormous amounts of resources are wasted without achieving the purpose set out. And of course, double failure--failure of purpose combined with failure of oversight resulting in corruption and loss--is all too common with large infrastructure projects.
As a wave of momentum and funding builds towards promoting DPI around the world, what can be done to reduce the risk of either type of failure? In this article, we outline three governance pathways which may help.
Organizational Purpose and DPI
Purpose has become the central feature of the new governance codes and in pronouncements from the largest global investors. For the sake of clarity, purpose is defined in the new ISO guidance on governance, ISO 37000, as being the reason for existence of an organization. An organization’s purpose embraces how it strategically contributes to the long-term wellbeing of all people and the planet. Purpose articulates the worth that the organization will generate for all its stakeholders, defining its activities and its values and guiding its performance objectives and providing a clear context for its day-to-day decisions. The governing body on the one hand is the custodian of an organization’s purpose, ensuring that it is defined, communicated and embedded. It is accountable to stakeholders for its fulfillment. On the other hand, the governing body has the role of providing oversight, which is the duty of care and skill that ensures that the organization is operated in an ethical and prudent manner such that the governing body’s stewardship responsibilities are met.
How does this understanding affect the governance of DPI? Compared with standard tech products, the building of DPI carries risks and opportunities which mean that the needs of stakeholders matter even more. These include the aspiration to achieve usage and influence at national scale; as well as the likelihood that there are stronger conflicting interests among stakeholders since not all incumbents may be benefited equally by new infrastructure. Traditionally, the role of the state has been to step in to effectively ‘arbitrate’ this conflict through the direct provision of public infrastructure; however, the newer models of providing DPI are more likely to require public-private collaboration, which is achieved through the establishment of a corporate vehicle, as we have seen in the case of Open Banking.
The conventional oversight route may be necessary but is insufficient
The conventional route of ensuring that stakeholders play an oversight role over the purpose of an organization is to nominate representatives of groups of stakeholders to the governing body or board. This indeed is the approach proposed by the UK trade association, UK Finance, for the future board of Open Banking: representatives of consumers and SMEs, the two main target beneficiary groups, would each have one non-executive director seat (out of seven). There are some tricky issues to navigate here such as how best to select one person from each of those large, diverse constituencies: transparent call for nominations can help, but then some pre-existing group of people has to decide. Once appointed to the board, all directors are required by company law to prioritize the interests of the company over the specific interests that they may represent. This approach to constituting board representation is common in these cases, and may even be helpful overall, but we would argue it is insufficient.
So what is needed to ensure that a DPI sustains its purpose over time? Here are three ways which we believe may reduce the risk of either type of failure in building a new DPI. These are all part of ‘Governance by Design’ in this new and important terrain.
1) Undertake upfront stakeholder consultation about purpose
Purpose needs to be established for a new organization to have a clear view on its reason to exist and on how it will make a contribution to the long-term well being for all people and the planet. Necessarily this will involve discussions with stakeholders on what benefit it will deliver. Also on how to be accountable to them for both the positive and negative impacts and for the values that the organization espouses. Those charged with establishing the governance of any new organization which builds and operates DPI should identify likely stakeholders, consult with them and then seek to balance their interests when articulating the organization’s purpose. They then need to establish the channels to account to stakeholders on the fulfillment of this purpose in a manner that is both ethical and prudent. Having channels in place will contribute to ongoing reinforcement of the mandate of the governing body and ensure that the organization’s purpose remains relevant.
2) Be aware of legal paths for enforcement of neglect of governance
The duty of oversight, or of acting with due care and in good faith, is core to the responsibilities that governing body members accept in holding their position. This is both a legal requirement and a stewardship obligation. The governing body should understand the risks that the organization faces and set parameters for the management of those risks. It should ensure that those to whom it delegates the responsibility of executing the strategy to deliver the purpose are provided with parameters within which to act. It should monitor the progress towards delivering on the purpose along with the adherence to the parameters that it has set. Necessarily these parameters should define the risk limits and ensure that the purpose is delivered within prudential and ethical boundaries that minimize the negative impacts on stakeholders, on broader society and on the environment. The governing body should also set clear policies for its own actions to ensure that oversight without conflict of interest can be maintained. Failure to apply oversight is a failure to operate in the best interests of the company and to apply care, skill and diligence that should be expected of a person holding a position on a governing body. There is clear legal sanction for such neglect and failing to act in good faith across most legal systems.
Stakeholders and regulators have legal recourse when there has been a failure of oversight. In some instances, they are able to apply legal sanction directly against the governing body or some of its members. Furthermore, in some jurisdictions, they can launch a derivative case on behalf of the company against the governing body where there has been a clear instance of them acting in bad faith, negligently or against the interests of the company. It is even possible to initiate legal interventions that seek to avoid harm through seeking remedy where neglect is evident and the possibility of damage in the future is high. However, this route is costly. It often requires that loss as a result of an action or inaction can be clearly identified and quantified, which can be hard to do. Rarely do such cases get to court. But the mere existence of this recourse path can be a clear spur for governing bodies to exercise oversight more effectively.
3) Establish a ‘Protector’ function
While there may be legal recourse for stakeholders where there is failure of oversight in a company, there is no such recourse for departure from the stated purpose. This is because adhesion to the stated purpose is not (yet) defined as a legal requirement for governing bodies. However, a stated purpose may become subverted to pressures from a select yet powerful group of stakeholders. This “purpose drift” or capture may result in harm to other stakeholders but may not manifest as a failure in oversight or due care. Courts are typically not willing to involve themselves in what they deem to be the internal affairs of a company; and may not anyway have an understanding of the specialized issues around DPI. The outcome is that purpose, the emerging core of governance, is effectively unenforceable. Therefore, we need to find another mechanism that can enable stakeholders to hold governing bodies to account for a failure to achieve and account for the stated purpose.
There is a helpful precedent from trust law. In certain jurisdictions that allow for trusts, the settlor appoints a protector to ensure that the trustees fulfill the purpose of the trust in relation to the beneficiaries. This protector plays a powerful “apex” oversight role which includes the power to intervene and apply sanctions when there has been a failure of oversight. These sanctions could go as far as changing the trust documents, removing trustees, terminating the trust or even removing certain beneficiaries. Having a protector helps avoid potential losses to the beneficiaries that would otherwise lead to extended and expensive court cases.
Applying this precedent to DPI, even if it is not operated by a trust, we believe that there would be merit in appointing a skilled protector for each important DPI. This role may equate to an Ombuds-like function in some countries. It gives stakeholders rapid access to a specialized channel for recourse on issues relating to purpose. Through approaching the protector at times of alleged oversight failure or purpose drift, stakeholders would be able to request remedy without the costs, disappointments and delays of operating through the courts. The protector, who would be a person with the skills and experience necessary for the DPI in question, would assess a complaint and require that remedy is applied by the governing body. In cases where the governing body refuses to do this, the protector could have the power to reconstitute it. This is in sharp contrast to a conventional governance situation, where the power to replace governing body members is often reserved for a select category of stakeholders who may be the reason for the drift in purpose.
The costs of the protector function would have to be borne by the DPI under an independent budget line item. However, the standing costs need not be large relative to the scheme’s overall costs; although there must be provision to scale up to investigate and address material complaints if they arise. Costs like these may be seen as an investment in entrenching the purpose of a DPI. Alternatively, the protector costs may be seen as a form of ‘legal insurance’ which mitigates loss: stakeholders could seek recourse for the protector to intervene even before the organization has been damaged and they have suffered loss of wellbeing as a result of either lack of oversight or purpose drift.
Governance by design matters for DPI
All three of the routes we have laid out here take time and effort: effective consultation upfront around purpose cannot be unduly accelerated; pursuing legal pathways always consumes resources; and establishing an effective protector function will require upfront attention in scheme design. However, we believe that they are proportional to what is at risk with national scale DPI: not to achieve its purpose will likely result in great waste; and to have the purpose subverted over time may cause worse harm to public interests. Measures like these are what we would call part of Governance by Design, where the measures taken are proportional to the risks and benefits for society as a whole. With DPI, we have to be careful of moving too fast and breaking important things in society; and we must guard too against not moving at all: building governance measures around the bulwark of purpose is a helpful step in this direction. Although our argument here is that the potential risks, opportunities and sheer scale of DPI merits exploring these routes, they may also apply beyond the realm of DPI and may help to enhance accountability in this age in which may profess to be purpose-driven entities.
David Porteous and William Frater are the founders of of Integral and Kutumikia respectively.
At Integral, we provide ESG Consulting advice, evaluation, facilitation, mentoring and coaching services to develop governance systems that fit your organization’s purpose and stage of growth. To explore further how we can help you,
read about our services, or
set up a free consultation.
S H A R E
