December 9, 2020
The GCC’s digital economy is growing, but risks must be managed
Gulf Cooperation Council (GCC) governments seeking to diversify their economies and position for growth are rightly focused on the importance of digitization. However, scale and sustainability require serious attention to associated risks. While digitization—both of private sector activities and of government services—has for some time been viewed as central to these efforts, the coronavirus pandemic accelerated the process. At the same time, governments need to establish effective protections for the digital economy to gain scale and become sustainable.
Digitization is central to transformation programs underway as GCC governments seek to wean their economies from dependence on oil and gas
The case is compelling: digital activity grows faster than other parts of the economy. For example, the United Kingdom’s (UK) analysis estimates that growth in the digital sector in 2018 was nearly six times larger than that of the country’s economy as a whole. Moreover, the digital revolution offers a unique opportunity to leapfrog decades of gradual development and gain a foothold in industries that have long been the preserve of more mature economies.
Take financial services as an example. Several GCC countries have ambitions to rise to the ranks of top global financial centers. In each case, the attraction and promotion of Financial Technology or FinTech is a critical or central component of their sector strategies. In addition to establishing tailored regulations—e.g. digital bank licenses—and dedicated environments—e.g. sandboxes—authorities provide technology infrastructure, support human capital development, orchestrate collaboration, and provide financing, among other measures. For instance, Abu Dhabi is the site of a large annual FinTech Festival. Meanwhile, Saudi Arabia recently used the platform provided by its G20 Presidency to host a global TechSprint in cooperation with the Bank for International Settlements.
Governments are investing substantially in a focused and coordinated approach
Saudi Arabia’s National Digital Transformation Unit (NDTU) is one of the fundamental programs to achieve Vision 2030. Its mission is to build a world-class digital infrastructure and enable innovative talent to seize opportunities. To that end, NDTU cooperates with digital transformation partners across public and private sectors to support and accelerate digital transformation.
While it remains to be seen whether global leadership can be realized, the strategic direction is plausible and builds on promising foundations. Though GCC countries lag leading countries in the 2020 Portulans Institute’s Network Readiness Index at the aggregate level (UAE ranks at #30, Qatar at #38, and Saudi Arabia at #41), they rank much higher on information and communications technology (ICT) usage and skills among individuals (UAE ranks #1, Qatar #10, and Saudi Arabia #12) and access to ICT (Qatar ranks at #2, UAE at #10, and Saudi Arabia at #19 ). Notably, Saudi Arabia is the world leader in terms of internet access in schools and #4 in terms of government promotion of investment in emerging technologies.
The pandemic has accelerated the already prevalent digitization trend
Working from home and virtual meetings have quickly become accepted practices in the region and many professionals have commented on improved meeting discipline and efficiencies. In the meantime, online commerce, entertainment streaming, and social media offerings are all booming. Indeed, more than eight in ten mobile phone users believe that internet-connected technologies have helped them cope during the pandemic, enabling them to support their children’s education (76 percent), stay in touch with friends and family (74 percent), and even improve their mental health and wellbeing (43 percent).
While it is evident that adoption of technology has significant advantages, there are also important risks
The most frequently discussed categories are related to information security and the abuse of personal data. The Global Risks Report, which Marsh & McLennan publishes in partnership with the World Economic Forum, has listed “Data Theft and Fraud” among the top five most likely risks for multiple years. Governments in some countries have put in place the legal and regulatory infrastructure to deal with these. Oliver Wyman’s Cyber Risk Literacy and Education Index shows GCC governments mounting an effective policy response to the problem (especially Saudi Arabia at #9, Qatar at #13 in the Government Policy dimension, and the UAE #18 in the aggregate ranking).
However, awareness is growing of a much wider set of issues to guard against. These include but are by no means limited to:
- The Digital divide is the gap between those who have ready access to computers and the internet—as well as associated opportunities—and those that do not. This shows up at different levels of aggregation. For instance, the most digitally advanced countries have been so for many years running, implying that there is a structural disadvantage that is hard to break. At a more local level, the pandemic has highlighted how children without access to technology have missed out on months of formal instruction, creating a gap they may struggle to fill.
- Digital illiteracy, as in the inability to find, evaluate, and compose clear information through writing and other media on various digital platforms. This is correlated with the digital divide but is still separate, as access to technology does not guaranty the ability to use it effectively. It shows up, for instance, when users buy into and act on baseless conspiracy theories like “Pizzagate,” which nearly led to tragedy in 2016.
- Online harms, such as disinformation, the promotion of terrorist and violent content, and trading in illegal goods. The first of these was on full display in recent US presidential elections, with adversaries and domestic forces seeking to tip the scales or even undermine the very credibility of the democratic process and the country’s global leadership.
- Risks related to the inappropriate deployment of artificial intelligence, with a lack of transparency and agency. As SpaceX Founder and CEO Elon Musk puts it: “We’re headed toward a situation where Artificial Intelligence (AI) is vastly smarter than humans and I think that time frame is less than five years from now. But that doesn’t mean that everything goes to hell in five years. It just means that things get unstable or weird.”
- Risk related to monopoly power, as a small number of tech giants—such as Facebook and Amazon—have become the world’s most valuable companies without formal and structured government oversight. In particular, Big Tech players leverage access to large client pools and the convenience of integrated technology to peel off the most attractive parts of the financial services value chain.
Digitization strategies will only be scalable and sustainable if associated risks are effectively managed
This calls for debate, both at the national and international level, on what solutions are available to public and private sectors to achieve this outcome.
In some countries and organizations, the conversation on how to manage these risks is well underway. For instance, the UK’s Online Harms White Paper—currently under review—sets out a program of action to tackle content or activity that harms individual users, particularly children, or threatens the country’s way of life—either by undermining national security or by undermining shared rights, responsibilities, and opportunities. Meanwhile, the European Commission has issued Ethics Guidelines for Trustworthy AI, which address societal and ethical concerns related to artificial intelligence and reflects similar edicts originating in Australia, Singapore, and the Organization for Economic Cooperation and Development, among others.
If GCC countries want to play a leading role in shaping the digital economy’s future and make it the foundation of their economic transformations, they need to tackle these risks head on. Saudi Arabia is off to a good start. The Kingdom recently established the Saudi Data and Artificial Intelligence Authority with the mandate of developing the performance of the public and private sectors through utilizing the application of AI and Big Data. Its strategy includes the inaction of “the most welcoming legislation for Data & AI businesses and talents.” The strategy refers to developing a regulatory framework that will cover “data collection, classification, sharing, open data policy, and freedom of information.” Indeed, interim regulations are already in effect, and the reference to the future development of a regulatory framework indicates that these regulations will be refined in the coming months and years.
As they develop their policies, GCC governments should consider five principles:
1. Industry specific governance with a common philosophy
With digital technology infusing most sectors of the economy, it is not practical to think that all aspects can be regulated by a single authority. A patchwork of sector-specific regulators will pick up many practical issues related to technology. What is important is that there are a common philosophy and set of principles that unite the full framework, as well as a map that shows how the patchwork comes together and allows the government to identify any over or underlaps.
2. Develop standards-based regulations
Tech firms’ innovations and the risks that accompany them are evolving so rapidly that it’s easy for regulators to fall behind. Standards-based regulatory regimes capable of adapting to technological and social change could help a tech regulator get out in front and stay there.
Standards can be reworked for new risks, but changes to regulations and laws require extensive public consultation. With a standards-based approach, a tech regulator can introduce guidelines to encourage sensible innovation or, conversely, swiftly hold tech firms accountable when unforeseen risks arise.
3. Prioritize activity based on risk
Tech firms constantly introduce new apps, software, and hardware, and there is a real chance that an increasingly cash-strapped government will not be able to afford adequate staffing to properly enforce new regulations. A tech regulator would need to use a risk-based approach to target firms and activities that put the most people at risk first and rank the spectrum of potential threats.
The degree of supervisory intrusiveness should be commensurate with the size of the potential risks that companies pose. Big companies will require dedicated in-house supervisory teams, while much smaller teams can oversee primarily automated data-driven reports from startups. This ensures startups are not unfairly disadvantaged due to high costs of regulatory compliance.
4. Innovation-friendly bias
As ever with regulation, governments need to manage a delicate balance between offering businesses the space to experiment and innovate while providing guard rails to support policy objectives and make the sector’s development sustainable. The cost of compliance with well-intended regulation can constitute a significant barrier to new market entry and, thus, stifle innovation—a reality that large incumbents are only too happy to perpetuate. Financial sector regulators have experimented with Sandboxes and TechSprints as ways to encourage innovation and avoid conflict with important policy objectives.
5. Digital by default
Machine executable regulations, integrated data platforms, and reporting application programming interfaces should be part of the standard operating model from day one to reduce the cost of compliance for companies while increasing risk management efficiency. By replacing quarterly reports with technology platforms that permit regulators to pull information related to key risk indicators from companies’ systems directly, regulators will be able to monitor companies more proficiently.
In the GCC, as elsewhere in the world, the digital revolution is well on its way. Indeed, its importance is uniquely heightened by the critical role it plays across sectors to diversify and transform national economies. Not surprisingly, GCC governments are focused on measures that promote digitization on all fronts. They would do well to recognize that identification and proactive management of associated risks will contribute to ensuring benefits are broad-based, inclusive, and sustainable.
Dominik Treeck is a partner in Oliver Wyman’s Public Sector & Policy practice. He advises senior decision-makers across the private and public sectors on strategy, governance, risk and organizational questions.
Image: A visitor uses his mobile phone as he walks at the Gulf Information and Technology Exhibition (GITEX) in Dubai October 17, 2010. REUTERS/Ahmed Jadallah