The number of people engaged in control and monitoring grows year after year, both within companies and external regulators. A brave Dutch startup is taking on these control towers and automating controls where they belong: in the first line.

From GDPR to SOC2 and from WWFT to CSRD and a host of other regulatory frameworks: there is simply no escaping supervision and control for companies. Staff departments got their hands full setting up control frameworks to make organisations visibly compliant. Likewise for external regulators.

Both have been struggling with a shortage of people for years, and given the growth of laws and regulations, this is unlikely to change any time soon. Costs - for example, within the banking system - are spiralling out of control. Then there is also a persistent reflex that once supervision fails, (political) indignation usually follows, followed by more - or stricter - supervision.

Staff departments got their hands full setting up control frameworks to make organisations visibly compliant.

The situation is nothing to be happy about and yet there are few serious attempts to really do something about it. Bunq frontman Ali Niknam went into a legal battle with regulator De Nederlandsche Bank about how his bank is allowed to monitor money laundering, and the frontman won on points.

The court ruling also opened the door for others to more risk-based supervision, with more room for technological solutions. Controls should therefore be built into work processes, rather than making them a separate activity.

Practical

And that is exactly what TidalControl focuses on. Founder Dennis van de Wiel does not complain about regulatory pressure. For example, he thinks it is very good that Europe is leading the way in privacy rules or regulating AI applications, because there is a lot at stake here. `But that is only sustainable if we can also enforce those rules in a manageable way, otherwise you price yourself out of the market.`

The classic way of working is that controls are an extra and are also recorded as such - with forms and reports - so that the regulator or the auditor can determine exactly what has been controlled. However, the beauty of heavily automated environments is that technology also makes it possible to build those controls into the processes themselves and make this visible.

The company has set quite the ambition for itself.

TidalControl’s practice proves that it can be done. The company has a mission that does not lie. The company website states that it aims to create an open assurance market, where controls are modular and can be tied together as required. Together with the author of this piece, he has already written an opinion on it on this platform.

For now, it is nothing more than a nice vision of the future that is being worked on very steadily, especially with a new standard in how those controls can be automated. That steady path also means that TidalControl is not following the calibrated path of the Venture Capitalist and/or establishing itself in the US, but prefers to build quality applications step by step.

Adoption

It will not come down to the technology only. As is often the case, success will be determined by adoption. And in this case, Van de Wiel has the advantage there of a large market demand - everyone is short of hands and wants to make compliance work more efficient - and the disadvantage of a rather stagnant approach. After all, in the classic approach, there are control officers working as an extra on the organisation and reporting on it.

You have to base conclusions on what is built into the systems.

In Tidal Control’s approach, there is much more use of system data to establish that certain activities have taken place and disclosure of that to stakeholders. `You have to base conclusions on what is built into the systems. But that means letting go of the idea that control has to be done by people reporting on it. I have to convince both my client and the regulator that this is a better approach.`

How it exactly works in practice, depends on the specific client and its compliance challenges. Van de Wiel guards against tailor-made solutions every time: `We implement a standard framework and of course offer flexibility within that framework. But no customisation: then you run the risk of having to keep doing maintenance for a hundred clients. That is not scalable.`

Elliott’s Scale

Near the end of last century, visionary American accountant Bob Elliott outlined a future in which technology takes the leading role in processing, generating and controlling information. In the series ‘Elliott’s Scale’, Nart Wielaard takes the measure of tools, initiatives, startups and incumbents to examine how much innovation is actually going through the industry.

Strong vision

All in all, TidalControl is working on fundamental innovation from a strong vision. The battle with the ever-expanding control towers is highly relevant. At the same time, it has only just left the stall and has only a small customer base. And that combination makes for 3.5 stars on Elliott’s scale.

Writer Nart Wielaard works at the intersection of society, technology and business. He reduces complex developments to simple and understandable stories and does so in the role of moderator, consultant and writer.