This is a quick and dirty tabulation of the various Corporate/Technology Governance, Regulation and Rules sources and paradigms…ie from which perspective they are written, what syntax and that drives and whether they are more or less formalisable.
Its the subject of just a few hours research, and I may return to it in future.
| Paradigm | Source | Modal | Duty-bearer | Syntax | Example | F’bility | Why | Discussion | Automation |
|---|---|---|---|---|---|---|---|---|---|
| Transnational governance principles | G20/OECD CG Principles 2023 | should | Framework | Framework + should + quality | “framework should promote transparent and fair markets…” | L | Evaluative system-level predicates; no duty-bearer. | Hart; Dworkin. G20/OECD 2023; FSB. | None; not desired. Used for qualitative ROSC/FSAP review. |
| Formal PBR | FCA Handbook PRIN 2.1.1R | must (open) | Firm | Firm + must + standard | “A firm must conduct its business with integrity.” | L | Words alone: open-textured by drafting; predicate evaluative; nothing in the text says how it operates. | Black, PBR Forms (SSRN): formal PBR = principles in the rulebook regardless of operating mode. The textual layer. | Text is structurally taggable (FCA Handbook is published as XML, marked up by clause); predicates themselves are not executable. Tagging is desired, predicate-formalisation is not. |
| Substantive PBR | FCA supervision practice (TCF, Consumer Duty operations) | n/a (operational) | Firm; regulator co-actor | Regulatory practice: purposive interpretation + regulatory conversations + outcomes focus + meta-regulation + responsive enforcement | TCF cluster reports; Dear CEO letters; supervisory dialogue on PRIN 6 and PRIN 12. | L–M | Behaviour is patterned and partly observable, but judgement-laden by design. Closing the operating predicates would convert the regime into rules — Black’s compliance paradox. | Black: substantive PBR can exist without principles in the book (BCSC example) and conversely formal PBR can lack substance (her Enron-era US GAAP point). The behavioural layer. | This is where SupTech actually targets: filing triage, MI dashboards, anomaly detection, complaints analytics. Desired; expanding fast. Cambridge SupTech Lab; FCA TechSprints. |
| Full PBR | FCA PRIN + Handbook supervision practice combined | must (open) | Firm | Firm + must + standard, operationalised through regulatory practice | PRIN 6 + the TCF programme; PRIN 12 + Consumer Duty. | L | Substantive layer doesn’t close the predicates of the formal layer; it operationalises them. The combined regime stays open-textured. | The canonical FCA case Black analyses; what most people mean when they say “PBR”. Bailey, Future of Conduct Regulation; Sants 2009. | Combination of formal-side text tagging and substantive-side SupTech. No single tool does both; they live on different sides of the regulator-firm boundary. |
| Polycentric PBR | FCA confirmed industry guidance; JMLSG; AIM Nomads; Big Four / consultancy interpretive layer | n/a (interpretive) | Firm + co-interpreters (trade bodies, consultants, gatekeepers) | Network of guidance + advice + practice elaborating principles into convergent operational standards | JMLSG money-laundering guidance; AIM Nomad regime; consultancy “Consumer-Duty-in-a-box” offerings. | M (de facto) | Formally L, but the consultant/guidance layer produces convergent compliance models that effectively close predicates in practice. Institutional isomorphism: Black’s compliance paradox; Power on risk-management consultants. | The wider cast Black flags as the fourth form. Industry guidance acts as “shield not sword” (FCA’s own phrase). Caveat: convergence reduces gaming but also reduces the diversity of compliance approaches PBR was meant to enable. | This is where vendor automation actually lives. Workiva, AuditBoard, ServiceNow GRC, Big-Four-built compliance platforms. Industry-side automation, not regulator-side. Strongly desired by firms (cost reduction); regulators agnostic. |
| Rules-based regulation | FCA Handbook (COBS, SYSC) | must (with conditions) | Firm | Firm + must + act + when C | Firm must obtain client info before personal recommendation. | H | Closed antecedent + observable act. | Kaplow, Rules vs Standards; NZ Better Rules. | Desired and pursued. OpenFisca, Catala. |
| Outcomes-based regulation | FCA Consumer Duty, PRIN 2A | must act to deliver | Firm | Firm + must deliver + outcome | “must act to deliver good outcomes for retail customers.” | L | “Good outcomes” irreducible by design. | Consumer Duty, PS22/9; Bailey 2019. Note: the same formal/substantive/full/polycentric decomposition Black applies to PBR applies here too — Consumer Duty already has a formal layer (PRIN 2A), an active substantive layer (FCA outcomes-monitoring + Dear CEO letters), and a fast-growing polycentric layer (consultancy “Consumer-Duty” practices, Big Four implementation tooling). Treated as one row here for compactness; expand if the operating reality matters more than the wording. | Partial. MI dashboards, SupTech on filings; predicate not formalised. |
| Statutory duty (mental-state) | Companies Act 2006, s.172 | must | Officeholder | D + must + belief + purpose | “must act in the way he considers, in good faith…” | L–M | Subjective belief + contested success-criterion. | Explanatory Notes; Re Smith & Fawcett line. | Negligible; CLR rejected checklists. Board-paper templates only. |
| Prohibition | FSMA 2000, s.19 | may not | Universal | Actor + may not + act + unless | “No person may carry on a regulated activity… unless authorised…” | H | Universal quantifier + enumerated exceptions. | FSMA s.19; Cracking the Code; Greenleaf. | Desired. FCA Register, sanctions/AML lists machine-readable. |
| Comply-or-explain | UK Corporate Governance Code | should + disclose | Listed company | Comply ∨ explain | Apply provision; if not, explain. | M | Wrapper formalisable; contents vary. | FRC Code; EC 2014/208. | Partial. ESEF tags status; explanation quality manual. |
| Management-system requirement | ISO/IEC Directives Part 2 | shall | Implementing entity | Subject + shall + act | “verbal forms in Table 3 shall be used to express requirements.” | M–H | Drafting convention built around verifiability. | Directives Pt 2; ISO/IEC SMART; CEN/CENELEC. | Strategic priority. SMART targeting Level 4. |
| Internal-control framework | COSO ICF | Indicative present | “The organization” | Org + verb + control state | “The organization demonstrates a commitment to integrity…” | M | Text underdetermines logic; lives in audit methodology. | COSO 2013; PCAOB AS 2201. | Mature on evidence side (OSCAL, GRC tools); framework text stays prose. |
| Risk-management outcomes | NIST AI RMF Core | Passive indicative | Implicit | Condition + is/are + managed | “Legal and regulatory requirements… are understood, managed, and documented.” | L | Voluntary; evaluative predicates; no addressee. | AI RMF hub; 1.0 PDF. | Crosswalking via AIRC to ISO 42001, EU AI Act; predicate verifiability sidestepped. |
| Disclosure-based standard | IFRS S2 / ISSB | shall disclose | Entity | Entity + shall disclose + topic | “shall disclose information enabling users to understand climate-related risks…” | M | Disclosure act formalisable; adequacy not. | IFRS S2; TCFD. | Most mature. XBRL, IFRS Taxonomy, ISSB Taxonomy; SEC/ESEF/HMRC mandate. |