Technological Advancements, Benefits, And the Struggles of Implementing Them
Compliance directors in many organizations have started using new technological trends to facilitate their jobs. In light of some changes in our everyday lives, what does it mean to use artificial intelligence, machine learning, and robotic process automation for compliance operations? What challenges would compliance personnel face when incorporating new trends in their work? And more importantly, what’s the ROI of compliance digitalization?
Saying that businesses were affected by the pandemic is an understatement at this point. Similarly, it would be an understatement to say that different facets of organizations are undergoing digitalization rapidly. As a matter of fact, the year 2020 has served as a catalyzer to accelerate the pace of technological advancements and digitalization.
But what’s in all this for compliance? After all, isn’t compliance one of the few areas that has resisted the IT revolution, compared to other areas? Well, it turns out compliance can benefit greatly from incorporating digitalization in its activities.
Changes in the World and Challenges for Compliance
Let’s take a look at what is happening in the world and what new challenges compliance is facing.
During- and post-COVID workplace(s)
Restrictions and regulations to contain the pandemic have pushed companies into changing their business models. Furthermore, more people than ever are working from home (WFR). The penchant for people’s new workplaces and the WFR-attitude in general, will probably linger on for a while. For compliance, this means that risks need to be reevaluated. The topics that need to be addressed in a new compliance risk assessment plan are varied, from management and safety of essential staff working in company premises, to ensuring proper documentation by staff working remotely, and so on.
Ah, good old Brexit! We thought it was done once and for all and it wouldn’t appear in the news every day. But, for compliance professionals the reverberations of the Brexit deal are stronger now! In fact, after the 1000+ page deal was published, compliance directors and legal staff working in organizations that operate partly or fully within the UK were among the first who needed to understand what the deal meant for their organizations. And of course, there are many issues that remain unclear.
Fraud, ransomware, and other threats
Malicious activities online, and especially fraud have seen an increase during the lockdown(s). See, for example, the report by LIMRA on fraud in financial services.
For compliance, this means that they have to stay one step ahead of the fraudsters, hackers, and so on, by maintaining existing security controls of various management systems and implementing new controls (i.e., updating those management systems). Furthermore, the remote workforce is more vulnerable to threats from outside compared to the workforce working on company premises. The compliance team, therefore, needs to reassess risks and offer support in light of the new work circumstances.
Laws and regulations on data collection and processing
Newer, stricter laws that regulate the collection, compiling, and processing of data and personally identifiable information (PII) are constantly being enforced in a lot of places (e.g., the GDPR in EU, CCPA in California).
Again, as was the case with the Brexit deal, compliance directors need to look out for the ways in which their organizations use data, how technological upgrades affect data collection and processing, and what protective measures are in place for individuals whose data is being collected and processed.
Money laundering and bribery
Compliance directors working in the EU need to understand the Money Laundering Directives (MLD) updates continuously. In fact, this document keeps being updated by EU authorities quite often. The latest update (MLD6) extends the criminal liability to legal persons and it expands the scope of criminality (with “aiding and abetting” being grounds for prosecution as well).
What Digitalization of Compliance Processes Entails
Well-configured software undoubtedly helps automatize many activities that some people would consider timeconsuming and painstaking. Digitalization of compliance activities means that certain processes are now managed by technology, while the compliance personnel can shift their focus onto data analyses, interpretation, and other logical activities that technology cannot replace.
- Digitalization nowadays is unavoidable, and the pandemic has only accelerated it.
- The world going through major changes and that means more work for compliance; those changes can be political (as is Brexit), legal (GDPR, CCPA), or social (work-from-home attitudes, social inclusivity, etc.).
- Digitalization of compliance activities allows the personnel not to do timeconsuming tasks, which can be done by AI and other software, but instead to focus on meaningful analyses and be involved in decision-making.
Artificial intelligence (AI)
A very valuable use of AI is finding relevant information across the entire internet. Google Alerts, for instance, is one example. The compliance personnel can rely on such tools to be notified every time something that pertains to their work comes up, without having to do random internet searches periodically.
More specialized uses of AI include risk and threat identification and rating based on previously set configurations. AI can also approximate the likelihood of threats occurring.
Another use of AI that cannot be overlooked is the conducting of gap analyses. AI can compare and contrast an existing system with a desired one, thus identifying the gaps which would later be analyzed by the compliance personnel.
Machine learning (ML)
As you can probably infer from the name, machine learning “teaches” computers to acquire data, analyze and make predictions, and it does this through big data. An example of machine learning in use are analyses and predictions for the number of and risk presented by malicious emails based on data from previous attacks.
Robotic process automation (RPA) in monitoring and measurement
RPA is optimized for collecting data from multiple sources (non-financial or numerical data included, as well as risk reporting) thus enabling companies to refocus their employees’ potential in highly complex tasks that are judgment-based. Interestingly, RPA can also be optimized for risk-analyses, root-cause analyses, and so on.
Where to Go From Here
First and foremost, implementing new systems or tools is not always easy. In the case of digitalization of compliance, it is a process that requires the involvement of multiple stakeholders. The top management must express their support in concrete ways; the compliance team must cooperate with the IT and/or software development team since their expertise is needed; compliance staff themselves need to have some IT background, apart from their business and/or financial education, and so on.
PECB Resources to Improve Your Compliance Processes
PECB’s eLearning platform brings you several training courses on international standards in information security and risk management, with training courses on data protection, anti-bribery, and privacy protection to come this year.