I always enjoy retrospective “year in review” postings to start off the new year. For years, I have sought to identify and capture important compliance trends, typically focused on specific professionals in the compliance arena. This year, however, is a little different.
Compliance is at an important inflection point. Corporate business headlines have been dominated by technology issues. I am not convinced that these headlines accurately reflect the level of risk that companies face in response to technology issues.
Compliance and technology have an important dependency. Compliance functions need technology to leverage resources, build world-class compliance programs, and operate in an environment that reflects today’s real world. On the other hand, commentators are using lots of ink to warn about the dangers and risks posed by technology — with particular emphasis on artificial intelligence and the rapid evolution of information tools, such as ChatGPT and other generative information tools.
In this environment, the challenge for compliance professionals is a delicate one — how to embrace and incorporate the benefits of the information technology revolution. It is easy to identify potential benefits of IT to a corporate compliance program — data analytics, financial transaction monitoring, and content-generating and analysis functions to promote compliance communications. Artificial intelligence, when leveraged properly, is an invaluable asset for compliance professionals and their responsibility to maintain an effective ethics and compliance program.
On the other hand, the new technologies pose risks to a business that may incorporate artificial intelligence tools in core aspects of their business operations. Companies that depend on artificial intelligence for essential functions — e.g. approving loan applications, conducting due diligence, calculating risks, and other important business-related functions — have to address the risks,. In particular, artificial intelligence can quickly gloss over disinformation risks, potential intellectual property violations, and discrimination against categories of organizations and individuals. These risks, if not addressed, can quickly result in harm from collateral litigation, stakeholder dissatisfaction and serious reputational harm.
While there has been much written and said about the constellation of risks, companies should undertake a realistic assessment of potential risks and how they apply to its business operations. Once again, it is easy to over-react to the headlines, bandy about the new terminology to demonstrate how we are familiar with cutting edge technology and compliance issues. For most companies, this hard look is likely to result in a minimal degree of risk. Instead, when a realistic view of the business is examined, companies are likely to find that cybersecurity, anti-corruption, sanctions and financial control risks continue to place at the top of relevant risks for assessment and mitigation purposes.
I do not mean to diminish the importance of new technology and AI in particular for businesses as they prepare for the new age of economic performance. My only hope is that we do not get carried away with the headlines and responding to popular topics while ignoring the real risks that face each company.
Against this “cynical” view, compliance professionals have a duty to stay informed on technology issues, embrace them as effective tools for their own use, and monitor developments in the field as businesses incorporate technological solutions to business problems. This is where the real “Person” of the Year belongs — compliance professionals are effectively incorporating IT capabilities to build important new tools for data analytics, monitoring and financial snapshots of risky activities. It is here where the real work is occurring and where compliance and IT capabilities result in exponential improvements.
Some compliance programs are still “behind” when it comes to leveraging IT resources in their compliance programs. But like past trends, compliance usually catches up quickly through professional education, sharing of best practices and ideas, and compliance professionals who are exposed to new technologies from their business clients.
