How should a Board of Directors think about the digital transformation of compliance? What are the questions a Board should ask a Chief Compliance Officer (CCO) regarding the use of data analytics in compliance? How does a Board ensure that value is created through using data in compliance and make compliance more efficient in the area of risk management? Many Boards are struggling with these questions and others when it comes to a digital transformation. I was therefore intrigued by a recent HBR.org article, entitled “5 Questions Boards Should Be Asking About Digital Transformation” by Celia Huber, Alex Sukharevsky, and Rodney Zemmel. I found it to provide an excellent framework for Board’s to think through the data analytics now required in any best practices compliance program. I have adapted their work for the compliance perspective.
Most CCOs understood the need for a digital transformation to data analytics prior to Covid-19. Afterall, the Securities and Exchange Commission (SEC) have been talking about it since at least 2016 in the context of a Foreign Corrupt Practices Act (FCPA) enforcement action. After the Covid lockdown hit, the Department of Justice (DOJ), in the 2020 Update to the Evaluation of Corporate Compliance Programs, mandated that CCOs have access to company data and use it to monitor and enhance a compliance program. But Covid-19 has only accelerated that timeline, moving use forward three to five years. Digital transformation has become a matter of compliance survival and a top priority for Boards. While many Board members understand the need for a digital transformation in compliance, “they struggle to see how they can best add value. The complexity of technology and the speed of digital can make board members feel like they’re always playing catchup.”
This digital mandate also impacts the Board’s oversight role in compliance. As the authors note, it “is increasing the scope of the board’s mandate, opening up new fronts for risk and competition. Rising to the challenge doesn’t mean completely reinventing the board model, but it does require a thoughtful recalibration of where to focus directors’ energies. Asking the following five questions will ensure that boards are focused on the most important digital challenges. While some of these questions are more strategic, and others more operational, boards that address all of them can help push companies to achieve the digital transformations essential to today’s competitive advantage.” This is even more true for a compliance program.
- Boards must understand the implications of digital transformation well enough to provide oversight to compliance. Here “the goal is for the board to understand the implications of technology and digital on” compliance and more broadly risk management. Here the authors suggest two practices. First Boards should “take a more strategic view when bringing on new directors. Leading boards dig into their target hire’s actual experience in digital transformations and rigorously review how well it fits with the company’s digital strategy.” Second, provide extensive training to Board members on key digital strategies and technologies available to their compliance function.
- How the digital transformation fundamentally changes compliance. Here Board’s must take a “long-term view of where the value is heading is crucial to getting digital transformations right” for compliance. The faster pace of change means Boards must press hard on compliance assumptions, pushing a CCO to articulate how they see compliance evolving now and in the future. The authors state, “The board’s role is to push the [compliance] team to peer around corners and take into account the falling barriers across industries and sectors. Only then can the board feel confident that the proposed investment will help the [the company] jump up the curve, rather than merely stay mired in the middle of the pack.”
- Is it is working? Digital transformations in compliance can be complex and “this can generate a soothing level of activity, but it tells you very little about whether your digital transformation is on track.”To get past the noise, Boards can start with a hard-nosed assessment of the strategy and road map that compliance is taking. The authors suggest “When tracking progress against the strategy and road map, boards should focus on two sets of metrics. The first tracks outcomes and important leading indicators tied to value.” The second set of metrics “surfaces progress in the guts of the transformation itself. These metrics address changes in behaviors and processes deep in the organization. One key metric is the speed with which new ideas are translated into” operationalized compliance tools for the business units.
- The Board’s View of CCO Talent. The authors believe that the “digital-talent discussion at the board level is often limited to expressing the need to hire more” CCOs with digital experience or even savviness but they caution, “this is only part of the story. Given the scope of change required across the entire business, boards must develop an expansive view and pressure test the talent road map as much as they might the technology or digital-transformation road map.” A CCO must have a “good baseline knowledge of technology and digital.” But even more, they must have the right digital team members in place on the company’s compliance function. This means both increased head count and additional resources. They conclude, “Boards shouldn’t be involved at the individual hiring level, of course, but they do need to engage with senior leadership on progress made in developing this talent bench of digital expertise.”
- Emerging threats. Obviously threats from compliance to legal to reputational are on the rise. Risk management at the Board level has taken on a new urgency. The authors state, “On the risk side, boards generally have a clear understanding of the importance of cybersecurity. Many have a framework, vetted by third parties, to help evaluate cyber risk. Digital, however, opens new and different pools of risk. Regulations about privacy grab headlines, but local compliance or national security laws, for example, have introduced unforeseen risks to businesses when their servers are located in those corresponding locations.”
Even keeping track of competitive threats poses challenges. “On the one hand, there is the sheer volume of new businesses and technologies that burst onto the scene, often seemingly from nowhere. On the other hand, there’s the threat potential of established businesses operating in brand-new sectors: Think about e-commerce businesses getting into data management, tech companies moving into banking, or retailers into logistics.”
The authors conclude, ““Digital is what we’re going to be doing for the rest of our lives.” This is even more true from the compliance perspective. This mandates Boards supporting a successful digital transformation of compliance imperative. As the pressures and complexities of digital increase, Boards have a key role to play in guiding their compliance functions through successful, long-term digital transformations.