January 26, 2021 | By Julius Melnitzer
Businesses’ full throttle on financial recovery and growth at pandemic’s end could mask heightened compliance and risk issues, according to a leading forecaster of global business risks.
“Legal teams and compliance officers must ensure the critical issues they oversee retain prominence, when so much focus at senior levels will be on the balance sheets,” state the authors of Control Risks’ RiskMap 21: The legal and compliance perspective.
But the authors predict the road will be a difficult one.
“This is undoubtedly going to be tough,” they write. “Especially when the issues are more complex, the expectations broader, the timeframes shorter, the stakes higher, but, in many cases, the budgets smaller.”
The upshot is that legal and compliance professionals must maintain a broader perspective.
“They need to focus on corporate citizenship and not just the balance sheet,” says Hannah Lilley, a London-based director in Control Risk’s compliance, forensics and intelligence practice.
Kenneth Jull, counsel at Toronto’s Gardiner Roberts LLP, is of similar mind.
“We’ve transformed into a digital and virtual economy almost overnight,” he says. “And there’s a lot of compliance systems that have not kept up.”
This despite the fact that expectations have increased for technology-driven compliance management – expectations driven partly by the need to conduct audits and investigations remotely during the pandemic.
“Regulators have reiterated their expectation that companies should have digitised compliance monitoring in place and [should] leverage analytics to reinform and evolve the program,” write the RiskMap 21 authors.
At the same time, the authors note, people are still the ones standing behind the data.
“What drives human behaviour has remained fundamentally the same,” Lilley says, “Organizations must respond to that without getting lost in the tech.”
Easier said than done, the authors point out, when human behaviour “is masked by a remote computer screen.”
Somewhat ironically, however, digital transformation itself introduces new risks. Consider, for example, the proliferation of blockchain-enabled cryptocurrency crime and the resurgence of social engineering frauds.
“Digitisation has created new ways of working, and organizations have struggled to transpose their risk and compliance frameworks onto these new ways of working,” Lilley says.
The increased use of technology in internal monitoring and investigation, for example, gives rise to privacy issues, which are becoming more important as the U.S., South Africa, India, and Brazil are among the many countries poised to strengthen their data protection laws.
Then there’s the risk created by ever-changing geopolitics.
“Interpreting proliferating sanctions regimes, new export controls, rewritten foreign investment regulations and the broader regulatory compliance landscape has long been a headache for many,” say RiskMap 21’s authors.
Supply chains, of course, are inextricably intertwined with geopolitics. With COVID having exposed supply chains’ vulnerabilities, governments may be pressuring stakeholders to mitigate their exposure.
“The interconnectedness of the global system has seen organisations having to adapt, considering new suppliers and clients that bring with them different risks,” the authors state.
Coming full circle, then, bringing in new third parties to the supply chain will require technology and capacity that hard-pressed legal and compliance teams will have to manage, quite apart from their organizations’ existing obligations.
And if that’s not enough, COVID has brought a growing awareness of companies’ duty to protect the life and safety of both employees and customers. In Canada, the RCMP is already investigating the death of Benito Quesada, a worker at the Cargill Protein plant south of Calgary who died from COVID-19 last May. The investigation comes after 951 employees, fully half the Cargill staff, tested positive for the disease.
“The Criminal Code places a duty on employers to protect workers,” Jull says. “So I’m telling my clients to put the right protocols in place because criminal, civil and regulatory liability could follow if they don’t.”
RELATED STORIES
Pandemic data hubs and contractual, regulatory and ethical risks
Chatbot aids firms’ privacy compliance by tagging clients’ exposure to data breach laws
Lawyers insecure about data security: study
The new way for in-house counsel to ID legal disputes early
Julius Melnitzer is a Toronto-based legal affairs writer, ghostwriter, writing coach and media trainer. Readers can reach him at [email protected] or https://legalwriter.net/contact.