It’s hard to tell whether the age we’re living in is the calm before the storm or if it is the storm. One way or another, we’ll likely get some clarity in the year ahead for CCOs navigating these choppy waters. Here are 10 predictions on what will dominate compliance headlines in 2020.

1. Big Tech in antitrust crosshairs

Lawmakers and regulators from both sides of the aisle, on both the state and federal level, and in both the United States and Europe are ganging up on Big Tech.

Multiple antitrust investigations are underway into the power and practices of market-leading digital platforms (we’re looking at you, Facebook, Google, Apple, and Amazon)—companies that have both products and services to sell and run the marketplaces in which they are sold. Notably, the U.S. Department of Justice, the attorneys general from nearly every state, and the European Commission have launched probes over the past year into whether these technology behemoths are playing fair. Expect more headlines and Congressional hearings in 2020.    

2. Deregulation

After being elected in 2016, President Trump vowed to cut two regulations for every one that was created. According to the White House, he’s beaten that projection, cutting 8½ rules for every new one.

The most significant change was a partial rollback of the Dodd-Frank Act in May 2018, which exempted some smaller banks from certain rules and loosened regulations designed to protect larger banks from the type of sudden collapse that sent the economy in a tailspin during the financial crisis of 2008.

With Congress now divided (Democratic majority in the House, Republican majority in the Senate), we’re unlikely to see further major rollbacks in 2020, but we’ll be keeping an eye on how the current easing impacts Wall Street. 

3. Recession worries: Impact on ethics and compliance

The economy is booming heading into 2020, and with bottom lines in great shape, companies have devoted more resources to environmental sustainability efforts, employee training and engagement, and maintaining robust compliance programs.

But what happens if the market turns, or if increased chatter about a potential recession impacts the aforementioned compliance efforts and companies start to prioritize short-term economic growth over long-term strategic planning? History tells us firms will put a heavy emphasis on maintaining their profits, even if it means finding ethical shortcuts to do so.

Some executives will play things closer to the vest, economic reporting will get a bit murkier, and those resources devoted to compliance will take a back seat. Ethics can’t be the first thing compromised when trouble hits, but it often is.

4. 2020 elections

We don’t get into politics too much in this space, but compliance can’t ignore the elephant in the room. Next November, not only will we be voting for president, all 435 seats in the House of Representatives and 34 seats in the Senate (including a special election in Arizona) will be up for grabs as well (22 of which are held by Republicans, who currently hold a slim majority).

Whatever the outcome, it will impact the regulatory environment heading into 2021.

5. Protecting whistleblowers

Whistleblowers play a vital role in uncovering wrongdoing. Without them, corruption at companies like Enron, Wells Fargo, Theranos, Cambridge Analytica, and many, many more might never have been uncovered. And let’s not forget it was information from a whistleblower that ultimately led to the impeachment inquiry into President Trump.

Yet it seems—mostly because of President Trump’s efforts to discredit the individual who brought the now-infamous Ukraine phone conversation to light—the reputation of whistleblowers in general is under attack.   

There are both state and federal laws protecting whistleblowers, yet retaliation is still an issue. According to the Ethics & Compliance Initiative’s 2019 Global Benchmark on Workplace Ethics report, 44 percent of those who reported corruption in the workplace experienced retaliation. The number was even higher for those who reported sexual harassment.

Will Trump’s public berating of the impeachment whistleblower embolden those accused of wrongdoing to retaliate?

6. Data privacy equation has changed

Multiple variables are converging on the issue of data privacy to create a perfect storm for compliance:

  • Consumers are starting to grasp both the volume of data companies have on them and the value of that data. They also understand what’s at stake if that data is exposed to hackers.
  • Consumers expect the companies that hold their data to be transparent about what data they hold, why they’re holding it, how they’re protecting it, and how they’re benefitting from it.   
  • Regulators are having the same epiphany as consumers and are developing regulations to hold companies accountable for the data they hold. In Europe, the General Data Protection Regulation (GDPR) has been in force for more than 18 months, and the first modernized state-side law—the California Consumer Privacy Act (CCPA)—went into effect on Jan. 1.

What this means is companies better have their house in order when it comes to data. They must first understand all of the data they (and their third parties) hold; have a valid business justification for holding it; protect it; and be in compliance with the regulations in place that govern the data they’re allowed to hold on individuals, which will vary depending on how that data is gathered and where the individual and/or business is located.

All that’s at stake is your company’s reputation and a potentially business-crippling fine.

7. GDPR: Waiting for the big one

The European Union’s GDPR was said to be the most powerful privacy regulation in the western world, primarily due to the potentially enormous fines a company could incur: up to 4 percent of global annual revenue. For a company like Facebook or Google, that number could be in the billions.

We’ve yet to see a GDPR fine north of $230 million, but 2020 could be the year that changes. Major tech firms are the subject of at least 19 investigations into potential GDPR violations by the Irish Data Protection Commission (the home data protection authority for most U.S. technology giants), including at least 10 probes into the practices of Facebook alone.

8. Regulators will reward good-faith efforts

Thanks to a softening of several policies by the Department of Justice over the past year, companies have more incentive than ever to self-report violations and demonstrate a robust compliance program.

Most notably, updates to the Evaluation of Corporate Compliance Programs announced in April outlined what prosecutors will be looking for in determining whether a company will be punished for violations. Did the company self-report? Is it cooperating with authorities? Is its compliance program well-designed? Does it work in practice? Did the corporation thoroughly investigate and remediate the situation? If the answer is yes to all of the above, companies can expect leniency from the Justice Department.

A similar message was sent by the European Data Protection Board at Compliance Week’s Europe conference in November. If a company can show a mature data protection program and good-faith efforts to comply with the GDPR, regulators said, it’s much more likely to receive guidance instead of a fine.

It’s a trend we expect to continue into 2020. The bottom line for compliance is this: Understand what your regulator expects, because that is what you will be judged on.   

9. Ethics and Artificial Intelligence: Trouble ahead?

Huge advances in technology are fundamentally changing how we live, work, and relate to one another. Artificial Intelligence and machine learning are here to stay, and it’s up to compliance to make sure this technology is utilized ethically.

It’s easy to see a company’s business incentives for using advanced technology like AI. It has the capability to create transformational efficiencies (think of a fleet of self-driving trucks or delivery drones dropping packages at your doorstep), but it’s also not difficult to envision abuses that cross ethical lines (e.g., a system design to select prisoners for parole having racial biases).

Don’t expect lawmakers and regulators to lead the way on this; they have shown time and again to be more reactive than proactive. It’s up to the business community—and specifically the compliance function—to ensure transparency, accountability, and an ethics-by-design approach. 

Mark these words: There will be companies, likely in the year ahead, that find themselves in hot water because they put business priorities ahead of ethics when it comes to AI. These will be the examples that ultimately inspire action from slow-reacting lawmakers and regulators.

10. Supply chains, geopolitical risk, and third parties

If you’re doing business in this global economy, you know the headaches of keeping track of  which sanctioned countries, companies, or individuals you can’t do business with, which spur-of-the-moment tariff hikes are going to impact your bottom line, and which questionable third party will ultimately prove to be the weakest link in your supply chain.

It’s nearly impossible to keep track of it all, but it’s your job to try. Technology can help, especially in identifying high-risk entities and proving good-faith efforts to regulators.

The fact is, though, that just 6 percent of respondents to a jointly conducted survey by CW and Aravo indicated their TPRM programs were “mature,” and that third parties are involved in about 80 percent of all FCPA enforcement actions. So companies must be pumping money and resources into their TPRM programs, right? Not so much. According to a recent Deloitte survey, 70 percent of organizations believe they are underinvested in TPRM.

Companies can’t catch everything, but they can do better. We’ll see what better looks like in 2020.