Fall marks budget season for many businesses, and the economic outlook for 2023 isn’t rosy. Compliance departments already used to navigating resource constraints might face greater adversity.
With the threat of a potential recession looming, companies will aim to tighten their purse strings. The cost centers are the first place they’ll look; like it or not, many firms still position compliance and legal in this bucket. Planned initiatives will be put on hold, and new projects might hit the backburner in favor of preserving jobs.
The problem: The need to keep pace with technology is not put on hold. Artificial intelligence (AI), cryptocurrency, smart contracts, and even the metaverse are examples of evolving concepts with the potential for significant compliance opportunities—and ramifications.
Falling behind the curve on these developments is not an option. The pressure will be on practitioners to meet their needs within the constraints of the economic landscape, meaning the stakes will be higher regarding spending on technological improvements.
“In a situation like this, if you haven’t spent on a project and you’re about to pull the trigger—it’s been approved—you may have some second-guessing and double-checking on if there’s really a benefit to this,” said Steve Naughton, director of regulatory compliance studies and clinical professor at Loyola University Chicago Law School. Naughton served as global chief ethics and compliance officer at PepsiCo during the 2008 financial crisis. “In your position, you’re going to have to show there is a real benefit, both in the effectiveness of your compliance program and if this is going to help the company’s [return on investment] in some form,” he said.
One way or another, committing to a technology project requires a leap of faith. Taking a step back to weigh the risks and rewards can prove beneficial in the long term. Below are a handful of best practices to consider along your implementation journey.
1. Establish a roadmap
Like any project, starting without a clear vision and desired result in mind when determining whether to invest in a new technology could doom the initiative from the outset.
“Develop a list of core features and functionalities that are required to meet objectives—for instance, usability, budget, functionality, scalability, privacy, security, and more,” said Steve Chapman, chief customer officer at GRC software company NAVEX. “From there, vendors should be evaluated and scored based on the key requirements they offer, naturally narrowing the scope of potential solutions.”
There is no shortage of tools available; finding the right one to meet your business’s needs is paramount. But of course, you must identify those needs first, including a timeline of when you expect to receive results.
2. Understand the technology
Deciding to invest in a technology like AI is one thing. Confronting its capabilities and risks is a bigger task.
“Unless you really understand the technology—how it works, how the processes operate—it’s very difficult to properly assess risk and compliance issues.”
Guy Pendell, Partner, CMS
“You often have people who are making these decisions at the front end because they’re looking at the investment in their business, but they don’t necessarily have the same degree of in-depth technical understanding of the technology to look at it from the risk and IT back-end perspective as well,” said Guy Pendell, a partner at law firm CMS.
Pendell said he believes the need for specialist compliance professionals serving as experts in specific technologies is likely to grow. His firm conducted a survey of legal and risk professionals earlier this year, in which 69 percent of respondents said their organization would make more use of technologies like AI in the next three years despite half of respondents indicating use of AI will lead to risks and disputes that cannot be foreseen now.
“Unless you really understand the technology—how it works, how the processes operate—it’s very difficult to properly assess risk and compliance issues,” Pendell said.
Keep in mind: You or a colleague might also be asked by a regulator to explain your technology. Being unable to do so is not received kindly when an agency is seeking assurance risks are being properly managed at your business.
3. Set early goals and milestones
With pressure to stay within budget greater during times of economic uncertainty, losing sight of a project in Year 1 of implementation could prove costly in the near and long term. Establishing checkpoints from the start helps to maintain momentum.
“Historically, those who have been successful started small, then expanded,” said Patricia McParland, director of product marketing at risk solutions provider MetricStream. “Rather than enabling all business divisions at once or tackling all areas of risk and compliance, pick one or two, show success, and then expand. Focused, rolling goals will drive success along the way.”
4. Brief your employees
Decision-makers aren’t the only ones impacted by the onboarding of a new technology. What affects the company affects its workers, many of which might not understand how their job is impacted by the changes implemented.
“One of the big challenges organizations have when they go through particularly transformational changes in their use of technology is whether they’ve taken their employees and staff with them on that journey,” said Pendell. “There’s a lot of understandable anxiety around the adoption of new technology for staff. You might think, ‘Is my job still going to be intact in six months’ time?’”
A successful implementation process is dependent on change management initiatives, said Chapman, which include a communication strategy to relay adjustments being made.
“The last component to onboarding and implementation is a comprehensive training plan that ensures all involved parties are fully educated on how the solution works as well as how it meets business needs,” he said.
5. Maintain due diligence
The work never ends at onboarding. Once a new technology is in place, a close eye must be kept on how it fares to ensure it is the right solution.
Red flags to monitor include missed deadlines, misaligned expectations, or struggles among employees adapting to the tool, said McParland. Any concerns should be addressed, or the decision should be made that the technology isn’t working out.
Prepare to be caught off guard, added Pendell.
“There will be things coming out of the woodwork that perhaps people can’t even anticipate at the moment that may be quite specific to the systems and the environment they’re operating in, or there may be other issues in the use of this new technology that can’t be predicted,” he said. Compliance managers should check risk registers and processes to determine the technology areas critical to the business are being properly covered, Pendell advised.
Strategies for balancing risk/reward of investing in new technologies
- Currently reading
Five strategies for balancing risk/reward of investing in new technologies