Compliance Risk and Diligence
Complying with anti-money laundering and anti-bribery and corruption regulations.Compliance Risk and Diligence
There may finally be an end in sight to the perpetual increases in compliance spending that have afflicted companies of all sizes since the wave of regulation that followed the global financial crisis.
Relief can’t come too soon: One in five firms expects the cost of compliance to soon reach a hulking 10 percent of revenue as regulations proliferate and risks – especially of reputational damage – multiply. But even as that cost escalates, companies will continue to absorb it, compelled by the knowledge that a compliance failure can expose executives to criminal prosecution and inflict swift and severe value destruction. Firms accused of bribery and financial fraud lost almost 50 percent of their market value, according to a 2014 study by George Mason University’s law school. Fines and sanctions can end up being the least of your worries.
But I have good news. In the past year I have observed a pair of encouraging developments, each with the potential to help organizations hold down compliance costs without incurring greater reputational risk – or exposing their executives to criminal liability. Advances in machine learning hold the promise of streamlining the complicated, critical and labor-intensive tasks involved with assuring that a company and its vendors are abiding by the law in every far flung jurisdiction where they operate. At the same time, a decade of concentrated effort and investment in compliance had engendered a cultural shift, endowing leaders and workers with a commitment not only to playing by the rules, but also to simply doing the right thing – and to speaking up when they witness something amiss.
Automating the Subjective & Complex
Many of the tasks required by new regulations are monumentally complicated. Anti-bribery and corruption efforts require deep research into the secondary and even tertiary relationships of vendors and other third parties all over the world. Monitoring every employee, third party and transaction everywhere an organization does business would take armies of trained (and expensive) compliance professionals. Until recently those tasks have been too subjective and complex to automate.
Enter artificial intelligence and machine learning, which for the first time are enabling computers to not only supplement, but also, soon, to entirely take over functions from the humans who have up to now been responsible for helping companies navigate compliance minefields such as third-party due diligence.
To understand how it works, think of a company looking at a straightforward acquisition overseas. In standard due diligence, the acquiring firm would conduct thorough background research on the target company’s principals, including most likely the CEO, CFO and General Counsel. One part of that research would look at whether those officers have been the subject of litigation; but the GC’s name would, by virtue of her position, appear in dozens of legal filings. A traditional computer search would simply return that list, and then a human being would have to scrutinize it to sort the ordinary commercial legal actions from potentially concerning matters derived from her personal activities.
But in the last year I’ve seen the artificial intelligence software apply that scrutiny on its own. The computer produces a report that eliminates irrelevant legal matters and tells us exactly where we need to dig further.
That kind of advanced computing can give companies across all sectors an efficient, effective way to monitor and assess critical areas including human trafficking, politically-exposed persons, finding legal problems such as bankruptcies and indictments and other, harder-to-categorize adverse data.
Such digital automation holds meaningful promise for both large and small firms across every sector. Global financial companies with complex, heavily regulated operations and armies of compliance workers can slow the growth of that headcount without sacrificing certainty that they’ll catch every potentially business-destroying transgression. Smaller companies and corporates can rely on computer systems to enhance and supplement the capabilities of limited compliance teams.
The New Culture of Good Decisions
Not that software will replace human judgment entirely. But automating the mundane work of evaluating records and data while dispatching simple issues will allow compliance professionals to spend their time on sophisticated and ambiguous work requiring more discerning, nuanced judgment. And that judgment can be backed up with hard, reliable data produced by the computers. Because of the nature of machine learning, that data will get more reliable over time.
More reliable data will make for more informed decisions – particularly in the grey areas where executives must weigh not only the data in front of them but also factors like the regulatory climate in the relevant jurisdiction, the company’s particular risk tolerance and the current market environment. Entering a partnership with the brother-in-law of a high-ranking official in a corruption-plagued country may be an acceptable risk or a deal-killer depending on the organization, its leadership and the moment in time. But it’s hard to imagine humans ceding that decision to computers, no matter how intelligent the machines become.
Fortunately, those humans will have more organization-wide support, based on what I’ve seen lately. It’s been 10 years since the financial crisis laid bare the way ethical problems can cascade beyond firm-wide to system-wide catastrophe. In that time, a crop of employees at the leadership and rank-and-file levels have emerged – in the era of the Yates Memo and the U.S. Department of Justice’s Pilot Program and other self-disclosure programs – who take to heart the importance of neutralizing reputational and litigation risk. The cultural change that has taken place represents the most important shift organizations can make to keep compliance costs in check. A brigade of employees and executives committed to taking immediate and deliberate action to investigate, address and mitigate any potential violations is any company’s best chance to catch those violations early, and to address them before costs pile up – or regulators show up.
Workers increasingly do take proactive measures to understand and mitigate risk, while simultaneous strides in advanced computer systems have brought the cost down and boosted the availability of artificial intelligence tools that multiply the capacity of those workers to see and respond to risk. As a result, companies will soon have the tools and the teams to curb the ever-increasing cost of compliance and to give leaders confidence that they are avoiding the biggest risk of all: doing nothing.