RiskMap 2021: The legal and compliance perspective

As we move into 2021, legal and compliance teams – like the companies they work for – undoubtedly face challenges. In a new and evolving world, companies will go full throttle on financial recovery and growth, hoping to avoid becoming one the pandemic’s corporate casualties. At the same time, legal teams and compliance officers must ensure the crucial issues they oversee retain prominence, when so much focus at senior levels will be on the balance sheet. This is undoubtedly going to be tough. Especially when the issues are more complex, the expectations broader, the timeframes shorter, the stakes higher, but, in many cases, the budgets smaller.  

Expectations increase for technology-driven compliance management: Digital transformation in compliance risk management has been significantly accelerated this past year. Regulators have reiterated their expectation that companies should have digitised compliance monitoring in place and to leverage analytics to reinform and evolve the program. Digital transformation and advances in data analytics have been great enablers for teams grappling with swathes of data or engaged in complex internal investigations – a lifeline when most audits and investigations have had to be conducted remotely this year. Despite the sometimes overwhelming pace of change, in its simplest form, technology is used to collect, process and analyse data. But it is critical to remember that behind that data stand people, whose behaviours are not changing as fast as the technology is. And so, legal and compliance teams must continue to understand and respond to what drives human behaviour, which is more of challenge than usual when, for many, that behaviour is masked by a remote computer screen as people continue to work from home.

Digital transformation changes business and introduces new risks: Never has technology been so relevant, both personally and professionally. It has allowed us to live and work virtually and is driving rapid change in the way companies do business and how legal and compliance teams operate. Covid accelerated this. Just as the prevention and detection of corporate crime has evolved, so have the crimes themselves: from blockchain-enabled cryptocurrency crime to the resurgence in social engineering frauds, many of which are enabled by technology. For many teams, the precipitous leap into digitisation has brought with it immediate challenges to how they conduct their work, and organisations have struggled to transpose their legal and compliance risk management frameworks onto these new ways of working. For instance, the increased use of technology in internal monitoring and investigations gives rise to issues around data protection regulation, which we can expect to see more of in the coming year (with changes in data privacy laws likely to be enforced in Brazil, the US, South Africa and India to name but four).  

New geopolitics seep into compliance: As well as having to digitise, organisations continue to expect their legal and compliance teams to adapt to rapidly changing geopolitics. Interpreting proliferating sanctions regimes, new export controls, rewritten foreign investment regulations and the broader regulatory compliance landscape has long been a headache for many. Sanctions (and the newer kid on the block, foreign investment screening), are increasingly used by world leaders as protectionist and foreign policy tools, meaning the sanctions teams of the future will need to try to predict how relations between nations will play out. And with an economically fragile world, with Chinese ambition under increasing scrutiny, and with a shift in the US political landscape, anticipating what Iies ahead on the geopolitical stage will be harder than ever. 

Everything impacts supply chains: Geopolitics will also play into supply chains. Covid has exposed points of vulnerability, and companies in some sectors can expect pressure from governments and other stakeholders to bring their supply chains closer to home. The interconnectedness of the global system has seen organisations having to adapt, considering new suppliers and clients that bring with them different risks. This rush to bring on new third parties requires technology and capacity (which few legal and compliance teams have much of to spare), which must be managed alongside companies’ existing commitment to meet their compliance obligations.

Compliance skills come to the fore to support corporate citizenship. With the volume and gravity of work to do, legal and compliance teams will need to prioritise prudently in the coming year to weigh risk, and to ensure the right balance for their organisations. With reprioritisation comes opportunity. Legal teams and compliance officers can play a pivotal role in ensuring their organisation’s bounce back makes it a better corporate citizen – addressing stakeholder value and not just shareholder value. Even with Covid dominating the past year’s news cycle, it has been impossible to ignore the growing threat of climate change and the rising levels of social consciousness. As governments balance a green comeback against quick-win economic priorities, so must organisations achieve the right balance between ‘building back’ and ‘building back better’, which for many firms will see a greater focus their broader relationship to and impact on society. The answer will dictate companies’ individual organisational approach to deciding who is responsible for these issues, how it fits into the in the overall compliance structure, and how to measure and control their own impact, as well as that of their counterparties. Companies that will be truly resilient in coming years will reimagine their business models. Leaders will rethink who they are and who they want to be. And legal teams and compliance officers will innovate and seek to ensure their voice and experience play into their organisations’ thinking in this crucial year ahead.