ETHICS CORNER DEFENSE CONTRACTING
Taking Corporate Compliance Programs Digital
It’s 2019, and compliance programs simply must keep up in the digital world. Consumers of content — compliance and otherwise — have heightened expectations in the digital age. In addition, automation and technology enablement will increase the efficiency and the effectiveness of any company’s compliance risk management efforts, so they need to be a priority.
Here’s the big picture: government agencies are getting more clever. In just one example of many, the Securities and Exchange Commission has chartered an entire unit dedicated to using technology and data analytics to detect insider trading.
“[The] SEC Market Abuse Unit’s Analysis and Detection Center … uses data analysis tools to detect suspicious patterns such as improbably successful trading in advance of earnings announcements over time,” according to an SEC press release.
At a minimum, companies ought to be able to match the data analytics and other capabilities of their regulators.
In its April 30 guidance document on the Evaluation of Corporate Compliance Programs, the Department of Justice addressed the following elements it would look for when determining whether a company’s program is effective: the collecting, tracking and analysis of compliance data (otherwise known as compliance monitoring); risk assessment metrics; vendor risk management and third-party due diligence; and controls testing.
Several of these focus areas, by their very nature, require the use of technology — and, therefore, a whole new set of skills in compliance departments. Controls testing, in particular, is becoming more and more automated and assisted by technology like artificial intelligence and machine learning.
The Justice Department also cited the need for adequate resources — people and otherwise — in a compliance program, and companies would be wise to assume that includes technology investments in support of compliance.
Equally important, digital media has changed everyone’s expectations for content. As a result, an organization’s compliance content — from training to communications to policies — should be adaptable to any format. Codes, policies, training, communications, reporting, certifications — anything and everything compliance-related can and should be optimized for any device, and they should adapt and work smoothly, just like any other online content.
Developments in technology have raised expectations for content and visuals. Compliance content can and should be enhanced with learning tools and rich media so the audience will actually engage with the materials. Better digital tools enable visual polish and more interactivity. Many companies are using them to move beyond traditional learning approaches, incorporating profiling, test out and gamification, to name a few new options.
Technology also means companies can rely on microlearning, moving from “one and done” to continuous communication with their compliance audience. Better digital tools allow for easier, faster and less expensive course customization, leading to content that is more tailored to the organization. The more tailored the content, the more effective the training. Off-the-shelf content that feels shrink-wrapped and irrelevant to the audience is not effective.
Leading companies incorporate new information from multiple sources — including their technology-enhanced compliance monitoring programs — to keep their compliance training as relevant as possible. Technology can also enable just-in-time compliance training that feels more applicable and personal to a learner. Just-in-time learning might include “on demand” content — just like at home at the click of a TV remote or, in this case, a computer button — and “as needed” content, based on the audience; for example, automatic enrollment in new training when an employee is promoted to a management or executive role.
Just-in-time learning might also be based on what the audience is doing — automatic enrollment in new training when an employee begins a new, unfamiliar task — or where the audience is going — automatic enrollment in new training based on the audience’s upcoming business travel plans, for example. Technology enables that kind of a dynamic learning environment at companies where previously disparate systems should now be able to “talk to” one another, and it’s becoming less and less expensive.
More advanced organizations also use governance, risk and compliance technology and dashboards to manage compliance risk, allowing them to more efficiently and effectively identify, track, assess and report on their compliance risk management efforts. The technology can also enable policy management and monitoring in areas such as cybersecurity, fraud, travel, expense, gifts, entertainment and social media. These tools facilitate more streamlined processes and contain auditable workflow solutions to drive accountability and efficiency.
A technology needs assessment can help determine which elements of compliance programs would benefit the most from going digital. As part of their annual plans, compliance officers should build a business case for technology investment, including analysis of cost and eventual cost benefit. Collaboration with other functions, such as human resources, finance and IT, is critical.
Compliance departments should strive to better meet the needs of their audience and their companies. Organizations that evolve their compliance programs and efforts by taking them digital can adapt more quickly and efficiently to better keep up with the changing risk profile in their industries.
Andrea Falcione is a principal and head of advisory services at Rethink Compliance LLC, a professional services firm that assists companies with their compliance and ethics programs. She can be reached at firstname.lastname@example.org.