A perfect storm awaits businesses as compliance issues continue to mount up

BUSINESSES, and those who manage their risks, have been subjected to excessive stress as a result of the pandemic. The fallout has been far reaching, and very few industries have escaped unscathed.

In the corporate world, it is compliance teams that have been hit exceptionally hard. Many compliance professionals have already left their posts, and "The Great Resignation" is likely to see that trend continue. For those that remain, a compliance "perfect storm", caused by prioritising business survival over internal controls, awaits.

As the bastion of corporate safety, compliance teams are the first line of defence for most companies. The arrival of Covid-19 not only exacerbated existing risks, it introduced a whole new set of challenges at a time when many compliance programmes were already strained. In fact, according to Accenture's 2021 Global Risk Management Study, 77 per cent of risk leaders believe that complex, interconnected risks are emerging at a more rapid pace than ever before.

Huge disruptions to supply chains forced compliance officers to assess new suppliers in record time, while the rapid shift of entire workforces to remote working increased IT security breaches and exposed companies to cyberattacks.

The move to remote working has also made it increasingly difficult for compliance to effectively do their job from afar, with internal investigations, risk assessments and employee training all moving online. Throw into the mix complex and frequently-changing government regulations and stringent travel restrictions, and companies can find themselves facing a minefield of potential legal battles.

The average day for a compliance team will see it stretched in multiple directions, always feeling as if they are playing catch-up and conforming to new rules and regulation. This not only includes compliance with national and international laws and regulations, but also adherence to the company's ethical and moral principles.

NO EASY TASK

Not an easy task, even on the best of days. It is hardly surprising that of those risk leaders surveyed in the aforementioned Accenture study, fewer than a third are "very satisfied" with their progress in bolstering operational resilience in the past2 years. Furthermore, less than half took vital steps to fortify stress testing, such as expanding the range of scenarios covered or involving more stakeholders.

Should a risk become reality, the potential consequences can be great. Claims for damages, fines, even sanctions or imprisonment are all possible, as well as the huge reputational damage at risk. Companies that fail to invest in their compliance teams fall short at their peril.

Risks vary from company to company, and can occur in the context of a large number of legal areas; however, the highest risk areas are corruption, fraud, bribery and money laundering. Criminals thrive when they can exploit uncertainty, and since the pandemic, these ever-present risks have become much more sophisticated.

Take cryptocurrency fraud. Tales of crypto ransoms paid out to hacker gangs regularly make the headlines. These days, every single cryptocurrency transaction is recorded on a blockchain, leaving a visible trail - but only those with the technical know-how can trace and reverse transactions. Compliance teams, and businesses in general, are left facing a tough new reality, fraught with unique challenges that make it near impossible to apply previously tried-and-tested methodologies to understand new technology and mitigate these emerging risks.

Even as companies embrace new compliance obligations, their responsibilities have expanded and outpaced their limited resources. For example, many of the excellent corporate intentions encapsulated by ESG (environment, social and governance) are now being placed on compliance's shoulders.

Despite the energetic focus and commitment to ESG, there remain significant challenges around accessing and collecting data in a way that is transparent, credible and consistent. Without standardised ESG definitions and concepts in place, the discrepancy between ESG and sustainability reporting standards can be overwhelming. All this at a time when 8 in 10 risk leaders say their teams are already struggling to balance time spent on value-add activities with traditional duties such as reporting, according to the Accenture study.

With the pressure pounding down, it is not hard to see why a significant number of senior complianceprofessionals are at breaking point, and why many are choosing to leave the profession altogether. Those who remain are left with the task of recruiting from an ever-shrinking pool, thanks to the global talent shortage.

TECHNOLOGY CAN HELP

Although it may feel like the future is bleak, technology can offer some hope to overstretched and under-resourced compliance teams. The latest tools on the market utilise Big Data to streamline workflows and enable compliance to quickly flag new risks. Many companies are now looking to leverage technology to make their compliance programmes more resilient and efficient in the long term.

These automated compliance solutions take an integrated, enterprise-wide approach to analyses including legal, compliance, governance and reputational risks. The ability to apply a "third lens" to legal due diligence that enables the integration of ESG considerations is also critical, and there are now tools available that identify and monitor external ESG risks and opportunities, and embed ESG due diligence across corporate, financing and transactional activities.

Tried-and-tested, old-school compliance propositions still hold true too. For example, happy employees - those with a high sense of job satisfaction and who are invested in their employer's business - remain the most effective fraud and corruption detection tool available. Good employees make excellent whistle-blowers.

The new threats and risks brought about by the pandemic are here to stay. Compliance is an ever-changing discipline, and even the best practices today can quickly be overtaken by new regulatory requirements, technological advances and real-world experiences. To survive the oncoming storm, compliance teams need support and investment more than ever before. Knowledge of new and emerging risks, data analytics and technological innovations will be critical to success, and the future of the profession.

• The writer is head of investigations, Asia, at DLA Piper.