A landmark survey of more than 1500 compliance leaders around the world including 300 in the Middle East and North Africa (MENA) has revealed major risks associated with digitalization, with 41 per cent of those surveyed admitting their organization has already experienced enforcement investigations by regulators because of technology that was poorly on-boarded and/or implemented.
According to this new research The Currency of Connection: Mobilizing Technology for Compliance Integration, investigations are most likely to arise in relation to data privacy and cyber-security, as well as tax, transfer pricing, fraud and antitrust.
Yet at the same time, the research reveals that compliance teams, who are often a key line of defense against such investigations, are largely shut out of decision making around new tech, including a third of businesses surveyed who believe their organization is employing new technology without any regard for potential compliance and regulatory risk at all.
These stark findings come at a time when COVID-19 has significantly accelerated the digital transformation of businesses around the world, which is in turn attracting much greater scrutiny from regulators. In fact, at least 60 per cent (64 per cent globally and 59 per cent in MENA) of compliance leaders predict that scrutiny of tech-enabled business models and data privacy issues will now be top of their regulators' 'to-do lists'.
London-based Luis Gomez, Competition Partner, Baker McKenzie, said examining market tipping was one such area of focus: "Regulators are grappling with the implications of technology in relation to antitrust and market power. Many contend that, where previously the practice of “tipping markets” was relatively simpler to identify and address, today these forces are often undetectable until it is too late. Data is currency and organizations can, some allege, tip markets in their favor by virtue of access to uniquely valuable data. This presents a problematic and controversial new frontier in relation to competition and antitrust enforcement that is likely to play out over the next decade.”
To drive their own efficiencies, manage cost pressures (where 56 per cent of compliance leaders globally and 68 per cent in MENA have seen their budgets cut due to COVID-19) and to keep up with the digitalization of their wider organizations, compliance teams themselves are therefore also increasingly turning to tech. While this has largely to date been focused on relieving the administrative burden, most compliance teams are on the cusp of more ambitious investments. In MENA, 32 per cent of businesses surveyed are planning to invest between USD 3 to 5 million on new compliance technology in the future.
According to Joanna Ludlam, Global Co-chair, Global Compliance & Investigations, Baker McKenzie: "Within the next two years, the overwhelming majority of compliance leaders plan to further adopt machine learning, AI and predictive analytics within the function, and we are already seeing some advanced use of digital tools among tech-enabled compliance teams — including bots for finding and delivering information as part of compliance training and data-backed systems designed to identify concerning patterns of behavior."
However, maximizing the value of compliance technology is still challenging for many. At least 50 per cent of compliance leaders (56 per cent globally and 50 per cent in MENA) report that compliance technology is effectively achieving its primary purpose.
Regulators are also in some cases continuing to play catch up, with, 52 per cent of compliance leaders in MENA reporting that a lack of consistent guidance on compliance technology from regulators is a barrier to further tech adoption.
The Third Party Challenge
One area where is there is increasing concern and scrutiny is related to third party compliance risk, and in particular where a company has a minority interest, a JV, or regarding supplier relationships.
Technology is therefore being rolled out to support compliance teams with implementing best practice and managing risk among investment partners. According to our research, 46 per cent of compliance leaders in MENA plan to deploy technology to monitor the actions and behaviors of these third parties.
Borys Dackiw, EMEA Co-Chair of Compliance & Investigations, and Middle East Head of Compliance, Baker McKenzie, said: “Joint ventures (JV) and other arrangements with key business partners pose significant compliance risks such as conflicts of interest issues and bribery and corruption, in the absence of proper screening and compliance due diligence. As third party screening often requires more nuanced, non-public information particularly in the Middle East, businesses need to consider the extent of their investment in tech-enabled screening tools and integrity checks particularly in this emerging era of digitalization. Access to critical data about business partners is key to understand who you are dealing with and to identify compliance red flags when entering into JV agreements especially in high-risk markets.”
Artificial intelligence (AI) is particularly useful in managing third party risk. It can mine, collate and analyze public source information relating to investment partners to make connections that otherwise may not be made and highlight risks that may otherwise remain hidden. Used in this way, AI can provide greater insight and transparency on investment and procurement decision-making, thereby making it easier to assess potential hotspots.
Survey respondents in HK/China were the most likely to be seeing accelerated digitalization due to COVID-19, with 72 per cent of HK/China respondents reporting this trend, compared with 52 per cent in the US and 47 per cent in MENA, although the US does appear to already be further up the tech curve, particularly with its use of AI and machine learning.
Rapidly accelerating digitalization is also creating further risk. In MENA, 32 per cent of compliance leaders report that their organization is employing technology without considering compliance risk, and 41 per cent say their company has already experienced a related compliance investigation. Saudi Arabia and Egypt scored particularly high among MENA countries in relation to businesses’ lack of transparency in technology procurement decisions (46 per cent in Saudi Arabia and 38 per cent in Egypt).
Dubai-based Kellie Blyth, Counsel and UAE Head of Data and Technology, Baker McKenzie, commented: “The converging realities of COVID-19, the Digital Revolution and the ever shifting regulatory landscape, have provided both transformative benefits and significant risk exposure to organizations as they innovate their business models and adopt technologies such as AI and machine learning. However, in the absence of a comprehensive technology risk assessment, ‘hurried digitalization’ comes at an expensive cost. Regulators including in the Middle East, are increasingly conducting investigations and imposing stringent penalties on data privacy and cybersecurity breaches, while overhauling their national legislative frameworks to better govern the use of data and manage risk associated with these technologies.”
Overall there is some good news from the MENA region, where 51 per cent of compliance teams are confident that business and compliance leadership are aligned in response to COVID-19. Compliance leaders in several Middle Eastern and African countries, also report being more readily consulted around strategic decision making than their counterparts in the US and UK.