COVID-19, Compliance and Information Technology

The unfolding COVID-19 pandemic has disrupted businesses in unforeseen and unimaginable ways. As businesses navigate the changing terrain of life during and after a global pandemic in the coming months and years, the functions of compliance and technology are going to play leading roles. Old business programs and regulations will need smart adjustments and adaptations in a changing landscape. New programs and regulations will need proper guidance and execution in a brave new world. These evolving changes will present compliance and information technology professionals with numerous risks and challenges, as well as opportunities to transform their businesses for the better. Ultimately, these evolving changes will likely lead to a smarter integration of information technology and compliance in businesses.

Old Practices in a Changing Landscape

The COVID-19 pandemic will require companies and their compliance professionals to update their pre-existing practices and protocols in a changing landscape. Old practices and rules may require new understandings in application and enforcement. Much of corporate compliance for many companies has been built around an infrastructure of in-person interactions, trainings and reinforcements. Thus, a critical challenge for compliance professionals today and in the future is deciding how best to adapt old modes and methods of practice built on interpersonal engagements for a socially distant and technologically connected world.

How does one create and strengthen a healthy, cohesive culture of compliance in a world when most people working from home are deprived of the comforts and focus of the traditional office space? How does one make sure that legal rules and company policies are being followed without traditional oversight mechanisms in place? These are just a few of the questions confronting many business, legal and compliance leaders today, because while the unfolding pandemic has changed much about the ways we work on a daily basis, the laws, rules and policies remain constant.

All employees must continue to follow public laws, regulatory rules and internal policies as the world changes in response to the pandemic, despite inconveniences and difficulties to do so. Chances are, many companies and their employees have been falling short in adjusting and adapting their compliance practices and protocols for this changing terrain. Accordingly, when a new normal arises, it should not be surprising if we learn through enforcement actions, press publications and internal investigations of many corporate compliance violations and shortcomings during this unfolding pandemic.

New Rules in a Brave New World

Each crisis and scandal brings forth new regulations and actions from public and private policymakers. The unfolding COVID-19 pandemic will be no different in this sense. In the past few months alone, the federal government passed unprecedented legislation, like the CARES Act designed to help fight COVID-19 and provide trillions of dollars in economic aid to states and businesses dealing with the fallout of this crisis. Similarly, the Federal Reserve has taken a set of unprecedented actions to mitigate the economic consequences of the pandemic. Additionally, states and municipalities have also passed numerous new regulations and laws in response to the pandemic.

Internationally, the response has been similar, as countries around the world have taken significant actions to confront the challenges – economic and otherwise – of the pandemic. As a result of these actions from federal, state, local and foreign governments, many companies are faced with an unprecedented and urgent need to understand, capitalize and comply with a deluge of regulations and laws. This task would be difficult under the best of circumstances; it’s nearly impossible in the middle of a global pandemic. When a new normal arrives, it is likely that subsequent investigations and enforcement actions will reveal many corporate misconduct and shortcomings in connection with these new rules and programs.

Promises and Perils of Technology

The key to addressing many of the challenges posed by adapting old practices and operating under new rules during this unprecedented pandemic lies in technology. Information technology has made it possible for many institutions, like businesses and schools, to maintain many of their core services and operations online during a time when many workplaces are shuttered. This technology paves both promising paths and dangerous pitfalls in the journey ahead.

Technology will aid many businesses in complying and capitalizing on old and new rules in this uncertain and changing landscape. Many major businesses already use governance, risk and compliance (GRC) technology systems. GRC systems allow compliance departments to automate and analyze large volumes of information related to risk management and regulatory reporting in a timely and efficient manner, which would otherwise be nearly impossible to replicate manually for firms with thousands of employees in offices around the world.

The deluge of new information and regulations that compliance departments now oversee in an incredibly complex, uncertain and dynamic COVID-19-afflicted marketplace simply demands the monitoring, analytical and processing power of information technology. As old practices change and new rules come forth, information technologies like GRC systems and group videoconferencing will play an even more important role in helping businesses confront the growing burdens of rising regulatory scrutiny and regulatory complexity in the months and years ahead.

While technology will be the basis of many promising paths ahead, technology will also present many risks. Complex, high-tech systems invariably malfunction and suffer from glitches, and “normal accidents.” As businesses and individuals grow more reliant on more technology, the risks of malfunction and breakdowns increases exponentially. Furthermore, increasing reliance on technology will also lead to greater cybersecurity risks from internal and external sources. One recent study estimated conservatively that cybercrimes and breaches cost businesses collectively $45 billion per year. Externally, the laptop has replaced the gun as the preferred weapon of criminals seeking to rob companies. Internally, companies have to guard against their own employees intentionally or inadvertently causing a cybersecurity breach. A 2019 report from IBM found that nearly half of all cybersecurity breaches were accidentally caused by a human actor. As employees work more from home with perhaps less secure equipment and software on their personal computers, cybersecurity risks will only loom larger and more ominous.

Toward Smarter, Integrated Technology and Compliance

As businesses move forward in adapting and evolving their operations for this brave new world, they should work toward a smarter integration of the compliance and technology functions of their firms. Adapting old practices to new realities while simultaneously navigating new rules would require firms to break down traditional silos of operations. While many firms were already planning in the direction of better integrating technology and compliance prior to the pandemic, this crisis will only serve as an urgent accelerant for those plans.

A smart integration of technology and compliance will not be a question of effectiveness for many companies but a question of existential necessity. In order to be effective and functional, compliance operations at many firms going forward will need to better leverage the powers of information technology. In a pandemic and post-pandemic environment where many employees are working remotely from home, compliance and cybersecurity risks are going to be of paramount importance, and firms need to do better. For instance, a pre-pandemic survey of financial firms and their law firms found that the financial industry can do meaningfully better in terms of organizing and executing on their technology and compliance resources and efforts to combat cybersecurity threats. The workplace of the near future for many is not going to be set in some particular space where traditional oversight is easy; rather, the workplace of the future for many is going to be set in every space where traditional oversight is difficult. Therefore, compliance and technology functions need to be smartly integrated, platform-agnostic, cloud-based, department-neutral and geographically portable to meet the challenges of this new working normal. This transition and integration will not be easy or convenient, but it will be necessary for many businesses to be functional and effective.

Crisis often leads to change and reform. The unfolding COVID-19 crisis has already led to many changes and reforms in the business world, with many more to come – particularly in the areas of compliance and technology. Ultimately, these evolving changes will likely result in a smarter integration of information technology and compliance, leading to hopefully more dynamic, adaptable and sound businesses.