Legal and compliance department investment in governance, risk and compliance tools will increase 50% by 2026, according to predictions by Gartner as corporate assurance and integrity leaders seek out technological solutions to help them address increasing regulatory attention on executive risk oversight and monitoring. A separate report by Thomson Reuters underscored the challenges legal and compliance teams are facing: growing workloads and shrinking budgets.
“Recent actions ranging from the U.S. Securities and Exchange Commission to the U.S. Department of Justice signal a focus on executive risk oversight and monitoring,” said Lauren Kornutick, director analyst in the Gartner legal risk and compliance practice. “For example, the DOJ is encouraging companies to voluntarily disclose misconduct, but firms can only do so if they’ve set up effective compliance programs and risk management strategies that leverage controls to prevent and detect misconduct.”
Thomson Reuters’ annual report on corporate general counsels, informed by surveys of legal department operations professionals, found that 70% report an increase in matter volume, while 66% say they’re seeing flat or decreasing budgets.
“Corporate legal departments continue to face challenges in making the up-front investments in technology needed to keep pace with expanding workloads,” said Laura Clayton McDonnell, president of the corporates segment for Thomson Reuters. “Efficiency is more paramount than ever as the volume of work continues to increase, and many legal departments are seeking to bring more work in-house. Technologies, including AI, can not only improve efficiency but potentially position legal departments to move from being cost centers to growth enablers by assisting in the development of new products and services.”
However, while legal teams largely agree that technology can help unlock simplified workflow (72%), almost all (90%) said their departments make only slow progress in adopting new technology. And fewer than one in three (32%) say their legal tech budgets will rise in the near future.
Gartner experts have identified three suggested areas of focus for legal teams in light of recent regulatory actions:
- Leveraging risk management methodologies to verify control effectiveness
- Analyzing impact of changing expectations on board and officer oversight
- Renewing and raising compliance and governance standards
With increasing focus on reporting misconduct as soon as it’s known, legal and compliance leaders should consolidate existing risk management methodologies from their partners in assurance, Gartner said. ERM and audit may have an existing methodology they can contextualize to predict or detect misconduct that hasn’t been reported and help validate the effectiveness of controls.
“Understanding existing methodologies from assurance partners can help legal and compliance leaders more precisely understand the likelihood and probability of misconduct occurring depending on the data source available,” Kornutick said.
Organizations have focused traditionally on establishing sufficient board oversight processes. However, recent regulatory activity signals that officers also must have effective oversight processes, according to Gartner’s analysis. Legal and compliance leaders should build a comprehensive view of controls and procedures, clarify officers’ roles and responsibilities, improve compensation structures and establish clawback policies, experts say.
Tabletop exercises testing an organization’s cybersecurity plan can help reveal weaknesses. And they’re also prized by state authorities investigating breaches. Cozen O’Connor attorneys Meghan Stoppel and Hannah Cornett talk about the importance of interactive simulations and share best practices that could help firms avoid harsh penalties.Read more
Further, recent enforcement actions signal that all employees, with heightened scrutiny placed on officers, are expected to conduct themselves in accordance with company values, policies and all legal obligations. When compliance leaders update policy and procedures in response to regulatory changes, they should prioritize testing the effectiveness of policy change by measuring whether employees understand their obligations with respect to both business conduct and reporting misconduct.
“Compliance leaders should also conduct role-based refresher training with a focus on ensuring understanding by including gamification, scenario-based role play and improving two-way communications in the learning process,” Kornutick said.