The Regulatory Storm Is Coming. Compliance Can Help Tech Leaders Batten Down the Hatches

Technology firms are increasingly in the field of vision of regulators and ESG investors, both being stakeholders with a strong interest in corporate governance. This growing trend should be a wake-up call to executives. 

To position themselves amidst intensified scrutiny, new economy players need to think — and act — differently. They can no longer play fast and loose. One part of their challenge now is to embrace an effective compliance regime without losing the entrepreneurial spirit that got them to where they are today. The good news for these companies is that it’s not too late. There is a window of opportunity to make the changes needed before change is forced upon them.

The libertarian instincts of tech leaders are well-known. Classically, they have been left alone to build digital empires unfettered by regulation. Unfortunately, it is these same pioneers who must set the tone for compliance within their organizations. 

Introducing change requires tech leaders to foster a compliance-focused culture. This may not sit comfortably with the “move fast and break things” mentality espoused by Meta CEO Mark Zuckerberg, but it is essential to the long-term sustainability and competitiveness of new economy companies.

A cultural shift

For tech leaders looking to do the right thing, the roadmap for implementing a robust compliance regime is not well-marked. Law enforcement and regulators haven’t prescribed what “good” compliance looks like for industries in the new economy other than in a general way through the U.S. federal sentencing guidelines. As the federal guidelines are in large part principles-based, it is up to tech leaders to fill in the blanks.

This lack of clarity gives tech firms the opportunity to seize the initiative and set the course at their organizations and for their industry. To get ahead of regulators, they should consider creating a robust compliance regime that will prepare them for whatever might come next.

Importantly, this doesn’t necessitate a complete restructuring to mirror, for example, the heavily regulated financial industry. Senior leaders would still have the freedom to pick and choose among policies and approaches to best shape what compliance should look like for their organizations.

Building the foundations

While tech leaders have a degree of latitude with how they approach compliance requirements under federal sentencing guidelines, businesses are expected to do several things.

They must appoint a chief compliance officer and management and board committees to “own” compliance. The appointment of a chief compliance officer (or chief risk officer) is a vital first step toward defining and driving compliance efforts, as well as demonstrating to regulators and other stakeholders that the company takes compliance seriously.

In addition, companies must establish, communicate, monitor and enforce a set of written policies and procedures across the organization. These policies need to address important issues like potential misuse of material non-public information (MNPI), a high-risk area to which many tech firms only pay lip service. While businesses may create policies to address these and other issues, policies without robust processes to enforce them, and a mindset to understand them, just won’t cut it these days.

While compliance programs must be tailored to the needs of the organization, they don’t all need to cascade down through the entire firm. Rather, they can be targeted to select groups.

For example, with respect to MNPI, organizations should identify key people with access to non-public information and then have monitoring processes in place for them. Indeed, corporations outside of financial services have generally understood their executives’ and employees’ personal securities trading obligations to be limited to adopting policies for trading and directed brokerage for employee stock plans. However, only a subset of these companies have, with respect to a very limited number of corporate insiders, adopted trade pre-clearance and reporting processes. These are generally manual.

While C-level appointments and a rules-based framework are necessary, in themselves, they are not sufficient. A culture of compliance must permeate the entire organization. This requires transparency and consistency in the application of the compliance framework. It also necessitates a firm-wide understanding that compliance is not only a role for the C-suite but a personal responsibility of everyone.

A tech solution

To embed this culture, compliance officers have traditionally spent much of their time on manual processes, tracking everything from personal trading to entertainment and the giving and receiving of gifts. Compliance technology can automate many of these processes, using sophisticated algorithms to mirror a firm’s code of conduct. 

Given the innate appreciation that new economy firms have for the use of technology, many tech businesses will take easily to the use of third-party SaaS-based compliance solutions to embed these new approaches to compliance. 

Whatever route a tech firm takes to bolster its compliance efforts, inevitably someone somewhere in the organization will do something wrong. The company must have in place compliance policies supported by robust compliance detection, reporting and analytics to demonstrate that the misbehavior was one-off and not systemic.

As a result, it is time not to consider whether compliance is important or necessary but how best to embrace it as a part of the organization’s overall mindset and behaviors. This will enable businesses to bear scrutiny and even gain a competitive edge. Only that way can new economy firms be assured that they will be able to pursue the industry-changing innovations that are their hallmark.