Preparing Compliance Functions for 2019

February 21st, 2019

Corporate compliance officers experienced a tumultuous 2018 — everything from new data privacy regulations, to the #MeToo movement, to continued brisk enforcement of anti-bribery statutes. All that also happened amid a strong economy, meaning lots of mergers or business expansions and intense struggle to find enough staff to keep pace with workload.

So what can we predict about compliance trends in 2019? Even just a few months into the year, compliance professionals can already see some issues that will command a higher profile in the months to come.

Privacy enforcement and regulation. The big privacy story of 2018 came from Europe, as the General Data Protection Regulation (GDPR) went into effect. This year compliance officers may see new privacy regulation in the United States; and will see how the GDPR is enforced.

For example, French privacy authorities just imposed a €50 million fine against Google for GDPR violations. Google says it will appeal, but the infractions in question are telling: regulators say Google lacked valid consent from users to serve them personalized ads. In other words, French regulators imposed their fine over poor policies and procedures — not any breach of personal customer data. If more privacy regulators pursue similar complaints against other firms, that will escalate the importance of companies tending to their internal data collection practices, including how they vet third parties that might handle their data.

In the United States, stronger consumer privacy protections are one of the few subjects that lawmakers in Congress agree upon. Even if no specific legislation emerges this year, Washington will hold hearings into how “Big Tech” handles consumer data, which will offer clues to future regulation. Meanwhile, California’s new privacy law approaches (going into effect in 2020), so companies will need to ensure their compliance programs are in position for that deadline.

Workplace bullying responses. The #MeToo movement burst into public discourse at the end of 2017, with explosive harassment allegations against Hollywood mogul Harvey Weinstein. Corporate America then spent 2018 addressing a blizzard of allegations against superstar employees or senior executives. Entertainment, media, professional sports, politics, retail, technology — no industry was spared.

The challenge for compliance officers in 2019 will be to strengthen policies and procedures to reduce the risk of executive misconduct, and to standardize how allegations are addressed when they do arise.

That will mean more attention to training. Senior executives may need education on acceptable conduct and possible disciplinary action; lower-level employees may need training on how to respond to unwelcome advances (including employees who see others suffering those advances). Companies may need to clarify their policies on employee fraternization, anti-retaliation, and consistent discipline.

AML innovations. In December banking regulators made an unusual joint proclamation, encouraging financial firms to experiment with innovation in AML compliance programs. The regulators cited advanced analytics and artificial intelligence as two examples. They promised firms would not be penalized if their pilot programs fail, and might not even face sanctions if any new technologies reveal compliance flaws in their older programs.

Now financial firms can test what all that potential innovation might do for them. The need is there: the vast number of suspicious activity reports most firms generate are false positives that don’t warrant investigation or reporting, while the vast majority of truly suspicious activity goes undetected.

Compliance officers will need to start experimenting with AI, analytics, and data visualization to invert that dynamic. AI, for example, can filter out most of the false positives, while surfacing the truly risky transactions — so human compliance analysts have fewer reports to study, but each report is more likely to be worth their time.

Integration projects. AML compliance is not the only field where compliance officers will need to embrace technology. Mergers and acquisitions continued in 2018 at the brisk pace we’ve seen for most of the 2010s. According to FactSet, the number of large deals (those valued at $1 billion or more) rose from 326 to 373 in the United States alone, a jump of 14.4 percent. There are more deals, at larger dollar volume, with higher premiums paid.

That means compliance officers have plenty of integration projects to do in 2019, as their organizations try to digest all that M&A activity. Different policies or training materials might need to be standardized across new business units. Monitoring the effectiveness of the compliance program may require data integration projects, if different business units define risks or activities in different ways. (How many times have business units and compliance officers squabbled over what a “high-risk” third party is, after all?)

Of course many other issues could be include on this list, and by December some will be on that list that nobody is expecting today. Nevertheless — privacy, training to quell workplace bullying, smarter use of technology, and better compliance program management will be major issues for compliance officers in 2019. Compliance officers should prepare accordingly.