It has been almost a year since the European Union’s (EU) General Data Protection Regulation (GDPR) first came into effect. After many years of discussion and debate, the biggest change to data privacy laws in a generation was finally brought in on 25 May 2018 to protect consumer privacy in the internet age. It’s probably too soon to accurately assess whether it has been successful or not, but it has certainly been impactful.

We’ve written previously about the potential of Artificial Intelligence (AI) to transform compliance. The power of AI to process, manage and analyse large volumes of data, accurately, quickly and efficiently means that is very suited to certain elements of compliance.
GDPR is a perfect example. It requires huge volumes of data to be checked for compliance and using an AI-based automated tool makes a great deal of sense. But generally GRC teams have been mostly resistant to the use of AI in compliance.
What is behind this slow adoption and could 2019 be the year that AI truly has an impact on regulatory compliance?

It’s clear to anyone that works in risk management, that it is harder than ever to manage and mitigate risk. The risk landscape in 2019 is increasingly complex and interconnected, and risks are no longer constrained by borders or bound by industries as they once were.

Global forces and global risks shape what happen at a regional level. We have previously made the argument that the Chief Risk Officer has become the most important role in an organisation and that is as true for organisations in Africa and the Middle East as it is for companies in the US, Europe and Asia.

The role of the Chief Risk Officer (CRO) is by no means a new one. Risk has always existed in business and there have nearly always been people in business who’s job it is to manage, minimise and mitigate that risk.
But the past decade has seen the emergence of a greater volume and type of risk than was around previously. The nature of geo-political, regulatory, cyber and technology risks mean that modern businesses face greater challenges than before and this has changed the role of the CRO for good.
It was once a role that existed mostly to mitigate more traditional risks to a business – although an important role, it was relatively low profile and not one that was centre-stage in the business. But because the nature of risk has changed so radically, so have the requirements expected of a CRO.

The pressure on compliance teams in Financial Services (FS) over the past decade has been enormous. Increased regulation, globalisation and a conservative approach to technology in many compliance teams, has left a number of banks and other FS providers struggling to make their compliance function truly effective.

It’s not a situation that is likely to improve in the short-term. Accenture’s 2019 Compliance Risk Study surveyed 151 senior compliance executives at banking, capital markets and insurance institutions globally, and revealed that 71 per cent of financial institutions’ compliance departments are facing a cost reduction target. 64 per cent of those are targeting budget reductions of between 10 and 20 per cent over the next three years – a considerable reduction when you think that many compliance departments would already consider themselves under-resourced.

2018 was a year that seemed to have more than its share of relatively high-profile corporate governance failures. One of the biggest was Carillion, the UK multinational facilities management and construction firm.
At its height, Carillion was listed on the FTSE 250 and had annual revenues of around £5bn worth of revenues and employed around 43,000 workers across the globe. But over nine months in 2017, the company issued three profit warnings, disclosed £845m worth of write-downs, had 39% wiped from its shares and lost its CEO.
By the time it went into compulsory liquidation in January 2018, Carillion had racked up debts of £1.5bn with less than £30m left in the bank. What causes such wholesale corporate governance failure and how can organisations address it before it escalates out of control?

Insurance is a sector that has been slower than most when it comes to digital transformation and the use of digital solutions to address traditional challenges and introduce new products and services. With methods and processes established decades ago, there is a conservatism that pervades across much of the insurance industry, and it has also been held up by legacy technology that makes digitisation much harder than is desirable.

But market forces over the past five years have combined to make addressing digital transformation more urgent and a key priority for insurers. To respond to these market forces, digital risk and compliance is going to be essential for the insurance industry.

It is not uncommon for CEOs and other board members to talk a good game when it comes to cyber security. They discuss in public the seriousness with which they approach managing cyber security, and talk internally about the need for vigilance and for all employees to be mindful and smart on matters relating to security.

But the reality can be very different. Many CEOs are often just paying lip service to cyber security, without allocating the required investment in staff and infrastructure that modern security and risk management requires.

This past year or so in Europe has witnessed an almost unprecedented number of new regulations that Financial Services (FS) firms must adhere to. We have seen new legislation including GDPR, MiFID II and PSD2 introduced, additional regulatory hurdles to navigate for an FS industry that was already one of the most heavily regulated in the world.

This has significantly increased the pressure on GRC teams within FS firms. Not only is there more regulation but the penalties for non-compliance have increased too, which means compliance functions will be tested like never before.

As one of the world’s foremost GRC providers, recognised by analysts for the strength of our technology and working with an array of blue-chip customers across a variety of industries and territories, we are obviously major advocates for an efficient and effective GRC function.

Remaining compliant with relevant regulation has become a much more involved process over the past decade or so, while at the same time there is more risk to businesses than at any other point in time. Organisations have to do much more to demonstrate compliance and it can be a significant undertaking that requires time, resource and the right technology platform to get right, while managing and mitigating risk is a long-term and on-going task.