In a recent COMPLY Summit Series event, we were joined by Alan Gibson, Assistant General Counsel of Compliance and Ethics at Microsoft, and Sean Torcasi, Partner at PwC, to discuss how compliance data and analytics can serve as an early warning system for risks.
Alan and Sean discussed the challenges and opportunities for legal and compliance functions and how Microsoft is using data and analytics to identify risks in sales and third-party documents through automated risk scoring.
Challenges & Opportunities for Legal and Compliance
We’re facing an unprecedented series of global shocks and tech disruptions. COVID-19 has accelerated the push towards digital business transformation, and in response to this, CEOs are thinking about new or altered business models that increase efficiencies, cut costs, and support digitization efforts.
These forces have further complicated existing processes and created new business and compliance risks, says Alan, which is challenging legal and compliance leaders in just about every company. In this environment, the General Counsel and the Chief Compliance Officer are called on more and more to advise on strategies and risks they’re tasked with, advancing organizational priorities, and instituting the considerable change management necessary to support these priorities.
Alan quoted Charles Darwin, saying "It’s not the strongest of the species that survives, nor the most intelligent, but the one most responsive to change." The digital transformation of the legal and compliance profession can be the catalyst that helps companies respond to these changes.
Legal and Reputational Risks
Consider the environment in which all businesses operate. It’s essential to understand the role of laws, regulations, and risks in shaping business. When talking about risk, Alan is really focused on two primary types of risks: legal risks and reputational risk.
For legal risk, think about the potential for losses due to regulatory or legal actions, compliance risk, contract/document risks, and dispute risk. For reputational risk, think about the potential of negative publicity regarding a company’s business practices, whether true or not, that will cause a decline in the customer base, constant litigation, or loss of revenue.
"The good news is that where some people see risk, I like to think that I think of it as an opportunity."
Alan Gibson, Microsoft
Legal and compliance leaders must address these complex business demands by investing in technologies and processes to better anticipate, identify, and manage the risks that they’re encountering, in addition to finding opportunities to really contribute to the company’s bottom line.
Sean went on to go a little bit deeper into some of the trends and challenges that we’re seeing.
Business is Riskier
Without a doubt, business is getting riskier-whether it’s a regulated sector like banking or healthcare that has traditionally catapulted compliance and risk professionals into the spotlight, or a tech sector getting great pressure to better organize their functions around some big challenges (such as privacy).
Sean gave some data points based on work that PwC has done:
- 60% of organizations are working with one thousand plus third parties today
- 83% of them have identified a third party as one of their major enterprise risks (so it’s time to act and do something as a compliance department to better manage third party risks)
- Of that 83%, 30% said that their third party risk is resulting in a material impact to their business
- In 2019 alone, there were $2.6 billion in FCPA fines levied on U.S. companies.
"Given that number is on the rise, coupled with various regulatory bodies saying that things are going to even increase further post-COVID, this is the time to think differently on how you’re addressing and proactively monitoring various risks within your organization."
Sean Torcasi, PwC
Collaboration and Alignment
There’s also more collaboration than ever with the business and compliance and legal functions, but also a lot more pressure to align and understand the risks facing these various businesses. Maybe they’re not directly related to a compliance risk on the surface, but there is a ton of opportunity to partner with those stakeholders to bring a program to light, or an opportunity to allow you to use data analytics to solve multiple of those problems simultaneously.
Need to Reduce Costs
The pressure to reduce cost has never been more prevalent in all sectors. Obviously, there are some sectors that have done well through COVID, but we all are looking out to the next 2 to 3 years that potentially could cause even more risk and pressure to reduce costs. So considering that factor, we need to think smarter on how we’re using data, or how we’re building innovative techniques to solve our problems.
How Microsoft Uses Compliance Data and Analytics
Microsoft is now using technology and data to identify compliance risk in sales documents and contracts with channel partners. The company's risk analytics solutions create an early warning and monitoring system to identify, predict, manage, and mitigate a defined set of compliance risks, proactively.
Together with the support of internal teams, and external partners like PwC, Microsoft has built solutions that have allowed them to move from analytics to just simply monitoring for noncompliance, to identifying, predicting, and prioritizing risks, helping to figure out how to allocate compliance resources to manage these risks, and operationalizing the management of these risks by building it into the business processes.
They ingest data into a compliance data lake, which is run against different algorithms to create risk scores, which scores each contract on a scale of 0 to 100. And, above a certain score, it gets routed for additional compliance oversight.
Microsoft takes a similar approach with third parties-specifically channel partners, resellers, our distributors. When onboarding a new channel partner or renewing an agreement, a risk score is created in a similar fashion. The risk score determines the amount of additional compliance oversight, the third party, or channel partner receives.
This solution identifies what is risky, why it’s risky, and what to do when you identify something as high risk. It’s important to highlight the insights created are based on principles of interoperability and transparency. "We don’t set up a black box where no one understands why something may be identified as high risk," says Alan.
Since launching our program, both the United States Department of Justice and Securities Exchange Commission have cited our use of compliance analytics as a mitigating factor in our settlement agreement for the FCPA allegations.
This shouldn’t be a surprise as regulatory authorities are increasingly focusing on the importance of having a database compliance program. In June 2020, in its update to its evaluation of corporate compliance programs, the Department of Justice called on compliance leaders to have continuous access to operational and cross-functional data to help their companies implement a compliance program built on autonomy and independence.
Microsoft's solution is broadly applicable, the same type of solution and methodology and know-how can be applied to other legal and compliance risk domains and verticals. To hear a more in-depth explanation of Microsoft's solution, watch the full session on-demand.
Proactively Identify Risk In Your Organization
Remove the bottleneck and empower your team with an efficient compliance platform that reviews marketing assets and provides automated pass or fail verdicts on pre-production marketing documents like direct mail pieces, brochures, or blog content.
PerformLine's Document Review increases the volume and scope of your team's review to expedite approved documents and pinpoint problems more efficiently, all while providing the data and reporting you need for compliance and performance intelligence.
If you'd like to learn more about PerformLine's Document Review, our experts are ready to help.