I decided to write this post to share my thoughts on how the compliance evolved in recent years and what it is becoming under the influence of technology.
Compliance 1.0 – “Paper checklists”
Compliance 1.0, in my view, is mostly about using paper checklists or excel tables for tracking company’s policies and specific regulations. It could be either a compliance officer or a lawyer who also performs compliance function or, as they say, “wears two hats”. The compliance person uses the knowledge and skill set to ensure the company successfully navigates through the business risks arising in its daily activities and does not cross the red line.
There is a number of downsides of this “old school” approach, which is still used by the majority of small and mid-sized companies. The biggest downside is the reactiveness of the approach - such companies mostly react to the challenges and “patch” the gaps.
Compliance 2.0 – “The rise of RegTech”
The second iterations the compliance that makes use of the special software. This software, apart from dealing with standard processes like storing policies and educating employees, analyzes the information that the company possesses and checks it against the appropriate regulation. It takes away part of the decision-making process from the human and suggests preventive actions.
There are quite sophisticated solutions, especially in auditing sphere. One example is computer-assisted audit techniques (CAAT). I would distinguish Aura software developed by PwC. This system helps to carry out complex audit across multiple companies in different jurisdictions. It captures and analyzes data, support the project management and audit the document itself.
Compliance 2.0 gives birth to RegTech (Regulatory Technology), which became a buzzword in 2017. Compliance is the biggest part of the RegTech now, but other components, like regulatory reporting, risk management tools, transactions monitoring, and identity management are also growing in number.
Compliance 3.0 – “Proactive compliance or Assurance”
Richard and Daniel Susskind wrote about the compliance of the future in their book “Future of professions” in 2016. The technique is called “assurance”. Assurance describes the process when we will not check the data retrospectively or will do some spot-checking to make sure the company has been compliant. Instead, the audit is performed in real time and the whole myriad of relevant data is analyzed once created.
Now, two years after the book has been published, we see how dreams start coming true with the new service from startup Relativity. The service is called Relativity Trace. It’s a compliance tool which helps businesses to ‘proactively monitor internal communications and flag the highest-risk content for further review’.
It is as “badass” as you can imagine. Relativity Trace will be analyzing everything, including email, audio, and chats to send a notice about most relevant locations and potential breaches to the compliance team. A company can determine triggers and levels of control by themselves. PwC already announced plans to be Relativity Trace’s first client.
One of the first movers in the Assurance was another “Big 4” firm Deloitte. In June 2016, it came up with a system that automatically checks if investment banks being their clients are compliant with complicated and changing derivatives regulation, which is a huge burden for banks.
So, as you can see, we are now witnessing the commence of proactive systems to form the Compliance 3.0, which, I expect, will grow in the coming years. From the broader perspective, I believe compliance will be gradually transforming to become integrated into the software. In other words, the law will be embedded within applications as computer code
How do you think the compliance function will look in 5 or 10 years? Please share your thoughts in the comments section below or in our dedicated Telegram group.
Dmytro currently holds the position of Innovation Justice Agent at the Dutch foundation with the focus on brining more justice to society through innovations and legal tech solutions. Previously he worked in a Dutch law firm and Ukrainian multinational companies providing legal support to science-backed technological industries like pharmaceutical and clinical trials industries.
Dmytro obtained his LL.M. degree with distinction from Tilburg University, the Netherlands, in International Business Law. In his Master thesis he researched on compulsory licensing of patents. He also attended the Summer School on European Business Law at Heinrich Heine University, Germany and completed an intensive training on social innovation and entrepreneurship from the Social Innovation School in Eastern Europe.