Which technologies can help legal and compliance teams navigate a changing landscape of risk?
In this interview with Help Net Security, Zack Hutto, Director of Advisory Services at Gartner‘s Legal and Compliance Practice, talks about the challenges legal and compliance teams are facing and the technologies that can help them.
What are today’s biggest challenges for legal and compliance teams?
The global pandemic created acute pressure for corporate legal and compliance leaders. While most teams have long reported high and steadily rising workload volumes, since the pandemic sixty-eight percent report struggling to manage their workload, with higher volumes of work related to labor and employment (44% increase), government affairs and regulations (42% increase), and regulatory and compliance matters (39% increase).
These workload pressures build on top of shifting business dynamics within many organizations. As digital transformation initiatives continue – or accelerate due to the pandemic – and many companies consider strategic pivots, legal and compliance teams face both new risks and shifting risk tolerances, forcing teams to adapt their advice and support to their respective organizations.
Such enterprise shifts also typically change the mix of stakeholders that legal and compliance teams must influence, requiring teams to build new relationships and consider different stakeholder preferences, given that a substantial portion of legal and compliance leaders’ impact stems from their influence with key individuals. Shifting business concerns also increase the “noise” that business clients encounter, diluting messages from legal and compliance teams and/or reducing the mental bandwidth that business clients might lend to legal and compliance issues.
A volatile business environment exacerbates these strains. Regulatory volatility (e.g., Brexit fallout, trade sanctions in a variety of jurisdictions, increasing regulatory scrutiny) disrupts legal and compliance teams as they face a changing landscape of risk.
These strains come as headcount for legal and compliance teams remains flat, based on YE20 data collected by Gartner from large enterprises. The use of technology – which could serve as a pressure release valve of sorts – remains low overall; and most corporate legal teams are poorly equipped to manage technology initiatives effectively, with 1 in 2 acknowledging technology as a top weakness. Lagging tech sophistication among legal and compliance leaders as well as significant hype in the market threaten to derail corporate legal and compliance leaders’ pursuit of the enabling technologies and their methods of use that would benefit the function.
Global organizations are under increased pressure to ensure corporate accountability and transparency. How can enterprise legal management (ELM) systems help?
We have seen a significant rise in environmental, social, and governance (ESG) concerns among General Counsel and their teams over the past number of years. ELM solutions could conceivably serve as a foundational platform of record in which corporate legal departments capture key regulatory and policy-related information that drives risk and corporate ESG action. Such systems could also facilitate some of the collaboration that is often a necessary part of ESG workflows as corporate legal leaders must harmonize viewpoints and draft positions on a variety of issues.
However, given their intended use by corporate legal leaders, ELM solutions cover a relatively narrow segment of ESG use cases that involve a wide range of stakeholders across the organization. Despite great interests in “one system to rule them all”, a multi-platform, best-of-breed arrangement appears more frequently across leading organizations that have made technology investments to support ESG efforts (and remains the likely paradigm for the near to medium term).
With many organizations using up to 9 different solutions to capture third party risk information based on unique workflow or UX needs as well as data integration capabilities, minding the different integration points as well as data model consistency from a master data management perspective remain chief priorities for organizations, rather than forcing less-than-ideal tradeoffs that would be required by moving users (and the risk areas they manage) to a single platform.
Analytics and AI promise to change the practice and business of law in the near future. Can any of the technologies available today help legal and compliance professionals?
Data and analytics offer unique promise to improve decisions that previously have often relied on intuition and personal judgment or rote, volumetric, low-value information within corporate legal and compliance functions. However, analytics training and experience typically fall outside the traditional background of legal and compliance leaders, often leading to either an excessively optimistic view toward analytics (typically by falling victim to hype in the market) or an overly pessimistic view for their potential.
Rising workloads and largely reactive postures, as well as a tendency for delegating to outside experts (e.g., law firms), hinder teams’ ability to invest in digital skills and vet opportunities. Lack of strategic clarity among many teams further hampers methodical evaluation of potential investments. Variability among organizations — even close industry peers — hinder the development of more standardized, commercial-off-the-shelf offerings in many areas, reducing the possibility of turnkey analytics initiatives. Such challenges are further exacerbated by poor data availability and governance across most corporate legal and compliance teams.
While some more feasible opportunities include spend management analytics (offered by vendors like Apperio and Brightflag) or third party risk analytics (solutions like Aravo, GAN Integrity, and Exiger), most corporate legal and compliance teams are best served by evaluating potential data and analytics opportunities with greater discipline and investing in data management efforts in those top priority areas.
On the AI front, corporate legal and compliance leaders must also navigate substantial market hype that often clouds the most promising opportunities for a particular organization. Just as blockchain had been promoted in various solutions (often with little demonstrable benefit vs more traditional databases) over the past number of years, many segments of the legal tech market have become increasingly fixated on AI, irrespective of whether true AI capabilities lie under the hood (e.g., NLP, analytics, and machine learning capabilities v. more basic decision rules) or whether the use case warrants AI in the first place (e.g., deploying AI-driven NDA review vs refining and more effectively enforcing the use of a standard NDA template).
The most viable opportunities at present remain in:
- E-discovery exploratory data analysis (with respect to the identification of information that is relevant to a case)
- Contract exploratory data analysis (by automating data extraction in order to organize, classify and identify key contract elements such as dates, key terms, entities involved or values)
- Contract risk analysis (using pattern recognition and linguistic analysis to uncover ambiguous language, missing provisions, or clauses and terms with potential liabilities and risks – although retroactive analysis of executed agreements often delivers more reliable results than ‘real-time’ analysis of a single agreement).
On a related note, low-code or no-code automation platforms also carry a great deal of promise for corporate legal and compliance teams. Although such solutions remove some analytics and machine learning dependencies (reducing complexity, albeit at the cost of losing some true AI bona fides), legal and compliance leaders must still carefully consider what they attempt to automate.
Despite some claims in the market of “law as code”, nuance in the practice of law in many jurisdictions across many areas of expertise reduces the suitability of such automation opportunities to a narrower subset of areas (e.g., relatively simple document or contract assembly; basic business client self-service requests for FAQ documentation; data subject access requests).
How have digital transformation activities influenced the productivity of compliance pros in large organizations?
Digital transformation activities often increase pressures on compliance professionals in large organizations. Throughout enterprises, executives are increasingly relying on CCOs to navigate expanding risk terrains in privacy and third-party risk.
Many CCOs are also called upon to navigate emerging risk terrains in the areas of environmental, social and governance (ESG), and corporate social responsibility (CSR). Digital transformation initiatives not only introduce new risks (e.g., privacy concerns), they also often increase the number of risk vectors that they must manage across individual digital initiatives and increase the number stakeholders that compliance leaders must manage (with many digital transformation initiatives typically involving a greater number of stakeholders due to their multi-faceted nature).
Beyond executive support and stakeholder management, the traditional control environment has seen significant strain. Nearly 80% of compliance leaders say traditional, nonembedded controls can’t keep pace with rapidly changing workflows, typically impacted by digital transformation activities. Some 31% of compliance leaders report that messages from other functions have created competition for compliance messaging; and 35% of compliance leaders say hybrid work environments have made manager and peer signals more distant and less effective.
Some relief has been seen in greater organizational willingness to support compliance tech investments as part of digital transformation – Gartner research projects compliance technology budgets to have grown 180% since 2019 in response to new business needs.
Digital business transformation impacting other applications creates opportunities for compliance leaders to introduce more embedded controls. Gartner research finds that such embedded controls lead to a 30% drop in the number of employees that are highly burdened by compliance activities – reduced burden then leads to a 58% drop in non-compliance, standing as one of the most significant opportunities for compliance functions to increase their effectiveness.
What advice would you give to enterprise professionals (outside compliance and ethics roles) who want to streamline their compliance-related activities? What steps should they take?
Compliance and ethics leaders own the thankless task of attempting to manage a wide variety of risks while lacking authority and resources to do so directly. As with many corporate legal leaders, they may stand to benefit greatly from digital transformation and/or data and analytics investments at the enterprise level; however, most lack the time and expertise to capture such opportunities entirely on their own.
Despite some historical tendencies (especially among corporate legal departments) for remaining separate from other corporate initiatives (including digital transformation activities), legal and compliance leaders can benefit immensely from other enterprise leaders by bringing legal and compliance workflows closer to other end users across the business (as has been the case with CLM integrations into sales-facing applications like CRM tools).
Enterprise professionals also can play a significant role in supporting legal and compliance users pursuit of data and analytics initiatives through considering more careful integration of legal/compliance and business applications; better coordinating master data management efforts; and sharing expertise in enterprise data visualization and business intelligence tools that offer a compelling alternative to some more restrictive solutions intended strictly for legal and compliance leaders.