In the information age, where industries must “go digital” or be left behind, corporate compliance officers are experiencing a technological transformation.
Facing more competition and regulation, corporations must rely increasingly on compliance officers to protect the enterprise. Technology equips compliance officers with risk-reduction tools while providing new growth opportunities.
Technology will affect compliance operations by:
Compliance officers typically oversee business ethics and compliance practices, keep current on regulation, and manage risk. However, as technological capabilities increase, those in compliance positions must now address cybersecurity.
As the most common business technology platform, email is deployed by everyone from basement hackers to leaders of nation-states to access computer networks. Simply by opening an inconspicuous attachment, employees can trigger a malware or ransomware attack.
Mobile devices and wearables, like smartwatches, are also potential portals for cyber criminals. Hackers can gain access though personal email accounts and penetrate employees’ business emails or other company files.
Employees may want to think twice before tweeting on company devices — social media can allow hackers to invade business accounts. Similarly, web-based collaboration tools including Box, SharePoint, Yammer, and Google Hangouts present security vulnerabilities.
In the healthcare industry, hackers target hospitals, clinics, and physicians to gain access to systems that contain patients’ personally identifiable information and personal health information. These records contain sensitive information, including Social Security numbers, birthdates, and credit card data, that can be used to drain bank accounts and run up credit card charges.
The steady increase in technology threats is almost matched by the constant drumbeat of new regulation.
Consider the General Data Protection Regulation (GDPR), new European rules on the collection and use of personal information on the internet. Companies will be required to provide customers with a copy of their personal data on file, and the option to delete the information. Noncompliant companies could be fined as much as 4% of their annual revenue.
Meanwhile, the New York State Department of Financial Services recently instituted new regulations to protect financial services companies and customers from cybersecurity threats. Banks, financial services firms, insurance companies, and credit card companies are required to develop cybersecurity policies and programs, introduce multifactor authentication as part of password protection, hire a chief information security officer, and disclose breaches within 72 hours.
The healthcare industry faces constant pressure to address new regulations surrounding electronic medical records, patient privacy, and performance outcomes. The current opioid addiction epidemic has introduced new regulations around prescriptions and sales, with a growing number of states placing limits on the frequency and amount of drug purchases. Meanwhile, the FDA and European regulators are discussing new rules to thwart cyber attacks against patient medical devices.
Fortunately for compliance officers, technological tools can help address these cyber threats and the resulting regulatory maze.
RegTech software helps financial services companies track and comply with regulations. RegTech interprets regulations with greater consistency and identifies unusual or suspicious activity through analytics.
AI, another emerging tool, uses machine learning technology to learn and adapt over time. As AI programs complete tasks, they gain knowledge about relevant subjects and produce more accurate results. For example, machine learning software can be programmed to adhere to the GDPR requirements, creating easier access to specific personal data.
Blockchain, noted for its use in bitcoin transactions, has value as a compliance tool. Blockchain activity is encrypted and immutable. Once the transaction takes place, it is documented and the record can’t be altered, virtually eliminating the chances of fraud.
Automated risk assessment technology probes existing organizational data, identifying potential vulnerabilities, and developing recommended action plans to repair breaches and improve security.
Data loss prevention software discovers the location of corporate data on networks, the cloud, mobile devices, and other sources. The technology then tracks how the data is used and protects the information from being compromised.
Governance, risk, and compliance (GRC) technology helps align, leverage, and automate processes. In a single platform, GRC captures reporting on risk and control information while providing a holistic view of risk and compliance coverage and exposures.
Understanding technological threats and the digital tools to address them may seem like one more demand placed on compliance officers. However, choosing the right technology is critical in reducing risk, and may mean the difference between a massive security breach and a successful defense of a cyber attack.
By adding sound governance and protection system technologies to their toolbox, and staying up to date on sources of vulnerability, compliance officers can help their companies achieve and maintain success.