As we head into the new year, we have time to reflect on the compliance industry trends of the last year and look forward to 2022 as we try to get ahead of an ever-changing compliance landscape. It’s important for compliance professionals to take stock of the past year to identify areas for improvements and enhancements in their respective compliance programs. Further, the best programs thrive on proactiveness, so looking ahead and anticipating challenges and changes in the upcoming year will be crucial to ensuring the health of your program moving forward. Here are some of my thoughts on this past year, as well as some trends I see coming down the pipe in 2022.
Looking Back on 2021
In some ways, not much has changed over the last year. Unfortunately, the pandemic is still in full swing, leaving many of the same challenges and trends from the prior two years applicable even today. For example, companies are still wrestling with remote work situations and all the challenges inherent in that type of environment. That said, more so than last year at this time, there is light at the end of the tunnel. In the meantime, let’s look back at the year that was and discuss some key trends, challenges, and lessons learned.
Key Regulatory Compliance Industry Trends in 2021
Environmental, Social, and Governance
Companies have continued to focus on Environmental, Social, and Governance (“ESG”) criteria, and this trend continued to pick up considerable steam throughout 2021. Investors and consumers alike now place a premium on products, services, and companies that place an emphasis in these areas – especially those that “walk the walk” and do more than just provide lip service. The public expects corporate action and accountability, which continues to push companies to adopt a broader vision of success. In that same vein, many compliance professionals in my network have been tasked with responsibility for their company’s ESG efforts, despite not necessarily being the best department for that. However, compliance officers still clearly have their own role to play.
For those not technically savvy, I liken these data privacy issues to a physical oil pipeline. Basically, your company has data running through a network of pipes, and you’re responsible for the “leaks” in those pipes – including the cleanup and the resulting damage. However, unlike the pipeline example, your data faces a constant barrage of bad actors seeking to break into that stream. Protecting this data can place a heavy burden on companies.
In 2021 we saw new domestic regulations dealing with data privacy issues. California had already implemented the California Consumer Privacy Act (“CCPA”) previously, but took further steps in this area in 2021 with the passage of the California Privacy Rights Act (“CPRA”). Additionally, both Virginia and Colorado passed their own respective laws in 2021, and I would certainly expect more states to follow suit in the near future.
Reinvigorated Anti-Corruption Efforts
Towards the end of 2021, the Biden Administration announced a new, comprehensive anti-corruption program, the United States Strategy on Countering Corruption. This announcement followed a 200-day interagency examination to develop just such a comprehensive government-wide anti-corruption initiative. The headline issues identified by the initiative included the expansion of targeted sanctions programs against corrupt individuals and governments; aggressive enforcement of illicit finance schemes by targeting enablers of such money laundering activities, including lawyers, accountants, art dealers, investment advisers; and increased disclosure requirements for beneficial ownership of corporations to minimize use of shell companies to further illicit finance schemes. This plan also addressed the FCPA specifically, and the Administration expressed its desire to “update the tools available to hold corrupt actors accountable at home and abroad including by working with Congress to criminalize the demand side of bribery by foreign officials.”
Challenges and Lessons Learned
Challenge 1 - Keeping up with increasing changes and demands
Let’s face facts, 2021 was hard for many of us. The challenges created by the pandemic have continued to plague us (pun intended), and it’s tough to balance it all. All compliance professionals deserve to pat themselves on the back for continuing to navigate through these uncharted waters over the past year. The challenge is in keeping up with the continuing changes, demands, challenges, and an evolving compliance landscape. Despite all the year’s struggles, misconduct did not take a break and government enforcement continued unabated. As such, compliance professionals need to be able to adjust on the fly and continue their crucial work. While the work can be difficult and, at times, thankless, it’s nonetheless imperative to the health of any organization.
Lesson 1 - Leverage internal resources
First lesson – remember you’re not alone! Corporate compliance requires the support of the entire organization. I find that even those organizations that run very lean can have some of the best teamwork. There are a variety of units within the business that can be key allies and contributors for the compliance organization. During our recent remote working phase, I’m sure everyone became close friends with the IT department to help with a variety of technical issues. The compliance department can especially benefit from leveraging IT resources during this period, whether during remote investigations or otherwise.
There’s also much to learn from these partners even on the compliance front. Many of your colleagues are attending webinars and learning best practices from industry leaders, and these learning opportunities may also flag common compliance issues within those areas. It’s important to maintain a dialogue with your colleagues and be open to learning some of the hot topics in other areas as well, as there is often overlap.
Challenge 2 - Maintaining engagement with a remote workforce
Throughout the pandemic, we’ve all lost a lot of the in-person communication and face time that compliance professionals rely on to engage with their colleagues and workforce. Oftentimes it’s these casual conversations at a water cooler or at a neighbor’s desk that can yield important information regarding the health of the business or other cultural issues that could be nipped in the bud early on. Remote working, despite various advantages, can often cause silos or feelings of isolation. This can hurt compliance efforts as it may lead to blind spots and problems going unaddressed.
Lesson 2 - Make the extra effort to engage with your colleagues
Despite the remote work environment, compliance professionals must continue to foster and maintain a culture of collaboration and teamwork throughout the organization. Further, as I mentioned, most of us have experienced some feelings of isolation in one way or another during the pandemic. While it may require extra effort, understand that a lot of your colleagues may be craving that additional engagement. It’s important to remember that we’re all in the same boat. Having periodic check-in conversations, whether individually or in small groups, can go a long way towards identifying any potential problems, with the added benefit of improving the mental well-being in the workforce.
Challenge 3 - Increased focus on trade compliance
In 2021, I noticed a significant uptick in client inquiries regarding all areas of trade compliance. This is not surprising, considering its complexity at times. Further, the Biden Administration has made trade compliance – whether through trade sanctions or export controls – a matter of national security, which places a heavy emphasis on the area. As such, enforcement actions will continue to increase. Companies big and small must continue to ensure they comply with the complex web of regulations in all facets of their business, whether in buying and selling goods, engaging third parties, joint ventures, and even throughout the supply chain. Compliance can be difficult enough for traditional manufacturers of physical goods, but become even more complex for Internet-based businesses, such as software-as-a-service (“SaaS”) businesses.
Lesson 3 - Ask for help and utilize technological solutions
Look, trade compliance can sometimes be confusing and difficult. The regulations can often seem rather ambiguous, and that may be by design. If necessary, reach out to experts in the field with experience in these areas. They can often remove the ambiguity and provide clear and concise solutions that are surprisingly simple in their execution. Building the proper foundation at the beginning can go a long way towards making compliance a smoother experience. On top of this, there are a growing number of technological solutions that companies can implement in their workstreams. These solutions are often automated and can help to reduce the time and effort needed to comply with these regulations.
Compliance Industry Trends Forecast for 2022
Data / Digitization
The world continues to move into the digital realm. If there’s data to be collected, someone will be out there collecting it, processing it, and utilizing it in some manner. At this point I have kitchen appliances connected to the cloud, so it doesn’t matter what type of industry you work in, you can expect the amount of data your company collects and maintains to continue to increase. This trend will continue in 2022 and beyond. And as noted in my earlier points, governments are increasingly regulating the use and storage of that data. If your company does not yet have a comprehensive data privacy program in place, you must get ahead of this issue and begin to craft one. As Spiderman once said, with great data comes great responsibility (or something along those lines), so continue to ensure your company maintains the necessary measures to safeguard that data.
Changes to the DOJ’s Corporate Enforcement Efforts
On October 28, 2021, U.S. Deputy Attorney General Lisa O. Monaco laid out the DOJ’s priorities and announced several changes to the current policy regarding corporate enforcement. First and foremost, the DOJ heralded the importance of corporate compliance. Companies need to actively review their compliance programs to ensure they adequately find, fix, and prevent misconduct. Companies that fail to maintain an effective compliance program will be penalized for their efforts if they find themselves before the DOJ in an enforcement action. Further, the importance of corporate crime enforcement has been elevated given the national security implications of violations of export controls, sanctions regulations, and cybersecurity issues.
Next, among the changes to corporate enforcement, Ms. Monaco noted that the DOJ can now consider all prior misconduct associated with a recidivist offender. Previously, consideration of prior misconduct was limited to the immediate area of concern (e.g. prior sanctions violations for sanctions enforcement). This change seeks to “harmonize” the treatment of individuals and organizations under federal law. In addition, Ms. Monaco also noted that the DOJ would more routinely utilize independent corporate monitors to ensure the riskiest offenders are “living up to [their] compliance and disclosure obligations.”
Continued Need for Counterparty Due Diligence
This last trend feels like one I could have included in my year-end columns for the last decade or more. Yet it continues to grow in importance and is still something that all too many companies seem to neglect. So, I will continue to say it – companies need to have an effective due diligence program for the third parties they interact with. Governments across the world continue to utilize different types of restricted lists to enforce their regulatory interests. These governments, including the U.S., place the onus on the individual companies to know exactly who these third parties are (including obtaining beneficial ownership) and ensuring these parties are not subject to any of these restrictions or prohibitions. We also see a continued trend of focusing on all third parties, not just a handful of business partners. These may include third parties throughout the supply chain, for example, or even individual customers. A proper and thorough due diligence screening during the onboarding phase can help alleviate all sorts of issues down the line, regardless of the risk area.
Preparing Your Business for the New Year
With these themes in mind, now is the time to start focusing on the 2022 priorities for your compliance program and crafting a plan of action. While 2022 will certainly introduce many of its own challenges, charting a course early in the year will help weather the storms that will inevitably arise. As the saying goes, failing to plan is planning to fail!
With that said, I hope everyone has a happy and healthy new year and wish you all the best in your compliance journeys in 2022!
Compliance 2022: A year in review
Good Compliance Habits to Adopt in 2019
Compliance Lessons Learned the Hard Way in 2020