5 minute read 29 Jul 2021
Compliance transformation

How can digital transformation of compliance energize integrity frameworks?

By Arpinder Singh

EY Global Markets and India Leader, Forensic & Integrity Services

Leading forensic accountant and veteran expert witness. Advising global clients on compliance, anti-corruption and corporate governance. Disruptive thinker. Technology aficionado. Author.

5 minute read 29 Jul 2021

Show resources

  • ey-forensics-survey-reshaping-the-future-of-compliance-with-emerging-technologies.pdf

Emerging technologies such as AI, cyber forensics, RPA and blockchain are witnessing momentum to establish digitally driven compliance programs.

The disruption from the COVID-19 pandemic brought a marked change within organizations as they dealt with restricted business operations, deviations in standard procedures and remote working. Technology emerged as an essential enabler to overcome the challenges faced and to foster agility in the modern workplace. The current wave of digital transformation engulfing corporate India is driving the use of emerging technologies within compliance in new ways and uncharted areas.

EY Forensic & Integrity Services and the Association of Certified Fraud Examiners (ACFE) Mumbai Chapter’s latest report, Reshaping the future of compliance with emerging technologies highlights that fraud, corruption, cybercrime, regulatory scrutiny and data privacy concerns have increased significantly over the last one year. These concerns have ushered in a new era of acceptance for the enhanced use of digital technologies within anti-fraud, compliance and risk management frameworks. As enforcement action and regulatory oversight continues aggressively, organizations should harness the power of technology to meet regulatory expectations and maintain stakeholder trust.

Companies that will embrace change for an ethical and digital future, and follow appropriate strategic imperatives are likely to have a better chance of weathering crises and creating long-term value.
Arpinder Singh
EY Global Markets and India Leader, Forensic & Integrity Services

Fraud and corruption risks in a technology driven era

  • 27% bribery and corruption concerns increased in the last one year
  • 42% regulatory response concerns increased
  • 60% plan to increase investments in forensic technology for compliance frameworks

The spotlight on fraud, bribery, corruption and corporate misconduct issues have magnified in the last couple of years. The survey highlights that concerns around bribery, corruption, fraud (third party, employee) and regulatory response have increased over the last one year. Technology emerged as the driving force to maintain business continuity amid the pandemic. According to the survey, use of emerging technology would improve companies’ overall compliance and risk strategy in the form of early risk detection. Other key benefits include lowered dependence on manual processes (62%) and enhanced risk assessment processes (59%). These are all critical areas especially as traditional controls and fraud detection mechanisms may not be suitable in today’s age. Leading organizations are also moving from traditional rule-book methodologies of compliance management to web-based tools with business intelligence (BI) dashboards and AI enabled mobile based chat bots.

Taking the next leap with AI, blockchain and RPA

  • 57% expect AI to be used regularly in compliance, risk and legal frameworks over the next two years
  • 30% expect blockchain to be used regularly over the next two years
  • 33% state RPA as one the key technologies driving digital transformation within compliance, risk and legal functions

AI has the potential to discover new and unique trends and patterns from large data sets. There has been rapid growth in the intelligence of AI-led machines over the last few years that are now capable of analyzing documents, digitization and retrieving information. AI can assist in carrying out compliance efforts, monitoring, and tracking external cyber threats.

The use of blockchain powered solutions in risk, legal and compliance is expected to rise further with many companies adopting it to establish chain of custody, ensure data privacy and enable a clear evidence for forensic investigations. Rising cybercrime and digital threats will further give an impetus to the use of blockchain as digital evidence is key for investigations. Additionally, RPA can be utilized in areas ranging from monitoring, evidence collection, evaluation of controls and reporting, governance, risk and compliance (GRC) enablement, application security enforcement, digital identity or access, data identification and protection and software security. Organizations with industry standard processes and SOPs can turn highly efficient as defined implementation of RPA is relatively easier.

Remote working fueling cyber risks

  • 53% cybercrime, ransomware and social engineering risks have increased over the last one year
  • 40% reported a cyber breach in their organization over the last one year
  • 50% have cyber insurance

The COVID-19 pandemic led to a massive and sudden surge in work from home. Unsecured websites, software exposures and lack of cyber awareness among employee saw cybercriminals exploiting organizational vulnerabilities. Over 50% of the respondents said that cybercrime, ransomware and social engineering (spoofing, phishing) risks have increased over the last one year.

Organizations should embrace digital transformation to strengthen the virtual infrastructure, develop strong monitoring frameworks, run diagnostics scans, establish incident response strategies and raise awareness among all stakeholders. With the rise of such threats and attacks, companies have also started taking larger cyber insurance policies to safeguard their data. Known as cyber risk insurance or cyber liability insurance coverage (CLIC), companies are taking proactive steps to mitigate the risk and protect assets and reputation, but most of all, recover monetarily after a breach.

Prioritizing data privacy and data protection

  • 66% Data privacy and data protection compliance concerns have increased over the last one year
  • 21% do not have a Data Privacy team
  • 50% did not have a Data Protection Officer

Companies are facing numerous challenges in protecting their data and making sure they comply with privacy laws. Only 39% of the respondents are conducting compliance audits of third parties that handle personal data, and only half of the respondents stated that have a data privacy strategy that addresses all the requirements of global and local data privacy laws. CISOs and CTOs are realizing that merely investing in security platforms and third-party cybersecurity teams is not the answer. As enterprises awaken to the threats to internal and customer data, it’s important to formulate and action a unified Forensics strategy to prepare for the inevitable.

According to the survey, 16% said their organization does not make any provision for data breach management. Organizations should take steps to proactively assemble breach response team that combines internal stakeholders and external resources so they can be prepared in the event of a breach. A cybercrime investigation led by forensic specialists can uncover the details of how the breach occurred, data, systems and networks that are compromised, and who is responsible.

The digital transformation of corporate compliance

  • 29% plan to invest over INR 10 crores to drive digital transformation over the next two years

The digital shift in compliance accelerated during the pandemic. According to the survey, technologies such as FDA (35%), AI (37%) and real-time threat intelligence and endpoint security technologies (29%) are the driving digital transformation within compliance, risk and legal functions. A strategic approach to investing in innovative technology and digital solutions to extract high value from risk and compliance programs will prove prudent in the long run. A successful digital transformation model needs to have high involvement of the C-suite. As leaders, their role will be crucial in aligning digital priorities with their vision of the company, offering guidance to make it scalable and ensuring clear communication about the strategy and execution.

Summary

A digitally empowered compliance and anti-fraud program that is well integrated across all business functions and led by the C-suite and board can maximize value, drive best practices within and augment adherence to fraud prevention policies and procedures.

About this article

By Arpinder Singh

EY Global Markets and India Leader, Forensic & Integrity Services

Leading forensic accountant and veteran expert witness. Advising global clients on compliance, anti-corruption and corporate governance. Disruptive thinker. Technology aficionado. Author.