As corporations around the world continue to spend huge sums on efforts to improve and enforce regulatory compliance, there is an interesting debate taking shape around questions of ownership and responsibility. Who is ultimately responsible for ensuring compliance, the person or the technology? We took a look into this debate in the context of the Asia Pacific region.
It’s safe to suggest that the US and Europe are, in comparison to the Asia Pacific region, ahead in their journey to digitalise compliance. It’s partly because there is greater trust in technology in the West. That, however, should not suggest that corporations in the Asia Pacific region do not understand the importance of technology for compliance-related practices. They do, and they are investing in it. But there is a hesitation to rely too much on technology there, and a greater appetite for a human oversight and control. And one recent event can help us understand the reasons behind that approach.
Earlier this year, 1LoD brought together senior surveillance leaders for their annual virtual deep dive, with a focus on the Asia Pacific region. Participants discussed ways and means of making sure that corporations maintain their global and regional regulatory standards, whilst also making room for local considerations. Regulatory compliance was, of course, one of the main topics on the agenda.
Can we ever develop a technology that can be fully trusted and left on its own to ensure compliance and deal with violations?
An interesting point raised during the two-day discussion was the reaction of senior corporate management in the Asia Pacific region to fines recently handed out to banks in the US and EMEA regions. A number of these fines were the result of a failure on the part of these banks to keep proper records of their corporate communication channels.
These actions by the regulatory authorities elsewhere had prompted senior management in the Asia Pacific region to invest in and improve the standards of their compliance-related surveillance technology. But, whilst agreeing on the need to have better technology in place, participants also insisted on the importance of instilling greater commitment to compliance at a human level.
Search for a perfect technology
And that brings us back to the discussion around responsibility. Can we ever develop a technology that can be fully trusted and left on its own to ensure compliance and deal with violations? Will there ever be a piece of technology that is smart enough to understand and work across linguistic and cultural diversities and differences, especially in regions such as the Asia Pacific?
Let’s avoid the temptation of predicting the future and, instead, look at where we are right now on the compliance technology journey. As things stand, industries around the globe simply cannot do without technology in their compliance practices. The reason is very simple. Technology brings efficiency, speed and simplicity to the workplace.
Experts firmly believe that ensuring regulatory compliance requires as much investment in the human workforce as in the relevant technology.
Writing for software compliance firm North Row, Lauren Davidson explains a number of ways in which technology is “influencing and transforming compliance practices.” They include the automation of workflow, documents management, analysing big data sets, real-time monitoring, staying ahead of regulatory changes, ensuring cybersecurity and data protection and, very importantly, enabling compliance collaboration amongst teams that are spread across different regions.
The vast majority of the literature around the topic of regulatory compliance and technology points to a certain trend. There is a comparatively greater confidence in technology, especial AI, to deal with compliance in the western hemisphere, namely the US and Europe. As Paul Roche explains, we are seeing a transition period in which technological advancements are transforming our work, lifestyle and business practices, taking us closer to a digital economy.
But, as revealed in one of the findings of 1LoD’s Asia Pacific Surveillance Deep Dive, regions around the globe are at different stages of this transition journey. The Asia Pacific region is certainly one where there is clear hesitance to rely on technology alone. Experts at the event clearly insisted there was still a need for a human oversight over compliance practices in corporations in that region.
One of the reasons behind this hesitance was to do with the limitations of the technology that was used to properly identify and flag compliance related violations. Experts believed that the linguistic complexities in the Asia Pacific region meant that AI-enabled surveillance technology did not always cope well with this complexity, leading to a huge number of false positive calls on compliance-related violations.
Investing in humans
So, the technology side of compliance surveillance operations in the Asia Pacific region may not be perfect yet. But what about the human aspect? Speakers at the Deep Dive agreed that there had been a number of violations by members of staff too. Some of these had to do with the Bring Your Own Device (BYOD) policy implemented by some corporations. But many of these incidents were due to “complacency and convenience rather than any malicious intent.” In other words, staff members either didn’t fully understand compliance-related protocols, or simply took things too lightly.
And that brings us to another key finding from 1LoD’s discussion. Experts firmly believe that ensuring regulatory compliance requires as much investment in the human workforce as in the relevant technology. In other words, compliance with approved regulatory standards should be part of the fabric and the working culture of corporations, and not just a set of rules viewed and reviewed by senior managers only. That will require corporations to “embed a culture of compliance through regular staff training, clear policy communication, and a balance of rewards for good behavior and consequences for policy violations to encourage the use of approved communication channels.”
The US and Europe might be ahead of the Asia Pacific region in their journey towards digitalizing compliance. But that doesn’t mean that they ignore the importance of human oversight over technology. There is clear legislation, as well as intention, for maintaining human control over the ever-advancing technology. Article 14 of the EU Artificial Intelligence Act specifically calls for technology to be designed and deployed in a way “that can be effectively overseen by natural persons.”
We can draw one clear conclusion from this debate. Corporations around the globe are increasingly relying on technology for their compliance related practices. The benefits of doing so clearly outweigh the potential risks. However, there is a clear understanding of the limitations of technology in ensuring total compliance. Hence, both governments and corporations call for human oversight, along with a smooth integration of technology, for regulatory compliance purposes. And, for now, that looks like the safest approach towards regulatory compliance.