Fraud and corruption risks in a technology driven era
- 27% bribery and corruption concerns increased in the last one year
- 42% regulatory response concerns increased
- 60% plan to increase investments in forensic technology for compliance frameworks
The spotlight on fraud, bribery, corruption and corporate misconduct issues have magnified in the last couple of years. The survey highlights that concerns around bribery, corruption, fraud (third party, employee) and regulatory response have increased over the last one year. Technology emerged as the driving force to maintain business continuity amid the pandemic. According to the survey, use of emerging technology would improve companies’ overall compliance and risk strategy in the form of early risk detection. Other key benefits include lowered dependence on manual processes (62%) and enhanced risk assessment processes (59%). These are all critical areas especially as traditional controls and fraud detection mechanisms may not be suitable in today’s age. Leading organizations are also moving from traditional rule-book methodologies of compliance management to web-based tools with business intelligence (BI) dashboards and AI enabled mobile based chat bots.
Taking the next leap with AI, blockchain and RPA
- 57% expect AI to be used regularly in compliance, risk and legal frameworks over the next two years
- 30% expect blockchain to be used regularly over the next two years
- 33% state RPA as one the key technologies driving digital transformation within compliance, risk and legal functions
AI has the potential to discover new and unique trends and patterns from large data sets. There has been rapid growth in the intelligence of AI-led machines over the last few years that are now capable of analyzing documents, digitization and retrieving information. AI can assist in carrying out compliance efforts, monitoring, and tracking external cyber threats.
The use of blockchain powered solutions in risk, legal and compliance is expected to rise further with many companies adopting it to establish chain of custody, ensure data privacy and enable a clear evidence for forensic investigations. Rising cybercrime and digital threats will further give an impetus to the use of blockchain as digital evidence is key for investigations. Additionally, RPA can be utilized in areas ranging from monitoring, evidence collection, evaluation of controls and reporting, governance, risk and compliance (GRC) enablement, application security enforcement, digital identity or access, data identification and protection and software security. Organizations with industry standard processes and SOPs can turn highly efficient as defined implementation of RPA is relatively easier.
Remote working fueling cyber risks
- 53% cybercrime, ransomware and social engineering risks have increased over the last one year
- 40% reported a cyber breach in their organization over the last one year
- 50% have cyber insurance
The COVID-19 pandemic led to a massive and sudden surge in work from home. Unsecured websites, software exposures and lack of cyber awareness among employee saw cybercriminals exploiting organizational vulnerabilities. Over 50% of the respondents said that cybercrime, ransomware and social engineering (spoofing, phishing) risks have increased over the last one year.
Organizations should embrace digital transformation to strengthen the virtual infrastructure, develop strong monitoring frameworks, run diagnostics scans, establish incident response strategies and raise awareness among all stakeholders. With the rise of such threats and attacks, companies have also started taking larger cyber insurance policies to safeguard their data. Known as cyber risk insurance or cyber liability insurance coverage (CLIC), companies are taking proactive steps to mitigate the risk and protect assets and reputation, but most of all, recover monetarily after a breach.
Prioritizing data privacy and data protection
- 66% Data privacy and data protection compliance concerns have increased over the last one year
- 21% do not have a Data Privacy team
- 50% did not have a Data Protection Officer
Companies are facing numerous challenges in protecting their data and making sure they comply with privacy laws. Only 39% of the respondents are conducting compliance audits of third parties that handle personal data, and only half of the respondents stated that have a data privacy strategy that addresses all the requirements of global and local data privacy laws. CISOs and CTOs are realizing that merely investing in security platforms and third-party cybersecurity teams is not the answer. As enterprises awaken to the threats to internal and customer data, it’s important to formulate and action a unified Forensics strategy to prepare for the inevitable.
According to the survey, 16% said their organization does not make any provision for data breach management. Organizations should take steps to proactively assemble breach response team that combines internal stakeholders and external resources so they can be prepared in the event of a breach. A cybercrime investigation led by forensic specialists can uncover the details of how the breach occurred, data, systems and networks that are compromised, and who is responsible.
The digital transformation of corporate compliance
- 29% plan to invest over INR 10 crores to drive digital transformation over the next two years
The digital shift in compliance accelerated during the pandemic. According to the survey, technologies such as FDA (35%), AI (37%) and real-time threat intelligence and endpoint security technologies (29%) are the driving digital transformation within compliance, risk and legal functions. A strategic approach to investing in innovative technology and digital solutions to extract high value from risk and compliance programs will prove prudent in the long run. A successful digital transformation model needs to have high involvement of the C-suite. As leaders, their role will be crucial in aligning digital priorities with their vision of the company, offering guidance to make it scalable and ensuring clear communication about the strategy and execution.