Governance, Risk & Compliance: GRC
Five Compliance and Risk Predictions for 2021: Be Prepared for Anything
One thing is clear, 2021 will look a lot different from 2020. But will the start of the new year prove an immediate panacea to the minefield of hurdles that disrupted the risk landscape – Covid-related shutdowns, transitions to work from home, cyberattacks and social unrest? Unlikely. We’re still in our darkest days of a global pandemic, companies are struggling to map out a path forward and we face uncertainty in the months ahead.
As we enter the first weeks of 2021, we dispense with the “return to normal” talk and instead consider how companies should prepare for how Covid-19 has forever disrupted the landscape and transformed business models by ushering in new regulatory challenges and accelerated technologies – and bringing with them new threats. In addition, other key shifts in the political and regulatory environments promise to bring change and require the attention of ethics and compliance leaders.
Here are our predictions for 2021.
1. The distribution of Covid-19 vaccines will pose legal, ethical and logistical challenges for employers.
With several vaccines now available and inoculations beginning, how does this impact employees returning to the workplace? What does it mean for those working in what have traditionally been travel-heavy roles? Ethics, compliance, HR and legal teams don’t have a clear path forward. The many “what-ifs,” from localized pacing of vaccine rollouts to mutations in the SARS-CoV-2 virus and recurrent lockdowns, mean organizations will need to remain adaptive as to how they guide their workforce.
“For vaccines, many HR and legal professionals are looking at flu shots as a possible legal precursor. Organizations that have required all of their employees to get flu shots lose in court time and time again. Those requirements have only held up in court in regard to healthcare workers, nurses, doctors, etc., where organizations can show that an employee opting out of a flu shot increases risk for patients.
“So, along those lines, organizations that require their employees to get a COVID vaccine, in the absence of a federal or state legal requirement, are going to deal with people who claim religious exemptions, infringement of rights and all manner of things.
“The best most employers will be able to do is ‘encourage’ employees to get the vaccine. A 60 percent opt-in rate among employees would be aggressively optimistic. This issue will likely play out through the summer and fall of 2021.”
Director of Risk Advisory Services at SAI360
2. The ‘S’ in ESG will grow in significance as diversity and inclusion and other social issues take center stage.
2020 saw the rise of a new generation of civil rights activism and a worldwide movement on criminal and social justice reform. Some companies took a public stance as upheaval in the U.S. led to protests in major cities worldwide, including Washington, D.C., London and Paris.
There is no longer a separation between the outside world and the corporate world when it comes to social impact. We’ve already seen an embrace of environmental, social and governance practices with investors pouring money into ESG-related funds traded in U.S. markets to the tune of $27.4 billion as of mid-December, according to the Wall Street Journal. Social movements will likely not abate as employee and consumer activism grows.
This creates cultural tension within companies. Leaders are asking themselves what place their companies have in the world and how do their companies orient. It’s not OK to just sell products. What’s the purpose behind your products? Corporations will have to embrace this increased scrutiny into how they behave internally and externally.
“There’s clearly a connection, internal and external, with corporate behavior in ethics and compliance and that ups the ante for companies. Simply put, people are going to judge companies on their values. If those values don’t align with personal or societal expectations, companies will lose. The ethics and compliance function is uniquely equipped to have the conversation about corporate purpose.”
VP at SAI360
3. Cyber attacks and data privacy breaches will continue to their upward trend.
The fight against cyber threats is going to heat up and companies can expect to continue being hit with ransomware, malware and phishing attacks. Rates of both types of intrusions skyrocketed in 2020, leaving many organizations battling two continuous business continuity events – cybersecurity and the pandemic. The pace of attacks won’t lessen in 2021. According to cybersecurity firm Lumu Technologies, in 2021 a business will be attacked by ransomware every 11 seconds.
No industry is immune to cybercrime. We closed out 2020 with the SolarWinds attack, a suspected large-scale Russian cyberattack targeting roughly 18,000 companies and federal agencies. The attack ultimately infiltrated the computer networks of more than 250 organizations worldwide and, according to Bloomberg, impacted unnamed cybersecurity companies, government agencies and government contractors, roughly 80% of which are in the U.S.
In fact, the pace of pandemic-driven digital transformation will be the very nexus of cybersecurity events in 2021. Cybercriminals will continue their focus on remote work and take advantage of dispersed workforces and the use of personal technologies outside of corporate networks to launch ransomware and phishing attacks. In addition, the adoption of new technologies puts companies and their workforces at risk for data exposure. While CISOs are accustomed to regular IT risk and cybersecurity reviews, there’s no better time to increase that cadence and understand how to predict disruptions than now.
“The pace of cybercrime isn’t likely to slow, and it won’t stabilize as more and more companies are paying ransomware than ever before. It will continue to be lucrative for criminals.”
Director Risk Advisory Services at SAI360
4. The Biden administration will put renewed focus on regulation and enforcement.
Companies doing business in or with the U.S. can expect under a Biden administration, at a minimum, a return to the level of regulatory oversight in the compliance world experienced during the Obama years. We will likely see increases in Federal Corrupt Practices Act (FCPA) investigations and prosecution as well as environmental and antitrust enforcement.
While the Trump administration didn’t whittle away at FCPA laws as some feared, it allowed enforcement to languish with fewer resources, unfilled staff positions and less attention. The pace of FCPA enforcement actions slowed significantly in 2020 and publicly traded companies disclosed only six new government investigations initiated in 2019, according to data collected by Stanford Law School’s FCPA Clearinghouse.
C-suite executives should be assessing the likelihood of regulatory investigations and prosecutions and not be complacent by the relative calm of the past four years. Expect a more active EPA under a Biden administration in the aggressive pursuit of criminal and civil enforcement cases at a federal level. Furthermore, the enactment of the Anti-Money Laundering Act (AMLA) on Jan. 1 requires transparency of owners of shell companies, increased antitrust enforcement is likely, and renewed focus Section 230 protections of the Communications Decency Act may bring about changes not just to social media sites but potentially to any website with a comment section.
At the end of 2020, the EU unveiled the proposed Digital Service Act and the Digital Markets Act which would change the handling of illegal or harmful content online and establish an even playing field to “foster innovation, growth and competitiveness, both in the European Single Market and globally,” according to the European Union.
Meanwhile, employee protection program mandates, from attention to workplace bullying to sexual harassment training requirements, are evolving globally. All industry sectors can anticipate heightened regulatory scrutiny and the need to improve internal controls, including training and reporting resources.
“Be prepared for a better-resourced U.S. DOJ in more focused pursuit across entire industries. Especially when it comes to FCPA enforcement, it’s imperative that companies have insight into their third-party risk. They should know who they’re doing business with and how they’re being vetted.”
VP at SAI360
5. More companies will adopt agile risk management to keep pace with the rapidly evolving business landscape.
Embracing an agile approach to risk management enables companies to assess and leverage risk more strategically, differentiating between short-term tactical steps and long-term planning. The agility that companies seek requires GRC solutions that address specific use cases and offer faster deployments, more off-the-shelf integrated risk management tools and readily configurable platforms that are easy to use.
Across risk management, the focus is shifting to achieving critical business value in as little time as possible. Automation technology will significantly expand in 2021 as the pace of digital transformations force more organizations away from systems of records to decision support.
“The use of data to predict decisions or determine workflows will be increasingly important to building resilience and establishing competitive differentiators in a post-Covid world.”
Chief Technology Officer at SAI360
The pandemic didn’t reduce the risks companies face, it added new ones and amplified others along with additional social and political forces that are manifesting. Flexibility, vigilance and patience will be keys to thriving in 2021.
Learn more about our integrated risk management solutions.
See how a balanced risk management and business continuity scorecard can help you move forward from the pandemic, and download our template.
Or, contact us to see how SAI360 has helped organizations like yours.