It's Time to Turn Compliance into a Strategic Asset

Credit: peshkova – Fotolia

Business leaders and corporate boards have long viewed compliance efforts as a kind of necessary evil—an essential process to manage a company's risk profile, but still a process that's seen as a cost center rather than a profit generator.

That view may be starting to change, according to "The 2020 Governance Outlook: Projections on Emerging Board Matters," a new report by the National Association of Corporate Directors. The NACD is the nation's leading authority on boardroom practices which works to help boards strengthen investor trust and build public confidence.

To help corporate executives foster boardroom cultures that pursue continuous improvement and long-term value creation, the NACD report highlights some current trends that are reframing the compliance picture. Rather than being a drag on innovation and hampering time-to-market, compliance efforts are being reimagined as a strategic asset to gain a competitive advantage.

The NACD report states that directors will need to become more fluent in the latest advances as macro technology forces collide and companies push further toward the digital frontier. Cloud computing and online collaboration are already mandatory tools for most businesses. Some of the hottest new disruptive areas include artificial intelligence, virtual reality, cryptocurrencies, 5G networks and the Internet of Things, to name a few.

Another essential technology today involves data analytics. Machine learning and predictive analytics are helping to drive data governance solutions that empower decision-makers. That's why organizations should not delay their IT migration projects, because they simply can't afford to be left behind.

"Boards are shifting the focus to understand how technology can also be leveraged offensively to create and enable new opportunities, business models, and revenue sources," write the authors. "As a result, many board members are seeking to understand the business impact of emerging technology trends to better exercise oversight without stepping into management's role."

Toward that end, management may find it helpful "to inventory all compliance and regulatory updates or potential changes and, working with the board, to define which committee or if the full board will be primarily responsible for oversight of such topics."

The scope of what needs to be protected and monitored is widening due to the adoption of new communication channels. Companies need to incorporate text messaging, collaboration platforms and voice technologies. By delaying migration projects, firms have a hard time reaching their full potential.

There can be huge opportunity costs for not adopting new tools for communications and workforce collaboration. Companies cannot be as agile if they don't support communications tools that prospective clients demand, and they can easily lose those prospects to competitors. Internal productivity is improved by adopting the latest collaborative technologies, such as Microsoft Teams, Slack, and Zoom. In turn, such adoption creates a need for a reliable method to capture, store and retrieve that content.

More companies have advanced their information governance programs, where they are bringing together legal, compliance, IT, and infosec stakeholders to assess the benefits and risks of new communications sources. The discussion of the benefits offered by these new communications and collaborative tools is providing a more complete ROI analysis that puts the cost of migration in proper perspective.

The NACD report goes on to state that three new macro-technology forces are poised to generate major transformations over the next decade: digital reality, cognitive technologies, and blockchain. To harness the power of these forces, they suggest that leading organizations should consider the following essential steps for a successful digital transformation:

• Modernizing core systems to facilitate innovation and growth.
• Elevating cyber risk and the broader risk domain from a compliance-based activity to an embedded, strategic function.
• Reengineering the technology function to deliver against the promise of existing and emerging technologies.

Board engagement should consider related factors such as the appropriate risk appetite; the best ways to protect and preserve information assets; and how to instill adequate resiliency to respond to evolving threats and incidents. In terms of regulatory matters, some new technologies are being adopted to help stay ahead of compliance rules and standards. Companies can implement digital communications archiving platforms that are searchable and extensible to address the implications of current and future regulations on data and information. By integrating communication threads across disparate channels such as email, social media, mobile/text messaging, instant messaging/collaboration, websites and voice, compliance teams can help draw insights about the best ways to develop new strategies and improve competitive initiatives.

As digital services become ubiquitous and hyper-personalized, they introduce new risks in terms of fraud, cyber threats and data security, along with increased regulatory and compliance demands to protect customer data. Increasingly, boards and managers need to provide access to tools that improve workforce productivity and collaboration. Yet many companies are adopting the widespread use of cloud computing and collaboration apps without the necessary compliance guardrails in place, which can be a formula for disaster.

"Accordingly, boards should ask the executive team how it is managing and mitigating risks associated with technology infrastructure required to deliver customer experience and growth," stated the NACD authors.

It is time for corporate directors and managers to rethink compliance as a strategic effort that can spur a competitive advantage, along with deciding how to leverage the range of emerging technologies that are being unleashed today. Implementing a comprehensive digital archive is one way for companies to gain new insights to improve their business while also strengthening protections for compliance and e-discovery.

Robert Cruz is Senior Vice President of Information Governance for Smarsh, with more than 20 years of experience in providing thought leadership on emerging topics including cloud computing, information governance, and Discovery cost and risk reduction.