Sundar Narayanan, Nexdigm
The scope and responsibilities of Ethics and Compliance are being modulated extensively in current times. A dynamic market environment, characterized by rapid technological development, government sanctions and regional enforcement, and more specifically, COVID-19 have impacted the role of ethics and compliance.
In this article, we will cover six key emerging risk areas that require increased attention of the Ethics and Compliance officers. All of these areas require collaboration with functional leaders, including Public Relations, Information Security, Strategy, and the Chief Information Officer to identify and holistically address specific concern areas.
Health and safety reporting
The emergence of the COVID-19 pandemic has exposed the limited attention that compliance officers had placed on health and safety within their compliance programs. The reporting regulations introduced to contain the pandemic, as well as office health and hygiene compliance, bring multiple risks to the forefront.
While safety considerations have been well integrated with many businesses, and ‘zero accidents’ is considered a key performance indicator of factory or business operations, there are emerging risks of under-reporting or misreporting of safety incidents. Under-reporting may be aimed at window dressing performance statistics since safety incidents are a significant factor for leadership.
Policy communications, inter-governmental initiatives, and public discourse are often published through social media platforms to leverage the agility and ease of transmission they offer. Corporates are also more extensively using social media to publish strategic initiatives, over and above their marketing efforts.
With comments, trolls, and memes posing serious reputational risk, threatening stakeholder value, and affecting business prospects—the content— as well as the delivery of such communications, assume significance. It is prudent to include social media protocols, general guidelines, and expectations as part of training/outreach programs for senior management personnel.
It is also crucial to initiate action in cases where social media posts by corporate employees in their personal capacity hinder the reputation of the organization. For instance, hate messages or messages encouraging hate speech, violence, or discrimination may place the organization in an unflattering light. These sensitive situations should be handled with care to distance the organization from such inflammatory views and even consider separating from the employee in question.
With increased digitization and technology adoption by organizations, the issues associated with cybersecurity have become paramount for businesses. The risk of spoofing, phishing, insider threat, data breach, or ransomware attacks have considerably increased in the last year, and cyber threat looms closer, given the current work from home environment. Cyber-attacks have become more sophisticated to beat the heightened awareness levels in their targets.
For instance, a spoofing mail comes with definitive knowledge of the decision-maker and various stakeholders. A mere subscription to a cloud-based community edition of marketing or a business utility tool that sits as an add-on to your emails can potentially expose the organizational hierarchy, using information from your emails or customer connections.
Weak coding practices, as simple as posting codes containing private information on Github and non-monitoring of patches to codes adopted from open-source frameworks, are some common causes of breaches. Data risks occur due to voluntary or involuntary practices of employees/contractors who work for the organization. Ethics and Compliance officers need to establish a specific approach and thought process to handle ethics deviations in such circumstances
With newer and stricter regulations across various geographies requiring specific compliance to privacy and data localization demands; handling privacy deviations is going to be crucial—
both from a reputational and regulatory compliance standpoint. Organizations are more susceptible to the risk of privacy breaches in the remote working arrangements triggered by COVID-19.
Any potential inconsistencies related to issues around data anonymization and encryption must be addressed proactively. While organizations work on data privacy compliance, it is pertinent for Ethics and Compliance officers to comprehend and explore the ethical implications therein.
The current competitive environment has paved the way for highly evolved espionage techniques to gain market share. These are covered under two key approaches:
(a) Digital eavesdropping, and
(b) Strategic espionage.
While most businesses are vigilant about corporate espionage, digital eavesdropping is an increasing threat. It is done using the information published on social media and other websites. For instance, information posted by your employee on Slideshare regarding the mechanism of an internal process or an employee expressing pride on being part of a critical project on Facebook provides competitors with access to insider knowledge. There are cases where an employees post selfies from their home office without considering their background with passwords on post-its or information on the monitor. The approaches adopted in this regard include social engineering and profile tracing in initial stages to strategically monitoring vulnerable employees of competitors in later stages. It is important to be vigilant of the potential pitfalls of employee social media activity, and having a clear response protocol for violation is critical in these circumstances.
Tech ethics (Discrimination, bias, misuse)
With corporations looking at automation for efficiency and enabling quicker, well-informed decisions, the use of algorithms for data processing is critical. While such algorithms often enhance efficiency, they are emerging as a new source of ethical issues.
Inadequate or imbalanced training data and the use of a black box approach for modeling may expose organizations to claims of discrimination/bias or a lack of transparency in decisions caused by the algorithms adopted. For instance, a company using AI driven recruitment engine, may realize that the tool was biased against women and rejected women candidates more often than men. Besides broader Tech Ethics principles adopted by organization, the Ethics Officer shall play a role in enabling a framework for developing, testing, and deploying algorithms as part of technology adoption or automation.
While most of these aspects require Ethics and Compliance officers to collaborate with respective leaders extensively, it does highlight the criticality of the officer’s involvement to manage the compliance program across the organization.
For each concern or risk area, the Ethics and Compliance officers need to institute an appropriate culpability matrix to be adopted for action on deviations. Employing an integrated approach to compliance issues also helps establish a strong rapport with critical business stakeholders, which furthers the reach and impact of the compliance mechanism within the organization.
About the Expert:
Sundar Narayanan is an Ethics and Compliance professional. He leads the Forensic services at Nexdigm, a Professional Services and Consulting firm. He frequently writes on Ethics & compliance and investigations and anti-corruption. Sundar can be reached at: firstname.lastname@example.org