Do you use Alexa to order groceries? Or Florence the chatbot for medication reminders? Perhaps your company uses virtual assistants to take care of customers or cognitive computers to help evaluate and manage risk.
It’s a brave new world of artificial intelligence (AI ) — one that is unnerving legal and compliance leaders as they consider the risks their organizations face in 2018, according to the first annual Legal and Compliance Hot Spots report developed by Gartner.
“ Digital threats put us in uncharted waters not only for our companies but for the legal and compliance spaces in general”
Long-standing risks like anti-corruption measures remain a concern, but legal and compliance leaders feel confident about their ability to manage those. It is the emerging digitalization and technology risks that are challenging legal and compliance capabilities.
AI, for example, did not surface as one of the most significant risks for 2018, but it is on the radar, and only one in four legal and compliance leaders is confident about managing it. Similar concerns exist around machine learning.
“AI and machine learning create new and uncertain risks and potential liability issues for our organizations, and are uncharted waters not only for our companies but for the legal and compliance spaces in general,” says Abbott Martin, research leader, Legal and Compliance Practice at Gartner.
Both of these technologies popped in the hot spot report, which is based on input from interviews, surveys from the CEB, now Gartner, network of members, and guidance from external research and literature. These “hot spots” reflect trends in the business environment that create or exacerbate the legal and compliance risks your department must manage — and for which it must be prepared.
Top risks for 2018
Overall, there are four major categories of risks on which legal and compliance leaders are focused in 2018:
- Accelerating business change. Corporate processes, services and operations are fundamentally changing (fueled in part by digitalization), which creates new risks and makes existing risks harder to manage. Legal and compliance leaders must keep up with persistent change in corporate activities and business models and plan for skill shortfalls within their own teams.
- Digitalization and technology risk. Leaders must keep up with rapid advances in technology capabilities as their organizations digitize assets (i.e., turn them from analog to digital form) and digitalize the business (i.e., use digital technologies to change their business model and provide new revenue and value-producing opportunities).
- Geopolitical and regulatory volatility. Legal and compliance leaders need to provide stability amid ever-present geopolitical volatility — both within and between jurisdictions, regulatory bodies and enforcement authorities — and provide leadership as they manage sweeping new regulations such as those on data privacy.
- Transparency and public expectation. Consumers are keenly focused on issues of corporate culture and ethics amid constant headlines about corporate missteps and individual wrongdoing (particularly related to movements such as #metoo). With their trust eroded, consumers expect greater transparency and assurances that organizations will deal responsibly with ethical decisions, such as usage of personal consumer data.
Learn more: New Risk Management Strategies
Legal and compliance leaders are already focused squarely on pervasive digital threats, such as cybersecurity and ransomware, and for good reason. There were more than 1,200 data breaches and over 1.1 billion identities exposed in 2016, and more than 450,000 ransomware attacks. Legal and compliance leaders have less time than ever to prepare for, assess and respond to these sophisticated attacks. Leaders know it is not only the dollar cost of breaches they need to consider, but also the loss of customer trust.
“ The key to managing emerging aspects of digitalization is to prepare early”
Not surprisingly, organizations are increasing security budgets, and taking other steps to address these threats. Legal and compliance leaders can also work to improve employee behavior around privacy and spend more time collaborating with IT, security, risk and audit teams to protect the company’s data assets.
Even the basic digitization of assets and processes creates challenges, because automation can sometimes hide information. Legal and compliance leaders must ensure they know when and how decisions are being automated in processes and inject adequate oversight.
The key to managing emerging aspects of digitalization is to prepare early. By 2020, 85% of CIOs will be piloting AI programs so while AI may not be a major part of your company’s proposition right now, the chances are it will be, and legal and compliance leaders must prepare for this future.
“ Help the organization make smart decisions without slowing down the pace of change required in the digital world”
“As our companies weigh the business opportunity and value of opportunities like AI, legal and compliance leaders must partner with their business peers to ensure legal and compliance risks are adequately considered as part of day-to-day decisions,” says Vidhya Balasubramanian, practice leader, Legal and Compliance Practice at Gartner.
“We need to ask what our role is in joining those conversations and weighing those decisions. We need to help the organization make smart decisions without slowing down the pace of change required in the digital world.”
While the threats of the digital world are evident and growing, legal and compliance leaders can act to help the organization make smart decisions despite the rapid pace of change by:
- Evaluating controls in newly automated areas to ensure risks are appropriately managed.
- Creating experiences to ensure that legal and compliance staff are exposed to AI and automation.
- Tracking developing regulations that impact emerging technologies.
- Updating existing legal and compliance risk assessments and sensing mechanisms.
- Coordinating with other assurance functions to gauge the adequacy of policies, communication, and training, and make ongoing improvements.