Patrick Reusse, writing in his blog for the StarTribune, had some interesting Major League Baseball (MLB) history in the 21st century. He noted we have already had the following: three teams reaching the World Series for the first time (Angels in 2003; Astros in 2005, Rangers in 2010). Two teams won the World Series for the first time in over 85 years (Red Sox, 2004, 86 years; White Sox in 2005, 88 years). Amazingly one team had over a century of pain before winning another World Series (Cubs in 2016, 108 years) Finally, the Astros won their first World Series ever in 2017 (55 years) and the Giants won their first World Series since moving to San Francisco from New York in 1958. Now of course the Washington Nationals have reached the near pinnacle of success by reaching the World Series for the first time since the franchise began in Montreal as the Expos in 1969. Finally, (for all you Yankee-haters out there) when the Astros eliminate the New York Yankees later this week, it will be the first decade since 1910s that the Yanks have not played in a World Series.
What have been some of the advancements in compliance this century? One of the key recent innovations has been the role of Artificial Intelligence (AI) in compliance going forward. LawTech had disrupted the legal profession and how it is reshaping many areas of private practice. Now ComTech is lurking down the road with multiple implications for the compliance function.
Obviously, document review is one area where ComTech is useful. There are many companies who provide key word searches and these same concepts translate readily into the compliance world through massive database searches for key words, such as an ongoing review through email sweeps. The concept is straightforward; at regular intervals, you sweep through your company email database for identified key words that can be flagged for further investigation, if required. Such a sweep is not only limited to anti-corruption compliance, but any of the risk factors identified for your company.
The object of this approach is to find the evidence of a compliance breakdown by sweeping systems to uncover items that may contain real issues. From here, you can assess and prioritize, by checking and verifying if an issue needs investigating and focusing on the issues you want to investigate first. Further, and if warranted, you can invoke your investigation protocol, with all the requisite protections and securities. AI can help you to perform all of this more cheaply and efficiently.
Compliance has been pushed more to the forefront in anti-money laundering (AML). As banking institutions, financial institutions and the financial services industries continue to tighten and strengthen AML controls, criminals and other nefarious actors will move into non-financial corporations to move money for the simple reason that such robust controls required in the financial realm are not generally required in the non-financial corporate world. Non-financial corporations should have robust AML controls in place and one of the requirements for any best practices AML policy is to “know your customer” (KYC). AI will allow a more robust KYC approach.
Another area where compliance is often left behind is in the arena of mergers and acquisitions (M&A). Since the 2012 FCPA Guidance, the focus of compliance in M&A has been more and more on the pre-acquisition phase of a deal. Often the compliance function is either brought in at the last minute and does not have the time to perform adequate compliance due diligence or there is an overwhelming amount of data to be reviewed and the resources available (or made available) to the compliance function is woefully inadequate. AI has made inroads into this process, to the immense assistance of compliance.
Such a review could include such issues as whether third-party sales representatives have the requisite background due diligence in the files, their status and commission rates paid. There could be a review of top sales and business developments folks in high-risk regions, correlated with a gift, travel and entertainment (GTE) analysis. Finally, you could consider sales in high risk regions or even sales spikes from low risk areas from the compliance perspective.
A prime example of where AI can assist the compliance function is with third parties in supply chain management. Every multi-national has literally thousands of vendors. Getting a handle on those is always a challenge simply because of the numbers involved. Using AI, a compliance practitioner can immediately identify vendors that present anti-corruption compliance or other risks to an organization. Having led an effort to list out all employer’s vendors by hand to begin the risk ranking process, I can personally attest to the greater efficiencies AI can bring to the exercise.
There is yet another set of AI tools that can review contracts to see if any specific types of clauses are non-standard. It would seem a relatively easy software coding exercise to adapt such products to compliance clauses. This type of approach could also be used for non-standard governance clauses in joint ventures (JVs) or other types of business venture agreements. Having been assigned the task of reading all my then employer’s JV agreements (87) and third-party sales agents contracts (211) from across the globe and recalling the amount of time it took to do so; I can again personally attest to the greater efficiencies we are considering through the use of AI.
This example also points to one of the key disadvantages to AI and ComTech going forward. In past years, it was through document review and the detailed reading of documents and cases that many junior lawyers were trained. In my experience, reading all those JV agreements and third-party sales agents’ agreements gave me a very good education in contract language and what positions were more and less favorable to each party. This is how many young associates were trained in law firms. This very practical method of training will eventually go away.
This final example also points to one of the key limitations of ComTech. While it might have helped to have AI review the JV agreements and third-party sales agents’ contracts, it only could identify non-standard contract language. Unfortunately, since most of the agreements and contracts are bespoke, they were uniformly non-standard. Further, the assignment I was given required an analysis of each non-standard contract, so the judgment of a human was required. Even as AI becomes more sophisticated, the judgment of a professionally trained compliance practitioner is still required to validate the areas flagged by AI as anomalies.
There are still compliance professionals, usually legally trained, who fear these innovations. In honor of the return of Sarah Connor on November 1, I want to remind you that Skynet has not yet become self-aware so, at least for a little longer, humans are still in charge. There have always been technological innovations which help make compliance disciplines run more efficiently, more smoothly and more profitably. AI is simply another step in this line of technological developments. There is certainly no reason to be afraid of using it. Given the disruption which has impacted the legal profession through LawTech; disruption is not far behind in the compliance world through ComTech.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2019