2020 was certainly a year for the books! As we start our journey into 2021 perhaps a little bumped and bruised, but resilient and wiser nonetheless we at AskDegree wanted to synthesize key compliance events of 2020 into useful guidance for navigating 2021.
Both here in the US and abroad attitudes toward compliance / risk management programs have seen a significant shift. The compliance function has drifted from being “nice-to-have,” to now being a “must-have” component of basic corporate governance.
We encourage you to use this article as a resource throughout the year to drive your compliance program developments for 2021. As always, if you have any questions on the topics shared we are only an email or phone call away, and with that said let’s jump right in.
The Department Of Justice Expects You To Put Resources into Compliance
Spoiler alert, the title of this section is the key takeaway. If operating within the United States or thinking of expanding your footprint into the US we encourage you to become familiar with the DOJ’s summer publication. Last June (2020), the US Department of Justice issued updated guidance on how the department would evaluate Corporate Compliance Programs
. The guide, originally published in 2017, has seen updates in 2019 and again in 2020. The latest update drives home the DOJ’s position that companies engaging in US commerce are expected to:
(1) Allocate sufficient resources to the compliance function,
(2) Empower compliance staff with sufficient authority and access to data, and
(3) Implement practical procedures that confirm the compliance function is working properly.
Regardless of industry, the DOJs guidance provides direction on how organizations can successfully stand up compliance programs. We get it, no one wants to think their operations will ever be under the scrutiny of the DOJ, or any regulatory body for that matter, but if 2020 taught us anything it is that Benjamin Franklin’s quote rings true – By failing to prepare, you are preparing to fail.
Our advice for 2021 – implement a formal compliance program if you haven’t already done so and if you already have a compliance program, verify that it is functioning properly and not simply implemented in theory.
Influencer Marketing Is On The FTC’s Radar
Over the last several years we’ve seen consumer brands moving en masse to engage social media marketing. With over 3.5 billion social media users globally we do not see this trend losing steam anytime soon.
The Federal Trade Commission has taken direct steps towards tightening regulatory authority over social media marketing. The first noticeable move was the department’s publication of Influencer Guidelines in November 2019. Within 90 days of the Influencer Guidelines publication, the department voted 5 – 0 in February 2020 to open public comments on changes to its Endorsement Guides
. FTC Commissioner Rohit Chopra expressed concern that existing guidance does not permit the agency sufficient enforcement power to combat rampant misinformation plaguing the digital landscape.
We suspect other agencies will begin to issue formal guidance in this space leading to an increase in regulatory actions. It should be noted that Rohit Chopra has been nominated by President Biden
to head the CFPB; it would not surprise us to see the CFPB begin to formally address this space within the next 12 – months.
Our advice on ensuring strong social media marketing compliance controls includes:
(1) Draft a formal Marketing and Advertising Policy and incorporate Social Media guidelines into company policy.
(2) Remember the importance of conspicuous disclosures when engaging in social media marketing.
(3) Implement review procedures; leverage tools like Global Relay to constantly monitor your post for keyword triggers.
Synthetic Identity Fraud on the Rise
Often referred to as Frankenstein fraud; synthetic identity fraud occurs when bad actors use pieces of a legitimate person’s identity (e.g. SSN) and combined with fabricated elements of an identity (e.g DOB, Address, or Income) to create a “frankenstein” profile. The synthetic identity is then used to trick unsuspecting online businesses into transacting with these patchwork profiles. In the last 5 years US Credit Card Synthetic Identity theft losses have more than doubled; with projected losses for 2020 at an all time high of $1.3 billion
Organizations like SentiLink
, and Alloy
are arming lenders with new-age AML tools designed to combat emerging fraud tactics. We encourage our audience to remain vigilant in this space by deploying the following best practices:
(1) Implement an AML monitoring and testing plan; we recommend sampling and testing transactions at least quarterly. During these quarterly reviews verify controls related areas like CIP and Identity Theft Red Flags.
(2) Check data outputs from integrated third-parties, don’t assume information is errorless, regularly validate.
(3) Remember an AML program should be fluid; as your organization receives new information, this information should be integrated into your existing program.
Data Management | Cyber Security
We couldn’t close the post without mentioning data. As with all recent years, 2020 has seen significant activity in this space. A few notable mentions include the Court of Justice of the European Union’s strike down of the EU – US Privacy Shield
the FireEye hack by an alleged nation-state
, 715% year-on-year increase in ransomware attacks
due impart to remote working environments propelled by Covid-19, and a noticeable change in consumer attitudes toward data collection and data security.
We could truly write an entire series solely on data management and cybersecurity trends, but instead, we will share our cliff notes:
(1) Remote work is here to stay in some shape or form; implement a BYOD Program.
(2) Conduct Annual Security Awareness Training
(3) Revisit your customer data collection practices; trim the fat, only collect data needed to complete the transaction.
(4) Follow Security experts on Social Media (LinkedIn) they are great sources of leading-edge information and insights.
Other trends that we suspect will continue to evolve in 2021 include a broad trend of decentralization, cryptocurrency will move into more households, investing will become more accessible, financial literacy via gamification is on the rise, and hybrid working environments with a mix of employees, consultants, and freelancers will continue to flourish. All of these items have unique sets of compliance risk that perhaps we will dive into another day.
To close, it is safe to say that in 2021 Regulators, Third-Party Partners, Your Competitors, Your Staff, and Your Customers expect compliance and risk management controls to be woven into the fabric of your organization. We understand compliance can seem daunting and overwhelming at times, but proactively protecting your organization from debilitating threats is far better than a direct hit by a debilitating threat.
May the wind be always at your back in 2021! Have topics that you would like to see us write about? Submit your request via our contact form