The challenges of 2020 hold serious implications for supply-chain compliance and risk in 2021. Last year tested every American business, and presented challenges on a scale that we haven’t seen previously. Many businesses had weeks, if not days, to make critical decisions in order to keep their operations afloat. And while quick actions were undoubtedly necessary at the time, the compliance implications of those decisions will likely undergo increased focus this year.
Consider just a handful of examples. Early in the pandemic, businesses and governments rushed to secure critical personal protective equipment (PPE), often competing with each other for suddenly scarce resources. Some — perhaps many — of those organizations had no option but to go through non-traditional channels to secure the necessary supplies. As a result of the urgency and increased competition for these resources, suppliers likely weren’t vetted through traditional compliance processes, opening many organizations to potential risk.
A few weeks later, the federal government began injecting over $5 trillion into the American economy in an effort to keep the country’s economic engine running. The scope of the stimulus was unprecedented, not only in scale but also in distribution. Unlike the sector-targeted stimulus provided after the Great Recession of 2007-2008, or geographically targeted natural disaster relief, the COVID-19 stimulus reached into nearly every corner of the U.S. economy. And any time there’s a rise in federal relief dollars, there’s typically a parallel rise in fraud and, ultimately, an effort to recoup money that went astray.
Finally, with so many organizations facing financial stress due to the pandemic, there’s often increased pressure within organizations to “right the ship.” This includes efforts to increase incentives to salespeople, or use third parties to drive recovery and growth. Industries that have been particularly hard hit, such as retail, hospitality and airlines, are at particular risk for this, and should anticipate increased scrutiny.
Increased Compliance Risks
Ultimately, there are myriad ways in which the events of 2020 precipitated compliance risks that will need to be addressed this year. Some companies may have had to pivot quickly to direct-to-consumer distribution, opening up potential liability under data privacy laws such as the California Consumer Privacy Act (CCPA). Organizations that were suddenly sourcing PPE for hospitals or other healthcare entities may find that they need to comply with Health Insurance Portability and Accounting Act (HIPAA) regulations, such as being subject to a business associate agreement (BAA).
Now factor in the priorities of the incoming Biden administration, which adds another layer of complexity to an already challenging situation. It’s widely anticipated that False Claims Act violations will see increased enforcement for organizations that conduct business with the federal government, especially in light of the Coronavirus Aid, Relief and Economic Security (CARES) Act, Paycheck Protection Program (PPP), and of course, further expansion of stimulus efforts that are expected to be enacted after inauguration. Foreign Corrupt Practices Act (FCPA) enforcement is widely bipartisan, and has been steadily increasing since coming into force. It would not be surprising to see additional enforcement under the FCPA, especially for suppliers sourcing medical supplies and PPE from overseas. And additional SEC reporting requirements, around supply-chain disruption and vulnerabilities exposed by the pandemic, are certainly within the realm of possible outcomes.
With such a dramatic shift in the compliance landscape for so many organizations, and with potential financial stress imparted by the pandemic, organizations need to address inquiring into these risks in a very targeted and cost-effective manner. One highly effective solution is to do more with less by embracing an approach called a micro-investigation.
It is perhaps misleading to think of a micro-investigation as small. Instead, it is more appropriate to think of it as highly targeted. The purpose of this approach is to identify the most critical documents for a particular compliance risk quickly and cost-effectively. The goal isn’t to find all relevant documents, but instead to find the best ones. To accomplish this goal, it’s necessary to combine deep search expertise with advanced search technologies.
Oftentimes, investigations are approached with two blunt-force tools: traditional keyword searches and machine-learning models. But keyword searches are problematic on two fronts. First, they’re generally overbroad, because the search syntax in many leading document-review tools is designed with a focus on simplicity, not robustness. This over-simplicity leads to searches that return too many documents, which in turn makes the investigation cost-prohibitive. And second, keyword searches often miss critical documents, and quality-control processes don’t always catch the gaps.
Machine-learning models, on the other hand, often aren’t especially well-suited to these types of investigations. That’s because the prevalence of key documents in such investigations is often quite low. Unlike a litigation scenario, where the case is in a more mature posture, a micro-investigation is often looking for something that is almost by definition hidden, and in many circumstances in its early stages. When prevalence is so low, machine-learning models can struggle to distinguish signal from noise. And efforts to tune these models can come at great cost, both in time and money. Machine-learning models certainly have their place, but this is one situation where their downsides become apparent.
Combining Technology With Expertise
A much more effective approach is to pair technology featuring advanced search syntax with linguistic experts who know how to identify key patterns in language, and create queries that drive to the core of the matter. Where traditional keyword searches are hamstrung by overly simplistic search syntax limitations, more advanced tools can harness the power of language nuances to create narrowly tailored and highly effective linguistic search models. And where machine learning struggles with low-prevalence populations, linguistic experts can apply a rigorous and methodical approach that starts small and grows, following leads down important paths of inquiry and modeling actual language patterns as they are found.
The compliance landscape is perhaps as challenging as it has ever been. But organizations that are proactive can navigate these choppy waters by carefully and methodically investigating their potential risks to emerge stronger on the other side.
Eric Pender is an engagement manager at H5, a provider of sensitive data classification, management and analytics for corporations and law firms.
Timely, incisive articles delivered directly to your inbox.