The 11th Annual European Compliance & Ethics Institute from SCCE, held this year in Amsterdam, brought together 200 E&C professionals for a weekend of 50 sessions that covered a wide range of pressing issues—from anti-corruption and ESG to AI, automation, and predictive control. What stood out to ethics and compliance leaders from the conference, and what do they anticipate next? These were the questions Ty Francis, LRN’s Chief Advisory Officer, set out to explore in a recent webinar. The webinar, Unpacking SCCE ECEI 2023, featured a panel of E&C professionals who attended this year’s ECEI in Amsterdam, including:
Together, the quartet unpacked the top compliance issues discussed during ECEI sessions, the emerging ethics and compliance trends to be on the lookout for, and best practices in shaping compliance programs’ influence. (You can watch the full discussion here.) Here are their four main takeaways from the conference.
Panelists noticed the high volume of conversations related to artificial intelligence (AI) and its impact on compliance. Sessions asked how regulators, governments, and organizations will not only deploy and regulate these types of tools, but also use and integrate them into future operations.
Shirley likened it to the advent of corporate social media policies years earlier, as apps like Twitter, Facebook, and Instagram started to become popular. Similarly, she argued, chief ethics and compliance officers need to be thinking about AI controls and policies now. “Even if you choose not to partake in [AI], there’s no getting away from it in our role as compliance leaders,” she said. “What you put in place now needs to be dynamic and flexible for change as the AI space evolves.”
Armstrong concurred, adding that he was surprised to hear during one of the conference sessions the take that AI is a currently unregulated space. “That’s not exactly true,” he clarified. “We’ve have had about 185 million euros in fines already. [Regulation is] already here.” Indeed, the working draft of the EU AI Act proposes that those found in breach of the act would face fines of up to 30 million euros or 6% of global profits, whichever is higher.
Ultimately, panelists agreed that investing in resources like benchmarking information as well as AI consultants or specialists could be a worthwhile use of company compliance budgets in order to create policies and controls that account for the nuances that AI will surely bring to organizational operations.
El Mansouri commented that while she was happy with the larger number of sessions covering investigations this year, she had hoped to see more sessions addressing topics around due diligence to further enhance discussions. For organizations based high-risk regions like the Middle East, such sessions would have been especially valuable. “Due diligence remains one of our challenges in the region,” she said, “because we are confronted with a whole variety of risks...money laundering and terrorist financing, increased enforcement actions related to bribery within terrorist groups, even doing business with terrorist groups.”
The Middle East is also one of the most sanctioned regions in the world, El Mansouri further explained, but unless multinational organizations come from the financial sector many are not familiar with the sanctions screening process. She concluded that it would be helpful for future ECEI conferences to have a session covering what to do when confronted with more common names in the region—like Mohammad and its variations, such as Mohammed and Muhammad—that are often flagged on sanctions lists.
The panel spoke at length about how compliance professionals will need to reconcile data privacy and security policies—especially policy enforcement—with the wider world’s evolving approach to such measures. Shirley noted that more countries are developing and refining their legislation and regulatory guidance related to privacy, most recently the US Department of Justice in March. She posited that organizations need to take time now to figure out how to monitor company platforms and outside devices in light of new, emerging guidance.
Armstrong also commented on the challenge many organizations now face of creating too much data over the last few years—and it potentially coming back to haunt them. “The area where we’ve got a technology challenge is those organizations who recorded every Zoom and Teams chat during the pandemic and did not delete that data. There are hundreds of hours’ worth of material that you might not have the appetite to watch, but a regulator does.”
When asked what she hopes to see at next year’s ECEI conference, El Mansouri replied that sessions highlighting a wider variety of regions is essential. “Compliance officers that have only headquarter teams tend to miss the action, what really happens on the ground,” she said. “What I would like to see is more voices coming from other parts of the world that contribute to the discussion, bringing in their scenarios and typologies and risk profiles and talking about the challenges in their region.”
“There are some nuances that every region has that can be missed if you are not on the ground or otherwise assimilating yourself in that culture,” Shirley agreed. “I think we can all benefit, especially those of us in multinational programs...by some of the unique cultural differences that can really play a part in informing the success of your compliance program.”
Overall, Shirley, El Mansouri, and Armstrong found this year’s conference to be packed with valuable information and are eager to see what will be addressed when SCCE prepares its 12th Annual European Compliance & Ethics Institute. To hear their full thoughts on the conference, click here to watch a recording of the LRN webinar “Unpacking SCCE ECEI 2023: Highlights, takeaways, and next steps.”