During 2022, from Compliance Latam and with the support of prestigious legal firms with a presence in most of the countries of the continent, we organized several meetings to share knowledge and experiences around the world of regulatory compliance. We have been able to learn first-hand what are the challenges for the legal industry regarding compliance issues and we can be certain that during 2023 there will be many challenges to overcome.
Regulatory compliance professionals, over the next year, will have to continue to adapt our practices to unpredictable scenarios in the post-pandemic era. Teleworking and the digitization of processes require new risk maps, which is why it is expected that organizations and companies from all sectors of society will continue to incorporate the figure of compliance officers into their structures and this position will have more importance in the firms.
Challenge 1: teleworkers
It is a truism that the pandemic has disrupted traditional work systems, and that this situation directly affected compliance. Teleworking was the focus for a good part of 2022 and will continue to do so in 2023 in everything related to data protection, privacy and the risks associated with it, areas that previously went more unnoticed
Everything related to time controls, the use of cameras, telepresence, continues its unstoppable march. Therefore, the compliance function has to find practical solutions to meet these new business and labor law requirements, and protect the rights of workers in an indivisible combo that must be resolved in some jurisdictions over the next year.
An efficient management of teleworking must cover substantial aspects of the prevention models, since there is no doubt that there will be a significant paradigm shift in the way of managing them, if the application of this modality of teleworking continues. Other illegal or non-compliance risks could also rise (and become more sophisticated) under this modality during 2023, so legal areas must update their knowledge on a regular basis.
Challenge 2: Artificial Intelligence
Artificial Intelligence will be another of the new specialization niches for compliance during 2023.
We must bear in mind that we are going to live with AI, even in business environments. More and more companies use it, so the debate on the liability regime for possible damages will be recurrent for compliance experts.
Although there is no specific legislation on artificial intelligence in most countries in the region, there are important legal limitations on its use. Not respecting them can lead to conflicts that lead to their cancellation and the imposition of sanctions, with loss of investment and reputational risk for companies.
Challenge 3: data privacy
Data privacy and security are already an important component of all compliance programs and will remain so through 2023 for the entire region.
Most privacy compliance programs already ensure that consumer data processed directly by an organization must be adequately protected.
Compliance departments already use risk assessments as their primary tool for identifying, capturing, and controlling business risks. It is to be expected that over the next year industry professionals will update risk categories and/or questions to capture new products and services and add new processes and applications that may be involved.
There are a host of tools available to compliance officers to manage compliance programs. Determining the value of these tools, and how to integrate them into current processes will be an upcoming challenge. Also assess whether regulatory technology (regtech), a class of software applications for managing regulatory compliance, can help with compliance.
Bonus track: what will happen in the region
With regard to Chile , the year that is beginning represents a great opportunity for regulatory compliance to continue expanding and strengthening its development in various axes. This can be verified through (i) the different existing legislative advances, (ii) the role that the inspection and prosecution of the state authority progressively acquires against the organizations and (iii) the increasing awareness of companies about the idea of focusing on the prevention of infringements and developing a culture of corporate integrity. Some of the most far-reaching milestones and developments at the regulatory level, according to Francisca Franzani , Director of the Albagli Zaliasnik Compliance Group , are the following:
- The entry into force of Law No. 21,459, which establishes regulations on computer crimes and which contains eight criminal figures that are added to the catalog of crimes for which the legal person can criminally respond -since December 2022- means that companies they must evaluate their risks in this area, in order to detect the level of exposure to them and adopt effective controls to prevent and/or mitigate their commission.
- The imminent entry into force of the Law that regulates Fintech companies and the Open Banking system −in the absence of promulgation and publication procedures− represents the origin of a regulatory framework for certain financial services that operate through technological means. These organizations will be bound by the Financial Analysis Unit, therefore, they must adopt the mechanisms established by the Law for the prevention of money laundering and terrorist financing crimes.
- Along the same lines as the previous point, we can also highlight that today a Bill is being processed that seeks to establish new obligated subjects by the Financial Analysis Unit, in order to improve the prosecution of drug trafficking and organized crime (Bulletin No. 13588-07 ). Among these are the automotive companies and dealers of new or used vehicles, vehicle rental companies, among others, which must adopt or modify their schemes to prevent these crimes.
- The Economic Crimes Bill (Consolidated Bulletins No. 13.204-07 and No. 13.205-07) continues to progress in its processing. This project seeks to systematize the treatment of “economic crimes” and directly affects the structure of Law No. 20,393, which establishes the criminal liability of legal persons in Chile, since it will introduce a series of modifications, such as: (i) the expansion of the catalog of crimes that can give rise to the criminal responsibility of the legal person; (ii) the expansion of the list of legal persons potentially responsible for the crimes contemplated in the law; (iii) modification of the imputation regime; (iv) the new figure of the supervisor, among others. This situation will cause companies and other organizations to implement, rethink and/or adjust their compliance programs.
On the other hand, it is important to consider that, in recent times, the prosecuting authority in Chile has initiated investigations directed against legal persons, therefore, it is feasible to expect that there will be a greater number of criminal proceedings in progress and, eventually, also of sentences. Another point to highlight is that the number of suspicious transaction reports received by the Financial Analysis Unit is increasing each semester, which −without attempting to carry out an analysis of its causes− demonstrates −to a certain extent− that the obligated subjects are complying with greater rigor its obligations in terms of prevention of money laundering and financing of terrorism.
The panorama for Colombia , for example, in the year 2023 in terms of compliance will be quite active on the occasion of what is enshrined in article 9 of Law 2195 of 2022, explains Oscar Tutasaura , Partner of Posse Herrera Ruiz , given that, probably, The different Superintendencies or inspection, surveillance and control authorities will issue different types of Circulars in which they will establish the minimum guidelines that the Transparency and Business Ethics Programs must contain in the different economic sectors of the country, in addition to a sanctioning regime for non-compliance.
Likewise, in accordance with international trends such as those developed in some European jurisdictions, Colombia will surely implement due diligence guidelines in areas such as human rights, labor rights and the environment, so it is possible that Circulars will be issued in this regard. This, also in consideration of what is enshrined in article 2 of Law 2195, according to which there will be place for the imposition of administrative sanctions for legal persons, prior compliance with some requirements enshrined in the aforementioned law and when any of its administrators or officials commit a crime against the environment; Consequently, the occurrence of this type of risk must be prevented and, if it materializes, its impact mitigated. For it,
Lastly, a more active work is foreseen by the Compliance Directorate of the Office of the Delegate Superintendent for the Protection of Competition of the Superintendency of Industry and Commerce, created by Decree 092 of 2022, in such a way that by the year 2023 we will surely demonstrate a much more robust surveillance and follow-up activity regarding the compliance programs that the different companies must adopt. This, within the framework of the guarantees accepted by the Superintendent of Industry and Commerce, within the investigations for violation of the rules on protection of competition, unfair competition and business integrations.
In the United States , a good road map of the challenges and key points for 2023 that the community of Compliance professionals who have some type of interest or connection to the country should consider is the new memorandum published last September by the Deputy Attorney General , Lisa Monaco. In particular, said memorandum addresses some modifications and additional revisions to the Corporate Criminal Compliance Policies in the country, which is of total relevance for the prosecutors of the DOJ Fraud Unit in charge of compliance with the FCPA.
Said memorandum covers several relevant topics, but some of the most interesting for Latin America, according to Jeffrey Lehtman , Partner Miller & Chevalier , are:
- A prioritization of cases of corporate crimes against individuals is expected, including parameters that seek to encourage “timely” corporate voluntary disclosures and strengthen coordination with non-US authorities in investigations against individuals;
- A heightened interest in the company’s record of misconduct, including criminal, civil or regulatory decisions. Although the considerations will prioritize criminal decisions in the United States and from the last 10 years, they will also be attentive to the existence of previous misconduct by employees or managers who are involved in the current conduct investigated;
- The importance of “affirmative incentives” that recognize the promotion and respect for the Compliance culture is reaffirmed, the use of metrics in this matter and considering the compliance culture in compensation calculations are suggested matters;
- An expanded interest in corporate policies related to the use and preservation of data from personal devices and applications such as WhatsApp, and the possibility that they could eventually be a source of information for the investigative authority. On this point it is worth mentioning that the DOJ is not only interested in the existence of corporate policies regarding the use of WhatsApp, but also in the measures that companies are taking to preserve WhatsApp messages (or any other similar application) in the cases allowing employees to use messaging services for business purposes.
Said memorandum orders some additional analyzes and pronouncements of the pertinent authorities of the United States in these matters. Due to the above, we hope that in 2023 efforts will be made to modify the Manual of Justice and guides or guidelines will be generated that develop the key topics of the memorandum.
So far we have reviewed compliance challenges and perspectives, and what is coming for our community will be to discover over the next year how to generate more and better synergy among all regulatory compliance professionals throughout the continent.