It is fun to follow all the early year views of trends, predictions and survey results.  The beginning of the year includes lots of perspectives and analyses. 

Corporate boards are at the center of these important views.  In a recent survey released by National Association of Corporate Directors, the top trends unsurprisingly referred to economic worries – inflation, a potential recession and continuing business disruptions. Interestingly, the second most significant trend was increasing competition for talent.  Companies are aggressively competing for employees with specific talents.

This trend in and of itself creates antitrust risks – the Justice Department’s Antitrust Division has targeted labor market competition as an important priority.  DOJ has indicted companies for illegal cartel activity among competitors to reduce competition for skilled professionals.

Aside from this important trend, the NACD survey included several other important issues, including: (1) supply chain disruptions; (2) increased regulatory requirements; and (3) changing cybersecurity threats.  These trends implicate business and important compliance issues.  As we see these issues rise in importance, it is important to recognize that the unmistakable convergence of business and compliance issues.

Supply chain disruptions grew in importance in response to the pandemic in 2020 and then again in response to Russia’s invasion of Ukraine.  Staring with the pandemic in 2020, businesses had to adjust rapidly to weaknesses in its supply (and distribution changes) when businesses either shrunk or shut down.  Companies had to shift quickly to preserve their operations and find replacement third party vendors or suppliers.

Compliance professionals had to adapt and support the businesses by onboarding quickly new third party vendors and suppliers.  This was an important lesson for the business and compliance functions – to learn how to work together to maintain business operations while adhering to compliance requirements.

Increased regulatory requirements are critical for business and compliance functions.  The Biden Administration has ramped up regulatory requirements across the economy.  As a consequence, new and increased burdens for businesses is a day-to-day reality.  The pace and scope of these regulatory requirements includes environmental, health and safety, and basic regulatory requirements such as employment, securities, commodities, commercial and financial regulations.

Companies face serious challenges in just keeping up with these regulations.  Life gets even more complicated when you consider the need to update policies and procedures on an ongoing basis.  This is an important priority now for companies in managing their policies and procedures.  When you consider the  number of regulatory schemes applicable to global companies and their respective operations, compliance professionals’ eyes glaze over.  This is where new policy management platform and technologies are critical.

Changing cybersecurity threats requires coordination and focus across an organization.  This includes the board, chief information security officer, legal and compliance and business leaders. Corporate boards had to respond to increased ransomware attacks and had to nimbly respond to these difficult situations.  While there has been an increased focus on these external threats, cybersecurity requires even more focus on internal threats from disgruntled employees and those that have access to key cyber functions. At the same time, the potential risk and significant impacts of new cyber-attack strategies and technologies require companies to devote even more attention to this important issue.

Unfortunately, from my perspective, companies are often behind the eight ball on this issue – too often, corporate leaders implement basic measures and gain comfort through acquisition of large cyber insurance policies.  That is not appropriate risk mitigation – cyber-attacks create huge reputational risks that can cripple a company in a matter of days.  Securing an insurance claim is an inadequate response to this significant risk.

Companies have to build a more robust cyber compliance strategy that incorporates compliance strengths such as risk mitigation and training programs, as well as third-party risk management.  Cyber events can result from employee misconduct, phishing schemes and third-party vulnerabilities.  Robust proactive measures and planning are critical to effective cyber security compliance.