Tag Archives: compliance

How to Evaluate AI Solutions

After almost a decade working in a large, global bank, I can speak to the challenges faced by all three lines of defense in trying to combat financial crime. I can also attest to the effect these processes had on our clients. As a front-line corporate relationship manager, I frequently had to navigate the know your customer (KYC), remediation and payment screening process for my clients. 

Not only was this an incredibly time-consuming and frustrating process on an organizational level, but more painful was the deleterious effect it had on our clients and their business: Crucial payments to vendors were delayed unnecessarily; accounts took months to open and required incessant back and forth among multiple parties; and account fundings/transactions always came down to the wire because of basic due diligence, regardless how much work you tried to do ahead of time.

Much of the process that required our intervention seemed mundane, repetitive and inefficient, which compounded everyone’s frustration. 

Sound familiar?

These types of repetitive, mundane tasks are ideally suited to be outsourced to artificial intelligence, which the industry seems to now realize. 

Artificial intelligence can be an incredibly valuable tool, in that it can offload mundane tasks, provide insight into customer and employee behavior, create more standardization and help reduce or manage costs.

But as technology becomes increasingly sophisticated, there are many factors to weigh in the decision-making process. 

After countless conversations with stakeholders and decision makers in the industry, I have learned that there are five main concerns when implementing regulatory technology, especially AI technology, in the financial sector: 

  1. How transparent is the AI? 
  2. What if the AI learns the wrong behaviors, such as bias?  
  3. Does it have more than one purpose? What is the road map?
  4. Is it better than what I have now? More accurate, faster, more standardized, more cost effective? Can “better” be tested quantifiably?
  5. What are the redundancies? How will this technology affect my operational resiliency?

Let’s look at each point in order.

1. How transparent is the AI? 

While this seems like a straightforward question, “transparent” really encompasses three separate factors:  

  • Will my team and our stakeholders be able to understand how it works? 
  • Will I be able to easily demonstrate to audit, the board and regulators that it’s doing what it’s supposed to do?
  • Can I get a snapshot of what is happening at any given moment? 

See also: Stop Being Scared of Artificial Intelligence

All of the major regulators have stipulated that artificial intelligence solutions be explainable and demonstrable. Both of these concepts are rather self-explanatory but still worth exploring.


It’s not sufficient for your compliance team to understand how the AI makes decisions. They also need to be comfortable explaining the process to key stakeholders, whether they are board members, the internal model committee, audit or the regulators. 

If your technical team can’t understand the technology or how decisions are made, or if the vendor claims confidentiality to protect its IP, this is a cause for concern.


Like transparency, demonstrability captures a few components – it means you have to be able to demonstrate:

  • What decisions the AI has made; 
  • What changes you’ve made to how the AI makes decisions; and
  • Who made the changes.

This is where an audit trail comes into play. First of all, is there one? If so, is it immutable, and does it capture all actions in the AI or just some of them? Is it exportable in report format, and, if so, is the report readable and can it be easily understood?

Compliance is a data-driven world, and the risk associated with being deemed non-compliant is substantial. Being able to capture and export changes to, and decisions made within, your AI is crucial to your relationships with your stakeholders.

As personal liability expands in the corporate world, board members and committees increasingly require an understanding of not only how compliance risk is being mitigated, but also clear evidence that it’s being done, how and by whom.

2. What if the AI learns the wrong behaviors, such as bias?

The underlying questions here, without detracting from the very serious concern about embedding existing unconscious bias into your AI, are:

  • If the AI is wrong, or my requirements change, can I fix it? How easily? 
  • What impact will tweaking the AI have on everything it’s already learned?

An industry journalist recently asked me if I thought bias was a problem with AI. My answer to her, and to all of you, is that AI simply learns what’s already happening within your organization. As a result, unconscious bias is one of the things that AI can learn, but it doesn’t have to be a problem. 

While you can’t really prevent AI from learning from past decisions (that’s kind of the point), good technology should enable you to identify when it’s learned something wrong, and to tweak it easily to prevent bad decision-making from becoming embedded into your AI’s decision making.

This ties in to the need for transparency and reporting. It’s not only necessary to see how decisions are made, you also need to be able to prevent poor decisions or bias from being part of the AI’s education. And all of these things need to be documented. 

When testing new vendors, once the AI engine has been trained initially for your proof of concept, you should be able to clearly understand the findings and be able to make changes at that time (and thereafter). You will very likely be surprised by some of the ways decisions are currently being made within your organization. 

For example, at Silent Eight, our technology investigates and solves name and transaction alerts for banks. This work is typically done by teams of analysts, who investigate these alerts, and close them as either a true positive (there is risk here) or false positive (there is no risk). True positive alerts require substantially more time to investigate and close than alerts deemed to be false positives. 

Analysts typically have KPIs around the number of alerts they’re expected to investigate and close each week. 

By late Friday, the analysts are doing everything they can to make sure they meet this quota. As a result, it’s not unusual during the AI training process that the AI learns that 4pm on Fridays is a great reason to close out pending alerts as false positives. 

Obviously this is a good example of AI learning the wrong behavior and needing to be tweaked. It’s also a good example of mistaking correlation for causation, which is a topic worthy of its own examination on another day.

Today, as regulations are introduced and amended, you’re continually updating your policies to reflect these changes. It’s no different with artificial intelligence. It’s imperative that your AI engine is correspondingly easy to tweak, and that, when you tweak it, you don’t lose everything it has already learned. 

Thoughtful, well-designed technology should be built in a manner that makes it easy to update or amend part of the AI engine, without affecting the rest of the learnings. This is something you should both ask about, and test.

3. Does the AI have more than one purpose? What is the road map?

Many financial institutions have the dueling mandates to be both innovative and transform digitally, but also to rationalize vendors. So, when considering artificial intelligence solutions, which are often niche, it’s worthwhile finding out:

  • How the vendors decide to build out features;
  • Whether they are willing to customize their offering for you;
  • How reliably they’ve delivered on features in the past; and
  • Whether what’s on their road map adds value for you.

This way you can ensure that the decision you’re making is one that is future-proofed and set up for longevity.

See also: 3 Steps to Demystify Artificial Intelligence

4. Is it better than what you have now? 

Better can mean different things to different organizations and individuals. It’s typically tied into the problems you’re experiencing now, and what your organization’s strategic focus and priorities are.  When I ask clients and prospects what they mean by ‘better’ the answers I hear most commonly are:

  • Is it more accurate?
  • Is it faster?
  • Will it give me greater standardization?
  • Will it enable me to identify more risk?
  • Will it enable me to federate by jurisdiction?
  • Will it lead to greater efficiencies?
  • Is it more cost-effective?
  • Does it increase my visibility? I.e., is it transparent?

Once you’ve defined what “better” means to you and your organization, you need to find out from your prospective vendors if and how “better” can be tested quantifiably. 

5. What are the third-party dependencies? How will this technology affect my operational resiliency?

Operational resiliency and third-party due diligence have become a significant focus in the industry and can be a barrier to doing business.  Many regulators, including the EBA and the FCA, have issued guidelines on the topic, and continue to revisit it.

It’s vital to understand if a vendor is reliant on any other vendors in its tech stack, if it’s using open source code, what the deployment is (on premise, in the cloud, in a private cloud) and what security standards the vendor adheres to.

Take back the things you can control 

Right now, the financial services industry is beset by many challenges that are outside of its control, including low interest rates, working remotely, bad debt provisions and the increased new accounts and suspicious activity resulting from COVID. 

Your compliance costs and processes are a piece of the puzzle you can control. Good artificial intelligence technology will enable you to offload some of your mundane, repetitive tasks, freeing you and your team to focus on more complex risks and higher value projects. 

I recognize that artificial intelligence can be a bit daunting, and that it has a mixed reputation in the industry. However, if you’re armed with a dose of skepticism, have the right questions to ask and approach it with an open mind, you’ll be amazed by what it can do.

Navigating Confusing Insurance Regulations

The COVID-19 pandemic has caused turmoil for insurance. To aid consumers as unemployment and uncertainty spiked, state regulators around the country issued emergency protection measures to extend grace periods for premium nonpayments, prohibit policy cancellations during states of emergency, extend premium repayment timelines and offer leniency to insured individuals hit by COVID-19, among other changes.

These emergency insurance industry regulations are complex — plus, protections vary widely by state and must be implemented rapidly. It’s no wonder insurers are having a tough time navigating insurance laws and regulations during the pandemic.

In late March, for instance, New York Gov. Andrew Cuomo passed Executive Order 202.13 to assist insurance policyholders experiencing coronavirus-related financial difficulties. The order stipulated that life, commercial property, home, auto, liability and other insurers extend grace periods for premium payment and repayment to affected individuals in the state. The order also temporarily prohibited some insurers from canceling, refusing renewal or offering conditional renewal on insurance.

These amendments to New York’s rules and regulations were more complicated than they seemed on the surface, which meant they raised legal issues in insurance businesses. For one, the accommodations only applied to individuals who faced economic hardship due to the pandemic. Individuals were required to provide insurers with written testimony — which added a considerable burden to insurers that had to collect, review and track this data. Some of those rules cast a long shadow. For instance, affected policyholders who were unable to pay their premiums have the option to repay what they owe in 12 monthly installments, which began in June 2020.

The emergency insurance industry regulation that was passed in New York is just one example of such orders. In every state, these changing insurance laws and regulations placed — and continue to place — a considerable burden on insurers.

The Department of Financial Services (DFS) has taken steps to lighten the load and help companies navigate the changes. While the uncertainty surrounding the pandemic persists, the DFS has loosened rules around notice obligations to allow insurers to email notices to policyholders, regardless of policyholder consent to email communication.

This provision, along with the DFS’s requirement that insurers post relevant information on their websites and maintain all records of communications with policyholders, was designed to communicate information to consumers rapidly and ensure records are complete and updated throughout the pandemic. In addition, the DFS provides sample correspondence for insurers to communicate COVID-related measures to policyholders.

See also: A Quarantine Dispatch on the Insurtech Trio

How to Be Compliant Amid Changing Rules and Regulations

Emergency insurance laws and regulations to protect consumers during the pandemic are necessary, but they make it difficult for insurers to reach strategic decisions and plan for what’s ahead. The future is cloudier than ever — no one knows how long emergency measures will remain in place or what the regulatory landscape or compliance requirements will look like in the near future.

Put another way, insurers are grappling with a plethora of hard questions. How will the new normal affect product features? How will risk assessment and financial underwriting be affected? What will be the long-term effect of wage loss for affinity customers in certain industries? How do insurers operationalize an increasingly complicated set of rules across multiple product lines, segments and regions? What happens if there is another surge of COVID-19 cases? The answers to these and other questions are neither clear nor simple.

Insurers face considerable questions when it comes to temporary insurance laws and regulations. Adaptation is a matter of survival. Here are a few steps insurance companies can take to handle the rapid changes and remain compliant:

  • Dedicate a team focused on staying abreast of coronavirus-related regulatory changes, educating others in the company about these changes and building a strategy for compliance.
  • Make business resiliency plans that take into account likely scenarios, including the emergency measures lasting in varying amounts of time.
  • Repurpose staff members based on shifting organizational needs.
  • Leverage external partnerships and partnerships between carriers and agencies/brokers — how can you support one another during this time?
  • Appoint subject matter experts in account management, TPA management, underwriting and actuarial to handle related elements of the emergency regulations.

For many insurers, siloed legacy systems represent the biggest hurdle to meeting new insurance industry regulations while managing the resulting deluge of data. Switching to an integrated, comprehensive governance system that can better manage these changes and keep up with privacy and data management needs will not only help insurers weather the pandemic but will also help them make more informed, data-driven decisions for the future.

See also: How to Lead in the COVID-19 Crisis

COVID-19 has caused and will continue to cause headaches for insurers scrambling to keep up with new rules and regulations. But the pandemic also offers an opportunity to improve business systems and compliance practices. By making smart decisions now, insurers will be prepared for other changes that come.

How to Avoid Snarl of N. Korea Sanctions

The timing was excellent – or unfortunate – depending on your perspective. Just a week before South Korean President, Moon Jae-in, jets to Washington to talk DPRK denuclearization, it was reported that a South Korean oil tanker had been detained.

The P PIONEER – the first local vessel seized by South Korean authorities — is among four detained by Seoul. All are suspected of violating United Nations sanctions on fuel shipments to North Korea.

Just last month, the UN Security Council (which uses Windward technology) published its latest report on North Korea. It laid out in graphic detail Pyongyang’s evolving tactics in evading sanctions, and the maritime compliance risk faced by anyone connected – however unwittingly – to vessels engaged in this kind of activity.


According to reports, the P PIONEER was detained last October on suspicion of shipping oil to North Korea via clandestine ship-to-ship transfers and is “an indicator of the increasing pressure the U.S. is exerting on foreign governments and businesses to crack down on North Korean sanctions evasion,” according to Tahlia Townsend and Joseph Grasso, who head the International Trade Compliance and Insurance Practice Group at U.S. law firm Wiggin and Dana.

A Windward analysis of the vessel’s behavior in the 12 months leading up to its detention reveals a pattern of dark activities in several parts of the East China Sea. In total, we detected 13 separate occasions when this happened – the kind of deceptive shipping practices routinely employed by North Korea, as highlighted by an updated advisory published last month by the U.S. Treasury’s Office of Foreign Assets Control. During our analysis, another notable pattern of behavior emerged: In the 12 months before it was detained, the P PIONEER only visited ports in South Korea. In other words, every voyage the vessel undertook began and ended in South Korea.

Map showing polygons (areas) linked to possible clandestine oil transhipments to North Korea. Source: OFAC, UN.

See also: Can Insurers Stop Financial Crimes? Yes  

Searching in the dark

Detecting such behavior just by searching for “dark activity” won’t get you very far. Indeed, if you use this behavior as a proxy for illicit activity in the East China Sea, you’ll end up with a short list of 20,000 vessels during the past 12 months (the East China Sea is notorious for poor AIS coverage, meaning many vessels that “go dark” don’t do so deliberately). Of these, 1,200 were tankers – a number way too big to differentiate between innocent vessels just passing through and those potentially engaged in illicit oil trading with North Korea. If identifying dark activity was all we could do, compliance officers, charged with ensuring vessels they deal with are complying with sanctions, would probably jump overboard.

Map showing clusters of Dark Activities by vessels in the East China Sea over the past year

Where we can narrow things down for maritime compliance risk is by looking at how frequently vessels went dark – where it was an integral part of a vessel’s modus operandus. As the chart below shows, most tankers had no more than one dark activity in the area; only 3.5% of them did it more than five times. We can look more closely at repeat offenders, to find those that might be evading sanctions (our algorithms can detect which turn-off-transmissions are due to lack of reception and which due to skulduggery).

Distribution of vessel dark activity, highlighting two additional vessels that were mentioned in the recent OFAC advisory regarding DPRK as possibly being involved in illegal transports of petroleum products.

Behavioral Analysis

Another way to whittle down the list of potential miscreants is to look at trade patterns. As discussed above, most vessels passing through this area were heading to ports in the region. The P PIONEER’s voyages always started and finished in South Korea (with a dark activity in between), a pattern we see in just 81 other vessels over the past 12 months.

If we narrow our time window to the past 60 days, we find only 17 vessels were engaged in this pattern of behavior – a much more manageable data set. Within those 17, we find one, very interesting, vessel, called the P CHANCE.

Like the P PIONEER, it’s a tanker; it’s flagged in South Korea; it had 21 dark activities in the region in the past year – including one last month. Oh, and it belongs to the same registered owner (see below).

Looking at the P CHANCE’s economic utilization profile, one can spot the same risk indicators but from a different perspective. With more than 15 dark activities in the East China Sea in 2018, the vessel spent only 31 days in port (compared with 80 days for similar tankers).

See also: Europe’s New Data Breach Requirements  

To be sure, this analysis isn’t a smoking gun – it just means that out of the thousands of vessels transiting the East China Sea every month, this vessel stands out, indicating that further investigation may be warranted.

Maritime Compliance Risk

The deceptive shipping practices discussed in this article were once only relevant to intelligence agencies and NGOs that monitored and enforced sanctions. But as we’ve seen in the recent OFAC advisory, and the UN Panel of Experts report, sanctions enforcement is no longer something only bad actors need worry about; counterparty due diligence (CDD) teams in every industry that interacts with shipping now need to up its game considerably. Indeed, when list managers or compliance officers consume data feeds and black lists, the recent OFAC advisory might now require them to prepare and consume a global daily review of dynamic sanctions evasions tactics, to mitigate compliance risk. With the right technology, they can do so – while keeping their businesses running as usual.

What GDPR Means for Insurance Companies

GDPR (General Data Protection Regulation) took effect in Europe on May 25 — and is expected to create a ripple effect that affects U.S.-based organizations, regardless of whether they have European operations.

This is the most significant data privacy regulation ever – the EU views this as a human rights issue. The recent Facebook issues will accelerate GDPR acceptance here in the U.S., and it is up to insurance agents and carriers to be sure they are in compliance with all applicable laws and regulations in the U.S. and in Europe.

GDPR was enacted to further protect the rights of individuals in controlling how their personal data is shared. Many expect further regulations to come to the U.S., along with stiffer financial penalties for those organizations that do not comply.

But there are those in the insurance industry who see this as the “starting gun” not “the finish line.” The reality for most U.S. business, insurance companies and others is that GDPR will become the global standard for how businesses must handle consumer data, and it will set new benchmarks for consumer data privacy.

GDPR will have a positive impact for both the business/marketer and the consumer.

This can become an incredible opportunity for U.S. companies that choose to embrace GDPR. Instead of something scary and negative, it can become a great opportunity that they can use to challenge themselves to build tools and processes to maintain smarter marketing and more personalized and predictive communications with customers.

As consumers begin to understand the advantages to them, they will likely prefer to work with and share their consumer data with compliant companies. Rather than waiting and wondering, companies need to take the steps necessary to comply. If it’s great for the customer, and if businesses lead the way, it will end up being great for the company.

See also: How GDPR Will Affect Insurance 

First, insurance companies will need to take steps to comply with the legislation so they will not be open to stringent financial penalties. They must begin by working with their legal team and GDPR experts to appoint a company representative who is established in an EU supervisory country. This person is the point of contact for all communications with the GDPR supervisory body.

Not all organizations need one, but if it’s required, appoint a Data Protection Officer who has the expertise needed. This person can help redesign what consent and disclosure looks like for customers. Consumers will need to check a box (or its equivalent) for every single use case of their data. They need to be able to select those they agree with and decline those they don’t, and companies need to be able to comply and track their preferences in their systems.

Insurance companies also need to consider third-party providers, as well. If a third party is not able to prove GDPR compliance, the EU work it does is illegal. Companies should audit their third-party providers and reevaluate service level agreements.

Companies also need to work within the GDPR regulations and still be able to have a “good client experience” and grow and find and retain new customers with the new law that is a game changer for the way they do business now.

Moving forward, companies will need to be much more aware of their audiences’ tolerance for marketing. Companies that have been careless by oversaturating their audiences with irrelevant marketing will lose the privilege to market to those customers.

Consumers want information and marketing that is timely and relevant. Technology companies have tools available for clients that account for marketing saturation modeling and use dynamic marketing workflows. Their audiences should receive the “Goldilocks” amount of marketing – not oversaturated, but enough to maintain brand awareness and positive disposition when they are in the position of making a buying decision.

The positive impact for insurance industry will be that GDPR compliance forces companies to implement data storage and processing and marketing “best practices.” Once a consumer asks to be forgotten, companies must remove all the person’s data. Not just take people off an email list, or a call list, but delete all their preferences, history and contact information.

Businesses that comply with GDPR will reap the benefits of better consumer confidence. Additionally, the practice of impeccable data security demands migrating customer data to the latest network technology. The long-term benefit of storing and running data using the best and most current technology reduces overall digital footprint.

But how companies use technology to retain brand awareness and win and keep customers without becoming a nuisance at a permanent cost will be a challenge. Achieving and retaining brand awareness without irritation becomes a balance of just the right messaging, via the right channel at the right time.

See also: How to Avoid Being Bit by GDPR (Part 1)

We are proponents of human engagement and realize that all the AI in the world cannot replace human connections. We also realize that the human connection is invaluable and that marketing communications coming from a trusted adviser versus a faceless organization elevates the message.

More than ever, companies need to rely on marketing acceleration models that induce a repeatable pattern of activity, garnered from AI and machine learning to create marketing workflows that enable individuals at a company to have personal connections, smarter marketing, more personalized and predictive customer experiences and better sales outcomes.

Technology can help companies achieve one-on-one interactions and make them more confident that what they say and show is relevant and tailored to their client.

How to Get Ahead of the Watchdogs

The compliance and ethics functions within insurance organizations face continued regulatory pressure. But, nowadays, they must also deal with new threat vectors that are shaping a higher-stakes global compliance environment. More and more, investigative journalists are analyzing big data to spot fraud as well as compliance violations. Third-party agencies are increasingly using technology to identify incidents and monitor corporate behavior. Enforcement agency whistleblower programs are motivating employees to speak out about perceived violations. And, rapidly escalating grassroots campaigns, such as the #metoo movement, are making strong corporate culture and rapid-response capabilities even more critical. When these watchdogs form the genesis of a complaint, social media channels and the round-the-clock news cycle can rapidly increase awareness of the incident – in some cases even before the company itself is aware.

Compliance functions need the agility to adjust to business changes and to the inevitable surprises inherent in a dynamic business climate. But, without a strong technological underpinning to help them operate efficiently in real time, it will be challenging, if not impossible, to get ahead of new threat sources and changing business dynamics. From dashboards for improved decision-making, to sophisticated tools for monitoring employee compliance, to training informed with data from compliance monitoring, technology-based capabilities are now cornerstones of effective compliance management. By using the best available tools and information to protect their organizations and to scan the horizon for new requirements, trends and risks, compliance functions can keep pace with their organizations’ changing compliance needs.

But as a group, insurance sector compliance functions have some work to do on the technology front. According to the PwC 2018 State of Compliance study, only 41% of insurance organizations use policy management technology within the compliance department (compared with 44% across industries and 54% in banking, for example). Just 47% use technology to monitor employees’ compliance with ethics and compliance-related policies and procedures (compared with 50% across industries and 52% in banking). While progress is being made, it lags that of certain other industries.

See also: How to Collaborate With Insurtechs  

However, our study identified 17% of insurance survey respondents as “Leaders,” where executives were very satisfied with the effectiveness of their organization’s compliance program. This is on par with other industries in the study. The study’s overall Leader group shares a common denominator: Leaders take a more comprehensive and current approach to compliance risk management as enabled by technology. Leaders differ substantially from their peers in many of the operational aspects of compliance risk management, including executing differently in four key ways.

Leaders invest in tech-enabled infrastructure to support a modern, data-driven compliance function. Technology helps organizations manage compliance in a dynamic and expansive risk universe. Leaders more often use data analytics tools, dashboards and continuous monitoring than their peers. More than half (54%) of Leaders in the study use data analysis tools, and nearly half have dashboards (49%) and engage in continuous compliance monitoring (48%). The effective use of cloud infrastructure, machine learning, advanced analytics and natural-language processors help organizations quickly analyze vast amounts of data and gain insights into business and customer behaviors, assess potential compliance issues and cost-effectively meet risk and regulatory challenges.

Leaders increase compliance-monitoring effectiveness through the use of technology and analytics. Analytics, together with automation technologies, make the continuous monitoring of employee compliance across many areas of the business far more feasible. Two-thirds (66%) of Leaders use technology to monitor employees’ compliance with ethics- and compliance-related policies and procedures. And they more often use technology to monitor specific risk categories, such as fraud, gifts and entertainment, privacy, social media and trade compliance. Leaders are also gleaning more benefits from technology use in monitoring efforts – compared with their less effective peers, they are more responsive and even proactive in mitigating compliance issues.

Leaders streamline policy management to increase responsiveness and boost policy and procedure effectiveness. Leaders take several steps to strengthen their policy management. They more often keep their codes of conduct, policies and procedures current and make them easily accessible across the organization. They also more often enable this streamlining through policy management technology, such as GRC tools, and measure the effectiveness of policies and procedures more comprehensively. Nearly two-thirds use technology to facilitate the policy management process.

Leaders take advantage of information and technology to provide targeted, engaging and up-to-date compliance training. Leaders’ compliance training and communications are more comprehensive and current. They are often using multiple sources of information to inform and target their training and are thinking creatively about new ways to digitally engage employees in training activities. Leaders’ approaches to training positively affect their organizations’ overall risk profile as they aim to minimize activities that potentially place the organization at higher risk.

See also: Guide for Insurtech Work With Carriers  

Effective compliance risk management must be grounded in strategy and business engagement. Establishing the right tone at the top, assessing compliance and ethics risks and building governance structures that provide high levels of confidence in regulatory matters are all critical to effective compliance leadership. But operational aspects of compliance are where the rubber meets the road. With multiple new, highly motivated watchdogs now providing their own forms of oversight, the case for strengthening compliance risk management through technology is strong. Technology is more critical than ever in building programs that boost compliance program value, better manage risks and drive cost-effective compliance.