The issue of compliance digitalization is getting growing attention not only within compliance and legal departments but also at the C-Suite level and among employees.

I have noticed however that many of the questions raised indicate that this issue – which is obviously very new – is far from being clear for everyone. What is the scope that compliance should cover? What is digitalization? Is it different from digitization? What is the purpose of a digital platform and how does it help compliance?

I thought that a short blog post aiming at giving some definitions might clarify the debate, to better understand what the advantages of digitalized compliance are, and also to better grasp its limits.

What is the compliance scope that can be digitalized?

The definition of compliance is clear for everyone: complying with rules. But which rules should we comply to as the scope of compliance has dramatically increased over the recent years?

Today, I would argue that compliance is the set of internal processes that an organization must define to:

1. abide by legal requirements: for instance, the obligations stemming from the French Sapin II law, the Brazilian Decree 8 420 or the Mexican law on administrative responsibility.
2. ensure that laws are respected, for instance laws prohibiting anti-competition practices, or prohibiting business relations with persons under an international sanction’s regime.
3. respond to legitimate public expectations: for instance, regarding Corporate Social Responsibility or sustainable development issues.
4. and more generally to conform with business best practices, for instance for managing conflicts of interest…

As a result, compliance processes within an organization almost always exceed the competences of the sole compliance department. It is more and more a transversal issue which falls under the responsibility of other departments: Legal, Finance, Human resources, Procurements, Internal Audit, Environment, Health & Safety, etc…

“Complying” has therefore become a complex challenge for any organization; a challenge to which it is not easy to respond efficiently and comprehensively, and which – if not addressed properly – bears heavy financial and reputational consequences.

This is the reason why it is legitimate for organizations to research how current IT tools, like digitization, digitalization and digital platforms, may help monitor the complexity of compliance and manage its related potential risks.

What is digitization versus digitalization?

Often the words digitization and digitalization are used as synonyms. However, they refer to two different concepts.

Digitization is converting information into a digital format. This conversion is useful because it then allows the analysis of a considerable amount of information… You can digitize simple data and even processes. For instance, storing in a data base all the contracts of an organization with third parties in a digital format is digitization. Recording with a specific software all the due diligence processes of your third parties is digitization. Today, most documents and processes are in a digital format which allows organizations to go – at a very low cost – a step further: digitalization.

Digitalization handle data and processes that have been first digitized. Digitalization is automating the analysis that an organization wants to perform in a given area. If a company has digitized its contracts (i.e. stored in digital format), it can more easily identify if it has commercial relationships with an organization which falls under a sanction or embargo list. If a company has digitized its due diligence process (i.e. digital recording of the processes), it allows to identify any flaws in this process, for instance identifying third parties that have not returned a questionnaire or whose compliance supporting documentation is not updated.

What is a digital platform for compliance?

A digital platform is a tool which is designed to monitor a process and even monitor different interrelated processes that have been digitalized.

For instance, with a digital platform, a compliance officer can monitor the execution of third-parties’ compliance:

• to ensure that anti-corruption requirements are respected (anti-corruption compliance),
• to control that the company is not working with anyone under embargo (sanctions compliance),
• to make sure that it is documented that children are not working in third-parties’ premises (CSR Compliance)
• to verify that data privacy rules regarding third parties are respected… and more precisely respected according to different national laws (data privacy compliance)

The digital platform allows the compliance officer to easily and rapidly identify shortcomings which should be remediated or compliance risks that are not appropriately mitigated. He can then follow up in a timely manner the corrective actions undertaken.

Conversely, it allows every department of the company to have access to compliance data gathered by other departments, therefore avoiding useless duplication of tasks and ensuring easily that its operations comply with the company’s internal rules.

Why a digital platform needs to be tailored to your specific compliance needs?

A digital platform needs to be tailored to the specific needs of an organization, as two companies do not have necessarily the same compliance scope and nor the same “digitization” maturity.

It is always possible to start with only one compliance domain for instance data privacy, and progressively move to other compliance area: for instance, third parties’ risks management.

Then if the company chooses a digital platform with an open architecture, it allows the interoperability of the existing software and data base of the organization without requiring changing them.

Last but not least, a digital platform is designed to be user friendly and to allow the Compliance Officer, or the General Counsel to create the scoreboard that he or C level really needs and to adapt it easily to new requirements.

In a nutshell, a digital platform helps to easily integrate compliance in every business operation . It allows compliance and legal officers to do their job better, quicker and in a cost-efficient way. As a result, it helps to integrate compliance in the business culture in very natural way.