The InFront Compliansphere

May 10,2019

By : Alia Luria

To kick off our new weekly feature, The InFront Compliansphere, I sat down with the founders of InFront Compliance, Melissa Koch and Alia Luria, to get some of their key insights into compliance and regtech.

How did you get into compliance?

Melissa: In my 20+ year career as an attorney for both law firms and in-house with large companies, compliance has always been a key component in providing legal services and managing a thorough, well-rounded legal department.  Conducting business with compliance in mind has always been paramount and designing ways to implement compliant processes and procedures into the operations of a business is a critical part of the job.

Alia: Prior to going to law school, I was a web developer. When I transitioned into a legal career 10 years ago, my practice out of the gate included data breach response, data considerations in mergers and acquisitions, HIPAA, and data management in software agreements. All of those touched on my prior experience in software. My more general compliance practice has blossomed out of these spaces as cybersecurity regulations have come to permeate almost all of the regulatory frameworks across industries.

What’s top of mind for you in compliance these days?

Melissa: Cyber security is top of mind across almost every industry.  Even when companies aren’t so-called “tech companies,” they are almost always tech enabled.  That means data, systems, and risk.  Having good cyber security practices in place is a must – but it’s also a process.  There are regulations that require cyber security for certain industries, but even for those industries that aren’t necessarily regulated, having a solid cyber security program, is really important.

Alia: Cyber security was where I started with compliance and it remains key across all areas of compliance and is particularly at issue for third party risk management. That said, top of mind for me now is solving the problems associated with the transaction costs associated with compliance friction between all of the entities inside the business ecosystem. As data sharing has exponentially increased between customers, vendors, partners, and even government agencies, the regulatory complexity has ballooned in response. Regulatory oversight operates in this ecosystem, and the transaction costs associated with cementing these relationships has ballooned along with the regulatory complexity. I’ve watched my legal clients suffer as they’ve tried to close contracts with customers and vendors that they desperately want to do business with only to be stymied by this complexity. Solving these frictions is top of mind for me.

What is the single biggest compliance issue facing businesses today?

Melissa: Compliance these days is hard and there is a lot at stake.  Money.  Trust.  Reputations.  I talked about cyber security in my last response, but many companies get overwhelmed and don’t always know where to start or how to prioritize.  In addition to being expensive, compliance is also resource intensive and time consuming.  Technology has a big role today to address all of these and there are a ton of regtech companies out there trying to address these concerns.  Finding the right solutions that help simplify and streamline compliance is time well spent.

Alia: There are a great many pressing issues in compliance, but one that I think is particularly pressing is in the compliance landscape is the lack of technology-enabled expertise in the industry. There are a lot of companies trying to automate compliance, but as a general matter, compliance professionals are preparing controls manually and software companies are developing automation platforms that then utilize these controls. They are not necessarily being developed in tandem in a way that takes advantage of the ability to leverage the expertise of attorneys and compliance professionals not only across individual regulations but holistically for an organization. Building the expertise into the automation can only make a tool that’s easier to use but will ultimately benefit from the economies of scale as experts build in standards for harmonizing across different framework.

What regtech technology trends should businesses be aware of?

Melissa: I think businesses should expect more from technology providers in the regtech space.  In particular, expert systems that make regulations easier to understand, implement and manage.

Alia: Compliance doesn’t happen in a vacuum. Regulations are focusing more and more on third party risk management, and businesses can no longer avail themselves of plausible deniability when it comes to their business relationships. Regtech is going to have to solve for this ecosystem-based reality in compliance management, and we will see more and more of that in the market.

Who are the pioneers in regtech and compliance? 

MelissaJohn Wheeler, Global Research Leader for Risk Management Technology at Gartner has some of the most interesting, compelling and insightful insights on regtech including what’s no longer working, what is working and why.  Zach Warren, Editor-in-Chief of LegalTech News also has a good pulse on regtech.  Lindsay Davis, Senior Intelligence Analyst from CB Insights focuses more on Fintech and has an excellent sense of the regtech and compliance needs in that segment.  All three are well worth keeping up with.

Alia: Since I come from this area as both an attorney and CTO, I look to some of the more technical operators in the industry. Bruce Schneier is a cryptographer, security guru and author. His latest book Data and Goliath also focuses more on practical knowledge such as privacy policies and dealing with the fear of data breaches. Rebecca Herold is colloquially known as the Privacy Professor and she’s part of the NIST standards committee that helps shape the standards for the United States. 

Every week we’ll be sharing thoughts and insights on the fast-changing world of compliance.  We hope to see you here again next week!