What does Digital Compliance mean?

Антонина Левашенко Антонина Левашенко Chief of Center Russia-OECD published in Investments · Digital economy
What does Digital Compliance mean?

Such virus attacks as NotPetya and WannaCry led to large-scale disruptions of companies’ activities and large losses for businesses around the world. And we can note a tendency towards an increasing number of such cases.

Other challenges of the digital economy are tied up with risks of human rights violations and other non-financial risks (consumer protection, labor rights, competition, etc.). This is due to the fact that people do not systematically take into account the effects of digital technology.

For example, the use of artificial intelligence technology can lead to such negative consequences as:

  • discrimination against socially unprotected groups of citizens
  • unlawful use of personal data
  • use of consumer vulnerabilities, etc.

Digital compliance, i.e. the rules of internal policies of companies who works with ICT, is intended to prevent these risks. Digital compliance is aimed at minimizing the risks of digital security, privacy, etc.

It is the ability to resist risks that ensures the company's competitiveness in the digital environment and allows it to be sustainable, reduces costs for court costs and increases consumer confidence.

Digital compliance is important for all companies, not just for IT business. Risk of digital security incidents is included in the TOP-5 business risks in 2015 (in 2014 cyber risks were ranked 8th, and in 2013 - 15th), meanwhile the cost of a typical digital security incident is evaluated at about 200,000 dollars USA (roughly the equivalent of the firm’s annual IT security budget).

SMEs are also exposed to digital security risks, but almost 50% of SMEs do not even think about complying with cyber security standards.

Companies operating in the digital world should not think that compliance is limited only to the digital risk matter. Issue of key importance is abidance of the standards of responsible business conduct, which include 9 areas: human rights, labor rights, corruption, environmental protection, taxes, competition, science and technology, information disclosure and consumer protection. These standards are established in the OECD Guidelines for Multinational Enterprises, as well as other international standards for responsible behavior.

OECD countries promote these standards among companies through the mechanism of national contact points (NCP) to ensure their competitiveness in international markets. In Russia, this work has just begun and is being carried out with expert support from the Russia-OECD Center of the RANEPA and the UNIDO Center in Russia, which in early 2019 launched a new project to develop the implementation of standards for responsible business in the industrial sector.

At the same time, the development of digital compliance in the company is possible through the use of IT solutions. For example, the transfer of contractual relations to the on-line mode, as well as the registration of contracts in the blockchain, allows to increase the transparency of the company’s activities and supply chains. In addition, the analysis of contractual relations with the use of artificial intelligence technology can help identify the financial and non-financial companies’ risks.

The development of digital compliance will be discussed at the session “Future of the business compliance in the Industry 4.0” during the Global Summit on manufacturing and industrialization (GMIS - 2019). GMIS is a joint initiative of the Ministry of Energy and Industry of the UAE and the UNIDO. Session will take place on 10 July in Yekaterinburg. The goal is to tell about the challenges of implementation of digital compliance (issues of compliance with personal data legislation, digital security standards, minimizing of non-financial risks in accordance with OECD standards) by companies that operate in the international market