Global businesses are forecast to spend $10 trillion on digital transformation in the five years to 2025, capitalizing on rapid technological developments that are reshaping every corner of the corporate world.
While digitalization is game-changing, it comes with risks, challenges and obligations that must be understood and navigated to succeed. Globally, complex laws and regulations are leading to significant legal obligations around digital responsibility for companies – which often diverge, rather than converge, across various jurisdictions. These laws extend significant duties and expectations to boards and senior leadership to ensure adequate oversight and governance in this area.
In 2022, it is a business imperative to employ the right strategy to deal with these risks and obligations.
‘Going Digital’ Versus Digitalization
There is often confusion between a company ‘going digital’ and digitalization. Implementing new technologies in a siloed manner, without consideration of the business-wide implications, can lead to major negative repercussions for the most senior leadership of an organization.
Digitalization – the application of digital technologies to transform business activities, processes, competencies, and models to fully leverage the opportunities from technology and data – encompasses companies’ procurement, deployment and use of such technologies.
It also includes businesses developing, selling or licensing out these technologies. This could be for internal use or customer-facing purposes, making it relevant to all companies, regardless of sector.
Businesses in Asia, and globally, are seeking a competitive edge and digitalizing at breakneck speed, a trend that has been accelerated by the global pandemic. Fifty-five per cent of products and services are at least partly digitalized today, compared with only 35 per cent in 2019, prior to the pandemic.
Businesses in Asia, and globally, are seeking a competitive edge and digitalizing at breakneck speed, a trend that has been accelerated by the global pandemic.
Industries that were traditionally not considered technology businesses have embraced digital transformation as a pivotal strand of their strategy, in recognition that no sector can ignore the commercial gains that digitalization delivers. A new company motto has emerged over the past 12 to 18 months – being we are a “technology business” first, that just happens to provide services to customers in a particular sector.
For example, Singapore’s DBS Bank leveraged advanced technologies to improve customer experiences as part of a 2014 digital transformation strategy. Recent innovations include creating an online exchange for blockchain-based fundraising and carbon credit trading. These innovations contributed to revenue growth of S$14.6 billion in 2020 from S$9.6 billion in 2014.
‘Techlash’ And New Laws Signal Need For Corporate Digital Responsibility Strategies
There is a growing imperative to ensure ethical, responsible, and legally compliant use of technologies and data and to apply a responsible approach to digitalization – known as a Corporate Digital Responsibility (CDR) strategy.
CDR is a set of responsibilities relating to commercial, legal, compliance, ethics, ESG, governance and oversight imperatives. Organizations should consider these when making decisions relating to technology and data and when implementing their digitalization strategy.
Businesses risk major adverse reputational damage and the erosion of significant value if there is a misalignment of their digitalization strategies and their approach to ethics in technology and corporate digital responsibility. A growing backlash against companies perceived to be using technology irresponsibly that emanates from stakeholders, including customers, investors, and employees – often referred to as ‘techlash’ – contributes to these risks.
Techlash can also arise where it is perceived that the use or misuse of technology or data leads to bias, discrimination, mistreatment of customers, digital disenfranchisement, data breaches or damage to society or the environment.
In parallel, a plethora of new laws are being introduced globally, augmenting existing regulatory responsibilities, to ensure digital technologies are developed, used, bought, and sold responsibly. Many of these laws carry significant enforcement consequences, including fines and imprisonment, for non-compliance.
Yet, 61 per cent of businesses struggle to keep up with the legal and guidance requirements that apply to digital technologies, according to a new report by Eversheds Sutherland in conjunction with Longitude, a Financial Times company. The report – Shaping the future of digitalization: Global perspectives on digital technologies, risk and corporate digital responsibility – surveyed 700 senior professionals globally to investigate the adoption of digital technologies, risk and approaches to CDR.
A clear CDR strategy will drive consistency and agility, ultimately enhancing commercial success.
Adopting a CDR strategy not only helps mitigate the many significant risks with developing, selling, licensing and/or embedding digital technologies, but also helps maximize the benefits of any digitalization initiatives. Increasing stakeholder confidence and trust is a pivotal part of this.
Importantly, CDR is not just about mitigating downside risk. Implemented correctly, it helps to build trust with a wide range of stakeholders, from customers and employees to regulators and investors. A clear CDR strategy will drive consistency and agility, ultimately enhancing commercial success.
Business Considerations When Implementing A CDR Strategy
There is no one-size-fits-all approach to CDR. The legal, governance and ethical responsibilities that need to be factored into each project involving digital technologies will depend on the business model, sector, location, and the technologies involved.
CDR strategies must account for current and emerging commercial issues, the regulatory landscape, cultural factors, ethical principles, corporate values, and best practices. But, given the changing regulatory environment and technology, such a task is not easy.
Based on our experience working across hundreds of digitalization projects around the world, key business considerations when implementing a CDR strategy include:
- Base your CDR strategy on an understanding of the full spectrum of current and emerging strategic, legal, corporate, regulatory, sectoral, ethical and ESG risks and responsibilities that accompany digitalization. It should address board-level oversight and governance obligations. The Eversheds Sutherland report found that just 20 per cent of businesses have CDR ownership and oversight at board-level.
- Understand and audit what technologies the business is developing, selling, licensing, or using or intending to use, as well as where, for what purpose and what the implications will be. It’s critical to consider use cases in detail.
- Place data and rights to use at the heart of the strategy. Fewer than 20 per cent of businesses surveyed feel ‘very confident’ about their ability to securely handle customer data.
- Consider and address upfront the implications for and impacts on staff. The Eversheds Sutherland report found 27 per cent of respondents anticipate employee/skills shortages due to the organization’s use or provision of digital technologies.
- Review your contract templates and playbooks to ensure they are fit for purpose. Only 17 per cent of survey respondents consider that their contracts are fit for purpose in relation to their digitalization activities.
Dynamic Strategy Essential To Managing Key Risks
Companies must develop a strategy to understand the risks as they develop and change, and to mitigate and overcome them. Risks include falls in company share prices or valuations, investigations and criminal prosecutions, loss of a license, class actions and blocked M&A activity.
Fewer than 20 per cent of businesses feel ‘very confident’ about their ability to manage the use of data and cyber incidents.
The Eversheds Sutherland report highlights that businesses are often aware of some of these risks, but not all. Unsurprisingly, cybersecurity and data privacy breaches and associated potential litigation are considered most concerning to our respondents. Yet, fewer than 20 per cent of businesses feel ‘very confident’ about their ability to manage the use of data and cyber incidents.
Legal, regulatory or commercials consequences can stem from a simple misunderstanding of the technical, legal and ethical risks posed by new technology or confusion over legal and regulatory obligations. According to the Eversheds Sutherland report, 63 per cent of businesses say the complexity of technology and related laws makes it challenging to assess their risk and liability.
Many issues stem from not considering the sentiment of consumers, shareholders, governments, and employees. These groups are now more engaged in asserting their influence on business outcomes.
One of the key challenges is that not everyone involved in digitalization projects within a company fully understands the risks, the organization’s strategy regarding them, and the consequences of not mitigating against them. Everyone involved should have a sufficient understanding of risks, reporting up on risks, and the consequences of failing to mitigate risks. Upskilling and training staff in this area is key.
Everyone involved should have a sufficient understanding of risks, reporting up on risks, and the consequences of failing to mitigate risks.
The Eversheds Sutherland survey results expose the growing “digital safety gap” between advances in customer-facing technology and businesses’ backroom capability to ensure its safety. Globally, respondents were most concerned about the threat of investigation and/or prosecution by regulatory authorities relating to product safety. This fear is well grounded given the increasingly proactive and severe measures taken by regulatory authorities in response to product incidents – particularly those which placed a significant reliance on technology, often in the absence of human intervention.
Given this threat, it is increasingly important to bake in safety, as well as security and privacy by design, which involves getting lawyers involved at the earliest design stages.
What is clear is that businesses have started to recognize the importance of having a strategy to understand and address their legal obligations, commercial priorities, and stakeholder expectations. An effective strategy acts like a golden thread woven throughout the entire organization.
Effective CDR Strategy Central To Success Of Digitalization Strategies
As businesses continue to accelerate their digitalization activities to realize the immense benefits digitalization can bring, they recognize there are major challenges and risks that must be carefully navigated. What is now very apparent is that an effective CDR strategy is not only key to driving the success of your digitalization strategy – it serves as a critical pillar of what investors, shareholders, and customers alike demand of a modern “technology business”.
Our research highlights that many businesses have begun the work to develop a CDR strategy to govern their digitalization efforts, but many do not have a holistic approach fully embedded into their organization, meaning there is more work to be done.
By Rhys McWhirter, Partner, Eversheds Sutherland
Rhys is a partner at Eversheds Sutherland’s Hong Kong office and leads the Technology practice.
37/F, One Taikoo Place, Taikoo Place
979 King’s Road, Quarry Bay
Hong Kong SAR
+852 2186 3200
* This article was first published in April 2022 issue of the IHC Magazine. You can read/download the magazine here.