Technology vs. people power: risk and compliance in the age of COVID-19

Risk and finance technology has been directly affected by the COVID-19 crisis. This article looks at the underlying forces that dictate how risk and compliance projects are built and how technology evolves: namely, human beings.


The human factor

One of the more straightforward lessons imparted by the COVID-19 crisis has been that people matter. The human factor has typically been an overlooked part of how complex situations play out – but in recent weeks its importance has felt more starkly exposed. Human beings are social creatures, in a way that often overpowers rational economic or technocratic thinking. This is true in wider market trends, and subsequently in the dynamics that govern risk and compliance technology.

Expansionary enterprises and unpopular analytics

Underestimating the human factor, for example, is a key element in why big expansionary enterprise risk management projects tend to struggle. They are often mapped out as technocratic exercises in bringing data and technology together first, and people-projects second. In reality they are often mediated by personal relationships: stakeholders defending areas of interest, or taking control of projects to expand their influence.

Arguably, this is one of the reasons why we have seen an expansion of services in banks. Instead of having to negotiate a delicate and troublesome bureaucratic interplay, figuring out who will be responsible for what and who they will be answerable to, institutions can just lift and shift an entire process – boxing it up and ensuring simpler input and output. From a technology perspective, as questions around security and scalability have been at least partially answered, there is a growing consensus that the best kind of ‘box’ is enabled on the cloud. Thus more services have been migrated to the cloud, and more activities have been passed over to business process outsourcing (BPO).

Secondly, and relatedly, ‘deep’ analytics have struggled to gain traction. In zero-risk environments like sanctions screening, for example, firms’ requirements go beyond using the best technology to avoid sanctions violations. Institutions also want to be able to explain themselves to regulators. CROs need to explain their decisions to the board. The compliance team needs to explain things to the CRO. Financial institutions work in this way as interpersonal chains of responsibility, and adding elements that people fundamentally don’t understand or can’t control can break that chain in uncomfortable ways.

In addition, the people involved are themselves a signaling mechanism. Having large compliance teams proves that a bank is committed. Removing them, conversely, indicates that it’s not. On the surface, the way that an institution and a regulator work is that one tries to be compliant and the other checks whether it is. But there is typically a more complex and essentially human signaling process going on, whereby the number of people involved in compliance is used as a proxy of the effort involved. Replacing these employees with analytics can be seen as a reduction of effort, one that marks the institution out for extra attention.  

Technology in context

These dynamics are significant, and often dictate in powerful ways the route that technology takes. On the surface: AI seems great! Reducing compliance staff saves money! From a purely rational perspective these ideas make sense – but the world is not always rational.

Technology has been a vital lifeline in the COVID crisis. But we must also be careful to place it in its correct context: a world where it has become a powerful intermediary, one that is essential to keep us talking and working together, but nevertheless one that is subject to some old-fashioned truisms about who people are, what they want, and how they operate. 

Further reading

Points of View are short articles in which members of the Chartis team express their opinions on relevant topics in the risk technology marketplace. Chartis is a trading name of Infopro Digital Services Limited, whose branded publications consist of the opinions of its research analysts and should not be construed as advice.

If you have any comments or queries on Chartis Points of View, you can email the individual author, or email Chartis at

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact or view our subscription options here:

You are currently unable to copy this content. Please contact to find out more.

You need to sign in to use this feature. If you don’t have a Chartis account, please register for an account.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here.