An inside look at the technology and regulatory landscape with Steve Cosentino (Part 1)
Fresh out of law school in the mid-90s, Steve Cosentino had a front row seat to the birth of the internet age. Since then, he has carved out a niche for himself as one of the first in a handful to focus on technology law.
Now a partner at Stinson Leonard Street, a firm based in Kansas City, Mo., Cosentino specializes in technology-related transactions and compliance, with an emphasis on data privacy and security.
Cosentino speaks about technology and regulatory law with a fluency that only comes from having three decades of experience. From Y2K to the stock market crash and the subsequent rise of e-commerce, he’s adept at protecting his clients, staying ahead of trends and managing regulatory risk.
We were lucky enough to speak recently with Cosentino about current technology and regulatory subjects. In this post, the first of a two-part series, we ask about his thoughts on the current regulatory landscape, including client priorities, how businesses are managing risk with external resources and technology, and the impact of RegTech on the legal industry.
A new focus on compliance
HighQ: Thanks for speaking with us today, Steve. We’re excited to hear your perspective on the current regulatory and compliance landscape. Let’s start by taking a look at the wider view.
Global regulators have been busy implementing new frameworks aimed at protecting markets from the forces that precipitated the 2008 financial crisis. As a consequence, do you think boards are spending more time focusing on compliance activities?
SC: Yes, we are seeing an emphasis on compliance at the board level. Now, that doesn’t necessarily mean that they’re spending additional time on compliance detail, but it is getting a lot more attention.
One of the things I’m noticing is a willingness to engage internal resources and outside consultants to ensure compliance efforts. In the past, a company weighed how much they put into compliance versus other budget areas, and efforts were a bit less compliance-focused than they are now.
HighQ: In addition to seeking outside assistance for compliance matters, are there other changes they are making to ensure that business risks are better managed?
SC: I think the biggest thing is adopting internal governance procedures that have different operational groups within the company communicating better together and having reporting that tracks across different operational functions in a company.
For example, if a company runs afoul of US privacy and data security requirements, the legal team will review something and craft it a certain way, and then ask for input from leadership and marketing. Then they will get input from the IT staff and so on. Previously, there was no process to make sure that all of those areas within a company collaborate together on issues. And inevitably, you would see a privacy issue arise because one piece wasn't taken into account by a particular internal group.
The future of regulation technology
HighQ: With your background in technology, how do you see technology playing a role in helping firms manage compliance activities?
SC: In order to have effective compliance, companies really need a deep understanding of their data; where it is internally and externally, how it’s collected and used, what its movement is, and the procedures for accessing and erasing that data. That task can be extraordinarily time-consuming if it’s just done by individual people. That’s where we’re seeing some openness to engage technology—services that automate part of that process so companies are able to more easily and quickly gain an understanding of their whole data picture.
HighQ: Do you think RegTech as an emerging subsector is here to stay?
SC: I definitely think RegTech is here to stay. Lawyers and consultants are very adept at providing sound compliance advice, but implementing that advice is contingent upon understanding vast amounts of data and its relationship to operations. RegTech can help with that process and then reappear on the other end, implementing legal and consulting advice with automated services, data mapping and specific compliance.
So that, I think, is a welcome addition. The question really is, "What's the speed at which it's going to grow?" In that regard, I think that the risk tolerance of companies in the RegTech space is a big issue that's going to drive that.
So the way I would think about it is: smaller companies that are low on the radar of regulators—which is not an excuse for noncompliance, just the reality—can tolerate more risk and take advantage of the cost savings and speed of RegTech, because their main goal is to try to get to market and grow fast. However, a larger organization that's established and has significant assets and operations, will be a little bit more concerned about taking a risk that could potentially become a bet-the-company proposition.
Competition within regulation services
HighQ: How will the role of the law firm change over the next few years in the provision of regulatory and compliance services? And will a change require different skill sets from its lawyers?
SC: A couple areas that could be a real positive change for law firms but will require some different thought processes are the way we attack issues such as research and keeping up with regulations in different states and regions.
We have a large number of jurisdictions in the US that are attacking all of these very particular regulatory and consumer issues. So the network, laws and regulations are very difficult to manage. Historically, in a law firm environment, research would focus on one of a couple of different online services. That's expanded and now we're seeing more comprehensive services that add to that mix.
But I think that there's a real role for technology companies to get involved. We've got RegTech, but we also have the newer LegalTech, where we have some services that are able to help lawyers with conducting significant, multijurisdictional research in an area where the laws are changing very quickly. But it has to be done in a way that the lawyers can rely on because we are responsible, as professionals, for what we do in that area.
When you're working with, in particular, new technologies, disruptive technologies, you don't have months and months to undertake a compliance project. It needs to be done much more quickly. And a common complaint about lawyers, besides fees, is speed. So lawyers need to become adept at working more quickly.
One other thing on that subject is that if lawyers don't start to become a little bit more tech-savvy and adapt to that, they're just going to lose ground to the RegTech industry. People are simply going to accept the risks of RegTech and get lawyers out of the picture. So it's a survival thing too, right?
We couldn’t agree more. Legal professionals must find ways to use technology to harness knowledge and avoid informational roadblocks. In doing so, they will offer faster, better client experiences and stay ahead of the innovation curve.
For more of our interview with Steve Cosentino including insights on data privacy and GDPR, check out part two of our interview in next week’s blog post.