Metaverse technologies are already revolutionizing how companies interact with customers, prospective clients, vendors, and teammates. In fact, corporations like Microsoft, Google, and Amazon have already built a virtual world to explore future sources of revenue. Nearly 25% of people will spend at least one hour a day in a metaverse for work, shopping, education, social media and/or entertainment, according to Gartner. The pressure is on ethics and compliance officers to identify and manage the risks associated with any emerging technology. Their new task is to ensure their companies bring to the metaverse the same level of commitment and ethical behavior they embrace in their “real world” operations.

These are some of the risks compliance officers and corporate leaders must take into account as they venture into a virtual reality environment.

  • Lack of regulations: the speed of technological progress is so great that the regulations are not in tune with this dynamism, leaving important control and prevention gaps. The metaverse lacks jurisdiction, rules and control policies, leaving ethical limits in the hands of users. That is why having a compliance culture is so relevant since in the absence of regulation, a compliance culture establishes preventive policies and puts controls in place.
  • Vulnerable system: the metaverse, like all new technology, faces significant cybersecurity risks, especially considering the rise and sophistication of online crime during the pandemic, the professionalization of cyber criminals, who threaten people and companies through fraud, hacking, personal data leaks, and phishing, among others. In addition, the fact that various devices are required to interact in the metaverse – including helmets, augmented reality glasses, wrist-based bands or VR gloves – increases the chances of being attacked if you do not have a good cybersecurity policy.
  • Lack of protection of personal data: the greatest computer vulnerability and the unknown impacts of the metaverse threaten our personal information, which may be available to cybercriminals who could make fraudulent use of it. In fact, data theft involves not only our name, phone, or checking account but also our biometric data. This is because to interact in the metaverse, we require an avatar, which is the image that represents us in the virtual world. Our avatar carries out actions such as buying and selling digital assets, for which we provide a series of biometric data, such as fingerprints digital, facial, or retina scan. This is a sensitive issue for all companies, but especially for those required to meet legal and regulatory requirements for collecting, storing and using sensitive data.
  • Knowledge of virtual behavior: the big tech companies have access to our entire virtual journey, including personal preferences, concerns, emotions, and even the places we visit thanks to their applications. This information could make employees vulnerable to manipulation and influence decision-making. In the metaverse, it would also be possible to collect information about our habits through the avatar, including who we interact with, how we interact, what we buy, and more. For this reason, personal data protection and cybersecurity policies must now be a self-demand for each company.
  • Identity theft: the metaverse can be the ideal space for the malicious use of our identity through avatars, which could be stolen by cybercriminals, to commit crimes, make purchases in the metaverse, obtain our information and even impersonate us. Unfortunately, artificial intelligence tech has allowed the development of the deep fake, which is a video, image, or audio that imitates the appearance and sound of a person, so perfectly that it can be undetectable.
  • Extortion: if in the metaverse we are victims of a crime such as theft of our data or our avatar, it is possible that we will later be extorted to recover what we lost. Businesses must be extremely careful because all your business information can be the material for extortion and cyberbullying.
  • Exacerbation of violent behavior and social polarization: social networks have been the focus of polarization, giving rise to extreme and violent positions that affect people, companies and governments, among others. In the metaverse, this could be repeated, moving into this virtual physical space, intimidating or violent behaviors such as corruption, abuse, harassment, threats, or bullying. Furthermore, if this occurs, it will take place in an environment that is difficult to investigate and prosecute. On the other hand, the metaverse can be a conducive place to interact with strangers, which is always a risk.
  • Irresponsible behaviors: interacting in the metaverse can strengthen bad behaviors, protected by anonymity. When it comes to employees, that could encourage bad practices, including cutting backroom deals and fueling corporate corruption.

Metaverse technologies have much to offer to businesses seeking to conquer the VR world to expand their operations beyond the real world. Once compliance risks are identified, and a mitigation plan is put in place, companies will be able to focus on the benefits and opportunities that the metaverse can bring to them, including:

  • Creating a more inclusive work environment, where collaboration is encouraged
  • Enabling new ways of working and learning.
  • Allowing quick and immediate interaction.
  • Connecting with customers on a higher level.
  • Transforming operations and supply chains
  • Creating social value.
  • Exploring different VR worlds and interacting with other users in them.
  • Improving communication and interaction between people.
  • Allowing the acceleration of the digitization of various industries.
  • Providing sensory experiences through VR glasses and helmets to explore the metaverse, living experiences that can be difficult to live in the real world, such as seeing an eclipse, boarding a spaceship, etc.
  • Consolidating relationships between brands and users.

This is a crucial moment for compliance officers to sit at the table with the company leaders and the tech department to ensure any virtual reality experience is developed with compliance in mind. Any interaction in the metaverse must be subjected to the same level of commitment to compliance as in the real world. Otherwise, companies risk becoming the poster child for bad behavior and bad practices in their virtual world, tarnishing a business reputation that took years and decades to build.

It is important to remember that the metaverse is ultimately comprised of “real world” people. By bringing the same level of ethical behavior from the “real world” to the metaverse they can avoid the real consequences for bad metaverse behavior.


By Susana Sierra

Published in Corporate Counsel