Study Shows Major Headwinds Facing Compliance Functions

Compliance executives are facing big challenges, with multiple changes happening at high speed. In a phenomenon we call “compressed transformation,” we are seeing five-year plans become one-year plans as companies cope with change throughout the enterprise while trying to create value and grow. Not surprisingly, compliance resources – both human and financial – are becoming overstretched.

Our recent compliance risk study indicates that these challenges are coalescing around three major themes: cybersecurity; environmental, social and governance (ESG) concerns; and privacy. These are the “riskiest risks,” cited by more executives than any others. Meanwhile an increasingly complex global regulatory and enforcement agenda – with authorities themselves adopting new technologies for monitoring and enforcement —has magnified the importance of appropriate corporate behavior.

Each of these risks poses its own set of issues:

• Cybersecurity — The working world has shifted from being fully onsite to a hybrid onsite/offsite environment. Employees and third-party vendors now access company systems via remote networks from locations around the world, so the security of a company’s data has become an ongoing concern for Chief Compliance Officers (CCOs) as well as Chief Information Security Officers (CISOs), requiring constant monitoring and updating.
• ESG – This is a broad risk category encompassing everything from climate change to greenhouse gas emissions, workplace safety, human rights, board diversity and executive compensation. Global regulations are multiplying, with US and European regulators setting new standards and mandating new or broader disclosures. The ESG area requires compliance functions to have continuously relevant, adaptable, and tech-driven regulatory change and related risk management programs.
• Privacy – The Compliance Risk Study shows that, over the last two years, data privacy has become the single greatest challenge that companies face. Along with US federal and state regulatory changes in data privacy and consumer protection, there are new global policies such as China’s Personal Information Protection Law and Europe’s Digital Services Act. Few compliance areas saw as many developments as privacy and consumer protection in 2021, and we expect even more change throughout 2022.

These and other risks represent significant headwinds for corporate compliance functions. An effective response requires C-suite-level and cross-enterprise participation to make sure the organization is poised to grow with a proactive regulatory change management program.

There are three key areas needing immediate attention:

1. Collaboration. Compliance departments are increasingly active in firm-wide risk management activities and efforts to align risk processes across the organization. Nearly half of our respondents plan to upskill their compliance staff to drive a culture of compliance across the enterprise.
2. Data-driven insights. The speed at which companies now operate requires compliance functions to have accurate and complete visibility into the risks and mitigating controls of the business. Leveraging these insights helps capture efficiency gains, establish consistent processes, and identify compliance gaps.
3. New technologies. Artificial intelligence, machine learning, cloud and other technologies can help accelerate and deepen insights, map compliance, and manage regulatory change. The focus should be on automating routine tasks while providing enhanced analytics capabilities.

The new risk environment is both dynamic and difficult. Compliance functions must address cost issues, align compliance with business strategy, and make necessary investments in skills and technologies. Indications are that things will become more rather than less challenging, so it may be time for rapid action in building a more responsive and agile compliance function.