CCOs face an increasing challenge: how to cope with rising regulation?
Enter the integrated compliance approach
Whenever we talk to Chief Compliance Officers (CCOs), they tell us it’s getting more and more difficult to keep up in a rapidly evolving landscape. While a growing number of CCOs now have a seat at the boardroom table, many still struggle to exert their influence. Add to that high profile compliance lapses and the heavy burden of increasing regulatory requirements, and it’s clear that we need to expand our view of compliance. It’s no longer simply keeping up with regulations and following the letter of the law, but shaping firm-wide conduct—conduct that should be rooted in values and ethics.
We believe that by taking an integrated approach to compliance, organizations not only mitigate risk, but drive better business outcomes.
Compliance by the numbers
To understand this shifting and increasingly complex landscape, we recently teamed up with Compliance Week to examine emerging trends. Our research covered over a dozen industries globally, including companies both large and small. Among our findings:
- The CCO is on the rise A full 57% of CCOs said they reported to the CEO or the board, a number which has previously been as low as the mid-40s within the past five years. As well, 59% of firms reported having a standalone CCO, up from 51% last year, and 37% in the previous year. These figures suggest more organizations are recognizing the scale and scope of the role may require a full-time commitment.
- Third-party risk remains the number one concern for CCOs They are particularly concerned about the potential for regulatory breakdown through vendors, suppliers or outsourcing. While only a minority consistently perform these duties, the majority reported auditing, performing background checks or training third parties at least sometimes.
- CCOs broadly agree on the core compliance responsibilities: training, code of conduct, whistle blower hotlines, and regulatory investigations. They are the traditional focuses, dominating a CCO’s time. However, our survey also shed some light on missed opportunities. Compliance culture assessment is at the very bottom of the CCO to-do list, raising a troubling question: If CCOs aren’t doing this, who is?
The compliance challenge
Despite the growth of CCO positions and their presence on management boards, compliance functions still face a challenge in exerting influence. To succeed in their mission, CCOs need to help shift thinking in their organizations so their function is perceived less as a burden on the business, but a source of insight and value. To achieve their mandate, they must also address:
- A tendency to operate in a silo
- Overcoming a focus on meeting regulatory requirements rather than developing a compliance culture
- Having the ability to advise, but the inability to execute and drive enterprise value
Enter the integrated compliance function
In order to effectively address these challenges, we believe organizations need to take a more holistic approach. In other words, we believe compliance should no longer be perceived as the domain of a single corporate group, but as an enterprise-wide responsibility. Compliance starts with the board and engages executive offices and in turn business operating groups. With an integrated compliance function, all business decisions align to compliance values. This may sound ambitious, but it can be achieved in four stages.
- Values – You have to start with values as they are central to developing a compliance culture and integrated compliance function. Values drive how an organization behaves, whether it relates to doing the right thing or transparency.
- Design principles – These are a set of foundational design principles the compliance function should adhere to, including accountability and risk effectiveness. Ultimately they must align with your values.
- Operating framework – This establishes the capabilities of the compliance function, which should be designed to detect, deter, and remediate risk.
- Execution – In the end, it’s all about delivery. Compliance function failures almost always happen during execution. If execution is not possible, it does not matter how well designed your compliance function is, you’ll be left vulnerable if execution fails.
The benefit of the integrated compliance approach is a stronger compliance function that is connected to tangible business results ranging from revenue enhancement, reputation protection, and improved workforce performance. When compliance operates to the best of its abilities, so does your business.
Compliance professionals have a strong business case for the value they can offer their firm, but this value is dependent on compliance functions being empowered to handle the increasing challenges they face. An integrated compliance approach is about outcomes – performance, revenue and of course risk mitigation – but it all starts with developing compliance values firm-wide.