Article

CCOs face an increasing challenge: how to cope with rising regulation?

Enter the integrated compliance approach

Whenever we talk to Chief Compliance Officers (CCOs), they tell us it’s getting more and more difficult to keep up in a rapidly evolving landscape. While a growing number of CCOs now have a seat at the boardroom table, many still struggle to exert their influence. Add to that high profile compliance lapses and the heavy burden of increasing regulatory requirements, and it’s clear that we need to expand our view of compliance. It’s no longer simply keeping up with regulations and following the letter of the law, but shaping firm-wide conduct—conduct that should be rooted in values and ethics.

We believe that by taking an integrated approach to compliance, organizations not only mitigate risk, but drive better business outcomes.

Compliance by the numbers
To understand this shifting and increasingly complex landscape, we recently teamed up with Compliance Week to examine emerging trends. Our research covered over a dozen industries globally, including companies both large and small. Among our findings:

The CCO is on the rise A full 57% of CCOs said they reported to the CEO or the board, a number which has previously been as low as the mid-40s within the past five years. As well, 59% of firms reported having a standalone CCO, up from 51% last year, and 37% in the previous year. These figures suggest more organizations are recognizing the scale and scope of the role may require a full-time commitment.
Third-party risk remains the number one concern for CCOs They are particularly concerned about the potential for regulatory breakdown through vendors, suppliers or outsourcing. While only a minority consistently perform these duties, the majority reported auditing, performing background checks or training third parties at least sometimes.
CCOs broadly agree on the core compliance responsibilities: training, code of conduct, whistle blower hotlines, and regulatory investigations. They are the traditional focuses, dominating a CCO’s time. However, our survey also shed some light on missed opportunities. Compliance culture assessment is at the very bottom of the CCO to-do list, raising a troubling question: If CCOs aren’t doing this, who is?

The compliance challenge
Despite the growth of CCO positions and their presence on management boards, compliance functions still face a challenge in exerting influence. To succeed in their mission, CCOs need to help shift thinking in their organizations so their function is perceived less as a burden on the business, but a source of insight and value. To achieve their mandate, they must also address:

A tendency to operate in a silo
Overcoming a focus on meeting regulatory requirements rather than developing a compliance culture
Having the ability to advise, but the inability to execute and drive enterprise value

Enter the integrated compliance function
In order to effectively address these challenges, we believe organizations need to take a more holistic approach. In other words, we believe compliance should no longer be perceived as the domain of a single corporate group, but as an enterprise-wide responsibility. Compliance starts with the board and engages executive offices and in turn business operating groups. With an integrated compliance function, all business decisions align to compliance values. This may sound ambitious, but it can be achieved in four stages.

Values – You have to start with values as they are central to developing a compliance culture and integrated compliance function. Values drive how an organization behaves, whether it relates to doing the right thing or transparency.
Design principles – These are a set of foundational design principles the compliance function should adhere to, including accountability and risk effectiveness. Ultimately they must align with your values.
Operating framework – This establishes the capabilities of the compliance function, which should be designed to detect, deter, and remediate risk.
Execution – In the end, it’s all about delivery. Compliance function failures almost always happen during execution. If execution is not possible, it does not matter how well designed your compliance function is, you’ll be left vulnerable if execution fails.

The benefit of the integrated compliance approach is a stronger compliance function that is connected to tangible business results ranging from revenue enhancement, reputation protection, and improved workforce performance. When compliance operates to the best of its abilities, so does your business.

Compliance professionals have a strong business case for the value they can offer their firm, but this value is dependent on compliance functions being empowered to handle the increasing challenges they face. An integrated compliance approach is about outcomes – performance, revenue and of course risk mitigation – but it all starts with developing compliance values firm-wide.

Meet our leaders

Jay F. McMahan

Partner, Risk Advisory

jfmcmahan@deloitte.ca

1-416-874-3270

Jay is a partner in the Regulatory Risk practice, and leads Conduct Risk services. Based in Toronto, Jay helps clients address the challenges of evolving regulatory compliance, corporate governance, ... More

Michael Chau

Partner

michau@deloitte.ca

416-601-6722

Michael has over 12 years’ experience helping financial institutions reach their governance, risk management and compliance goals. He is a partner with Deloitte Canada’s Risk Advisory practice. His wo... More

Viewing offline content

Audit & Assurance

Consulting

Risk Advisory

Financial Advisory

Deloitte Private

Analytics

Tax & Legal

Collaborations

Operate

Consumer

Energy, Resources & Industrials

Financial Services

Government & Public Services

Technology, Media & Telecommunications

Apply now

Experienced Professionals

Students

Life at Deloitte

Alumni