Compliance modernization is no longer optional Bookmark has been added
Compliance modernization is no longer optional
How evolved is your approach?
More than just a cost of doing business. To chief compliance officers, it’s a refrain they’ve heard for years: A challenge, an ambition, and perhaps a sliver of veiled insult. Few dispute that the resources an organization devotes to keeping out of trouble have the potential to contribute far more than they traditionally have.
February 28, 2017 | Cross Industry
But what does such an evolution look like when it leaps off the drawing board and takes hold in real life? To find the answer, organizations need more than just a fresh view of the compliance function. Compliance modernization is a broad mandate that spans the way the function is governed; the tools, technology, and analytics it uses; the number and nature of its connections to other parts of the business; the expectations assigned to it; and more.
Executing on day-to-day compliance activities is a struggle because reactive issues eat up time that might otherwise be used toward forward-looking risk mitigation. The evolution of business adds new pressures for chief compliance officers (CCOs) and their teams. At the same time, new capabilities emerge that can help these teams do more. For some organizations, across-the-board change is in order. Others may have evolved their programs already but stand to benefit from a corresponding update to discrete capabilities.
For certain, the status quo is not an option. The demands on businesses and compliance programs are ever more heightened, complex, rapid, and costly. For instance, consider the following:
- Regulators expect more, and in many industries, they have more powerful analytical tools and practices to measure and identify compliance-related risks as well as bad behaviors and practices.
- In parallel, managers and boards push from within the organization for cost reductions, elimination of redundancies, and creation of valuable insights—and for people to accomplish more with less.
- Silos are out of vogue, including the silos that may have kept the three lines of defense operating without regard to what each was mandated with doing. Managing compliance risk is more effective when execution and oversight activities can be integrated among all three lines.
- Cultural pressures raise the bar for compliance as well, as organizations respond to pressures from both regulators and customers who demand a higher standard of daily performance. Complex organizations require a shared sense of ethics to complement hard and fast rules.
- Competition pushes organizations to seek every source of advantage. Compliance can be one if it evolves to become capable of supporting or enabling value creation and seeing around the corner to anticipate compliance threats.
- The demands compliance and other risk management functions place on the business continue to increase, and these demands cause “risk fatigue” due to the inefficient implementation of compliance requirements and responsibilities.
- Technology can be a double-edged sword. Digital and mobile tools help realize an organization’s strategic objectives by facilitating collaboration among employees and communication with customers, but these same real-time technologies also present compliance risk, because they can be difficult to control and people feel overwhelmed with data.
For more information on how you can modernize your compliance program, read our full report, Compliance Modernization is no longer optional: How evolved is your approach?
This article contains general information only and Deloitte is not, by means of this article, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This article is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
Deloitte shall not be responsible for any loss sustained by any person who relies on this article.
Cross-Industry Compliance Leadership Summit eyes the intersection of two disciplines
Predictive technology can help employers find the roots of both personal and corporate non-compliance