digital world


Retail ethics and compliance program survey report

Ethics and compliance may promote stability and differentiation in a time of change

The Retail Industry Leaders Association (RILA) and Deloitte conducted a survey to get a closer look at how retail organizations are managing ethics and compliance risk. One key finding? Retail organizations have a great opportunity to improve and modernize their ethics and compliance functions.

About the survey

In early 2018, RILA members were surveyed about their companies’ retail ethics and compliance programs. The survey explored the different ways retail compliance programs have developed and matured in recent years as they confront forces that are reshaping the industry and address increasingly varied risks.

We asked retailers how their compliance programs are designed, implemented, managed, and governed. We were especially interested to learn where they have leveraged people, process, technology, and analytics to modernize their approach for addressing retail compliance challenges.

Survey participants provided insight into performance measures, tools, technologies, and other potential productivity levers that can help them manage known and emerging risks. From the responses, we learned that in an evolving marketplace, compliance modernization is no longer optional.

Retail compliance maturity

Not surprisingly, all survey respondents indicated that their companies have risk and compliance programs, but they’re at varying states of maturity. A majority of respondents identify their program as being “foundational”—the program meets core requirements and expectations; and its basic operating model identifies roles and responsibilities and includes methodologies to assess, prioritize, and mitigate compliance risks. Just shy of one-third have a program that’s “modernized,” or mature enough to:

  • Operate in synergy with business units
  • Make use of advanced analytics
  • Articulate their value through a measurable return on investment

In short, retail compliance programs have considerable room to grow. And grow they must, if they’re to cope with a fragmented legal and regulatory environment and the associated regulatory risks.

shopping bags

Leadership and structure for retail compliance programs

Depending on size and structure, retail companies have different ways of monitoring compliance.

  • Stand-alone chief compliance officer (CCO). Less than a quarter of respondents say their company has one person responsible for retail ethics and compliance.
  • Compliance duties added to existing role. The job of compliance is often added to the existing responsibilities of another company senior executive.
  • Compliance as a business unit partner. Nearly half of respondents report that their company’s compliance program is viewed as a partner to business units company-wide. It’s possible that these companies may simply have figured out a way to execute compliance activities as “built-in” practices.
  • Web-based training for ethics and compliance. Almost all respondents report that their companies use web-based training. Typically, training is heavily focused on cybersecurity, privacy, labor, employment, and an overall culture of integrity.
How much is the compliance function viewed as a partner to the business units?

Back to top

Program measurement and accountability—room for growth

Almost 60 percent of respondents indicate that their organizations make some attempt to measure compliance program effectiveness. And most respondents say their company’s board consistently holds senior leadership accountable for tone at the top. Yet when asked whether compliance-related metrics are included in senior management’s performance evaluation, 82 percent said no.

Those findings raise a question about how companies can be holding their senior executives accountable without compliance-related metrics in their performance evaluations.

When it comes to setting the bar for ethics and compliance, every company in the survey has a code of conduct. A majority of respondents indicate that their company always or sometimes provides third parties with the company’s code of conduct or requests a copy of the third party’s own code of conduct.

This is a cornerstone of managing third-party relationships. But is it enough?

Methods used to identify and manage compliance risks related to third-party relationships

Back to top

Program improvement: Technology and outsourcing play key roles

Technology has become increasingly instrumental in the effectiveness of compliance programs. Various technology solutions exist, including regular data feeds, which can help retailers stay abreast of the laws and regulations that apply to them.

Incorporating even more technology can be an area of opportunity for retail compliance programs. Many retailers are adopting innovative predictive analytical tools and robotics process automation or other advanced technology tools for select compliance program components, such as:

  • Case/incident management
  • Compliance monitoring, testing, and reporting
  • Employee surveys
  • Tracking legislation and regulations
  • Third-party risk management

Outsourcing is another way for retailers to accelerate the development or improve the efficiency of their compliance programs. The survey revealed three areas that retailers commonly outsource:

  • Compliance training
  • Regulatory change management monitoring
  • Outsourced or co-sourced employee and ethics helpline

retail online shopping

Looking to the future

Retail companies are at widely varying points in their compliance journey, spanning the spectrum in terms of compliance program maturity.

Today’s increasingly global and digitally-driven retail environment demands that compliance programs are more than a check-the-box function and a cost of doing business—they’re a strategic imperative.

We hope these collected insights will give you a sense of how your retail organization’s ethics and compliance program compares to your peers and spark fresh ideas for taking your program to the next level.

Download the report to learn more about how retail organizations are managing ethics and compliance risk.

mobile checkout

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?