Retail ethics and compliance program survey report has been saved
Retail ethics and compliance program survey report
Ethics and compliance may promote stability and differentiation in a time of change
The Retail Industry Leaders Association (RILA) and Deloitte conducted a survey to get a closer look at how retail organizations are managing ethics and compliance risk. One key finding? Retail organizations have a great opportunity to improve and modernize their ethics and compliance functions.
- About the survey
- Retail compliance maturity
- Leadership and structure
- Program measurement
- Technology and outsourcing
About the survey
In early 2018, RILA members were surveyed about their companies’ retail ethics and compliance programs. The survey explored the different ways retail compliance programs have developed and matured in recent years as they confront forces that are reshaping the industry and address increasingly varied risks.
We asked retailers how their compliance programs are designed, implemented, managed, and governed. We were especially interested to learn where they have leveraged people, process, technology, and analytics to modernize their approach for addressing retail compliance challenges.
Survey participants provided insight into performance measures, tools, technologies, and other potential productivity levers that can help them manage known and emerging risks. From the responses, we learned that in an evolving marketplace, compliance modernization is no longer optional.
Retail compliance maturity
Not surprisingly, all survey respondents indicated that their companies have risk and compliance programs, but they’re at varying states of maturity. A majority of respondents identify their program as being “foundational”—the program meets core requirements and expectations; and its basic operating model identifies roles and responsibilities and includes methodologies to assess, prioritize, and mitigate compliance risks. Just shy of one-third have a program that’s “modernized,” or mature enough to:
- Operate in synergy with business units
- Make use of advanced analytics
- Articulate their value through a measurable return on investment
In short, retail compliance programs have considerable room to grow. And grow they must, if they’re to cope with a fragmented legal and regulatory environment and the associated regulatory risks.
Leadership and structure for retail compliance programs
Depending on size and structure, retail companies have different ways of monitoring compliance.
- Stand-alone chief compliance officer (CCO). Less than a quarter of respondents say their company has one person responsible for retail ethics and compliance.
- Compliance duties added to existing role. The job of compliance is often added to the existing responsibilities of another company senior executive.
- Compliance as a business unit partner. Nearly half of respondents report that their company’s compliance program is viewed as a partner to business units company-wide. It’s possible that these companies may simply have figured out a way to execute compliance activities as “built-in” practices.
- Web-based training for ethics and compliance. Almost all respondents report that their companies use web-based training. Typically, training is heavily focused on cybersecurity, privacy, labor, employment, and an overall culture of integrity.
How much is the compliance function viewed as a partner to the business units?
Program measurement and accountability—room for growth
Almost 60 percent of respondents indicate that their organizations make some attempt to measure compliance program effectiveness. And most respondents say their company’s board consistently holds senior leadership accountable for tone at the top. Yet when asked whether compliance-related metrics are included in senior management’s performance evaluation, 82 percent said no.
Those findings raise a question about how companies can be holding their senior executives accountable without compliance-related metrics in their performance evaluations.
When it comes to setting the bar for ethics and compliance, every company in the survey has a code of conduct. A majority of respondents indicate that their company always or sometimes provides third parties with the company’s code of conduct or requests a copy of the third party’s own code of conduct.
Program improvement: Technology and outsourcing play key roles
Technology has become increasingly instrumental in the effectiveness of compliance programs. Various technology solutions exist, including regular data feeds, which can help retailers stay abreast of the laws and regulations that apply to them.
Incorporating even more technology can be an area of opportunity for retail compliance programs. Many retailers are adopting innovative predictive analytical tools and robotics process automation or other advanced technology tools for select compliance program components, such as:
- Case/incident management
- Compliance monitoring, testing, and reporting
- Employee surveys
- Tracking legislation and regulations
- Third-party risk management
Outsourcing is another way for retailers to accelerate the development or improve the efficiency of their compliance programs. The survey revealed three areas that retailers commonly outsource:
- Compliance training
- Regulatory change management monitoring
- Outsourced or co-sourced employee and ethics helpline
Looking to the future
Retail companies are at widely varying points in their compliance journey, spanning the spectrum in terms of compliance program maturity.
Today’s increasingly global and digitally-driven retail environment demands that compliance programs are more than a check-the-box function and a cost of doing business—they’re a strategic imperative.
We hope these collected insights will give you a sense of how your retail organization’s ethics and compliance program compares to your peers and spark fresh ideas for taking your program to the next level.
Download the report to learn more about how retail organizations are managing ethics and compliance risk.
Making a good program great
Understand the modernization of C&IP compliance