Enforcements Will Come in All Directions

The Instagram of Risk Blog Series

At the recent European Compliance Week event, as well as interviewing compliance professionals, I was fortunate enough to moderate a panel session. Below are the highlights of my discussions.

What did we learn in the last 2 years?

On the backend of such a devasting pandemic, one that arrived so quickly and unfortunately continues to mutate, compliance professionals catapulted into the limelight by proactively updating compliance programs. For it to work, there needed to be clear communication, outstanding cross-function cooperation, and a strong element of business resilience.

Successful compliance departments create an environment where the right channels are fostered and compliance policies which include the encompassing code of conduct document are regularly updated.

Organizations have found it challenging to track third-party vendors, who although can be strategic partners and play a pivotal role in an organization’s supply chain, still need to be managed delicately. Compliance assessments, control testing, policy, and process updates have all been challenging at a time when remote working is a permanent fixture for millions of us.

Compliance teams have shown agility. They are pushing for C-suite representation and asking for support to cope with the stress and additional work burden.

It all starts with culture

CEOs have to steer the ship and address the pressures of results and the overall performance, but what is equally important is promoting the right culture. Although it might start from the top, all employees need to take responsibility. Compliance and the value associated with it should not be sidelined. It needs strong representation and respective departments should stay close to their compliance teams.

The compliance lens needs to marry up with the commercial lens. Once you show commercial benefits, you have senior management buy-in. Again, a point that is strongly correlated with fostering the right culture and promoting the right conversations.

Compliance officers need to recognize the organization’s business needs and challenges. They should take an interest in their colleagues’ priorities and build relationships (even if it needs to be done remotely).

Data is of particular concern. Today, companies gather, create, and store an eyewatering amount of it. Most probably, this data will be saved for a rainy day. However, without the right technology, data can do more harm than good. Technology has the prowess to identify, manage, and evaluate the data so strategic decisions can be executed.

If I am out of compliance, I will comply – Let’s talk about the technology

The importance of technology has taken center stage. We are in a phase where agility and adoptability are strong contenders to disrupt the old ways of thinking. Implementing the right technology does not take as long as you think. Organizations are realizing the rationale of a solution that works for them, albeit to replace their existing technology or supersede their in-house functionality. Compliance teams need structure, they need to understand the ever-changing regulatory environment, demonstrate how policy management will influence their markets, and provide solutions for observations and whistle blowing.

Companies that adopt, implement, and embrace the right technology will significantly notice improvements across the spectrum and align their business objectives with their compliance needs.

Examples of where technology has helped these teams include:

• Moving training online
• Facilitating compliance data gathering and digitalization
• Facilitating roll-out of codes and policies
• Managing remote hotlines investigation, including the use of forensic tools

With an increase in business risk, social unrest, and climate change, compliance is not an easy task, and without fully digitized platforms and processes, organizations may be left behind.

What’s going to keep us busy

As we step into a new year, there are several points for consideration:

• Companies with more than 250 employees in the European Union will need to comply with the EU Whistleblower Protection Directive this month. They will have to implement their own internal policy. Organizations must provide safe and accessible reporting channels and protect the confidentiality of whistleblowers and those named.
• New regulation will continue to be introduced and enforcement will come from all directions.
• The volume of transitions that we do in a digital transaction today is not the same as pre-COVID. The numbers will continue to increase, and you have to allocate resources in the right places.
• The role of ESG has exploded and the link between compliance and ESG will further unfold.
• Ransomware, will unfortunately, continue to dominate the headlines.

To build effective compliance programs, organizations need robust, automated compliance tools that make it easier to identify and manage regulatory changes, assess and test controls, and improve visibility into compliance across the enterprise. With the right technology, processes, and teams, organizations can transform compliance into a strong competitive advantage, strengthening trust and credibility with stakeholders, customers, and regulators.

“Life is either a daring adventure or nothing at all.” Compliance officers, you are doing a great job.

This blog is part of the Instagram of Risk Blog Series, authored by Suneel Sahi, VP, Product Marketing at MetricStream, which captures discussions and insights trending in the risk community.

Check out Suneel’s other ‘Instagram of Risk ’blogs on the key takeaways from the Charted Institute of Internal Auditors event in London and the Oct 21 MetricStream GRC Summit held in London, Copenhagen, and Zurich.