Compliance and ethics are two of today’s highest risk concerns, and are at the forefront of many an organization’s business plans. Read this report to learn about MetricStream’s trends and predictions for compliance, ethics, and culture in 2018.Download an Insight
THE CUSTOMER = THE NEW REGULATOR
Gunjan: With the increasing adoption of social media, the voice of the customer will grow louder than ever. Consumers will expect companies to follow standards higher than those dictated by regulators. We saw it happen at United Airlines when a video of a passenger being mistreated on a flight went viral, resulting in the #BoycottUnited campaign. We saw it happen when thousands of customers deleted the Uber app because they disagreed with the company’s practices. That’s the power of the collective voice of the customer. And companies will have to pay attention. They will have to consider the risks associated with what their customers feel, think, and believe, right at the center of their GRC programs. The more they put the customer first, the more value they will gain, and the better prepared they will be to meet the highest customer standards.
CULTURE IS CRITICAL
Shellye: Culture has come to the fore in the wake of multiple sexual harassment allegations, fraud, and accounting scandals at top corporate companies. It is no longer enough to have a few policies on paper. Companies have to walk the talk. They have to listen more, and talk less. Perhaps things at Wells Fargo
might have been different if executives had listened to their employees, and understood the pressures they were under to meet sales targets. The point is
that it’s important to build a work environment based on openness, as well as integrity, risk awareness, and accountability. Culture needs to be treated with the same importance as a company’s core products or services.
Brenda: Regulatory compliance and financial crime compliance groups are beginning to see budget reductions, even while expectations remain that their jobs will be done well – managing the inventory of requirements, dealing with changes in these requirements at a citation level, assessing risks, handling policies and procedures, performing compliance control assurance, managing regulatory engagements, and centralizing issue and action management. For many groups, the solution to the compliance efficiency challenge has been workflow automation. However, teams are also realizing that they need a data model to drive data aggregation, group-wide compliance analytics, and collaboration. The benefits of better data models and better automation include improved reporting, compliance control rationalization, and greater accountability.
LOCAL REGULATIONS,GLOBAL IMPACT
Brenda: Brexit may see the UK leaving the EU, but issues of extraterritorial jurisdiction remain. Similarly, GDPR may be an EU regulation, but its impact is global since it applies to all data processors and controllers across countries that process the data of EU citizens. The US Congress is already considering “GDPR-like” data privacy legislation that will apply to the data of all US citizens globally. The bottom-line is that regulatory and legislative requirements, including their reach and penalties, are crossing geographical boundaries. A while ago, Taiwan’s Mega Bank was fined by New York’s financial regulator for anti-money laundering violations. This trend is likely to continue, and risk professionals will need to take note.
INTEGRITY: THE NEW COMPETITIVE DIFFERENTIATOR
John: The speed at which customer loyalties can change is forcing businesses to become more introspective, and look at their internal processes and governance practices. Consumers are choosing to buy from brands that demonstrate ethical behavior. Therefore, businesses must take it upon themselves to define and implement standards of ethics and integrity, and ensure that these standards are complied with throughout the enterprise. We will soon see a hugely disruptive internet-based company come unstuck because of consumer sentiment. For a long time, the company may have been able to act outside the boundary of regulations, banking on the massive support of customers who relied on the company for its convenient services. However, as more instances of unethical behavior at the company come to light – be it unvetted employees or hidden data breaches – that customer support is rapidly dwindling.