Introduction
2023 is shaping up to be a busy year for compliance professionals worldwide. In the US, new consumer privacy laws are taking effect across five states — California, Virginia, Colorado, Utah, and Connecticut. Australia, too, has passed a bill to increase data breach penalties from AU$2.22 million to AU$50 million, or 30% of a company's adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information – whichever is greater.
Meanwhile, ESG (environmental, social, and governance) pressures are increasing from every direction – including regulators. On January 1, Germany enforced its Supply Chain Due Diligence Act which requires German companies to comply with core human rights and environmental mandates in their supply chains.
Also, this January, the EU’s Corporate Sustainability Reporting Directive (CSRD) entered into force with stronger rules around the social and environmental data that companies will need to report. Approximately 50,000 companies, both large and small, are covered under the new directive.
We’re also seeing an increase in regulatory investigations, enforcements, and fines for non-compliance. The US Securities and Exchange Commission (SEC) filed 760 enforcement actions in 2022, a 9% increase over the previous year. And in Europe, fines for breaches of the General Data Protection Regulation (GDPR) increased sevenfold year-on-year to $1.2 billion.
Clearly, compliance officers have their work cut out for them. They will be expected to efficiently manage a growing range of risks, while empowering the first line to assume greater responsibility for compliance – all this, with limited resources and budgets. Being agile, data-driven, and tech-enabled will be key to compliance success.
In this ebook, we’ll delve further into these topics, exploring how compliance roles are evolving, and what compliance officers would do well to prioritize this year.
The Changing Face of Compliance
Historically, compliance officers have focused on ensuring that their organizations are operating safely and in compliance with industry regulations. But in the wake of a global pandemic and a wide range of complex and multi-dimensional risks – from climate change and cybersecurity to geopolitical issues and digitalization – compliance officers are called on to be and do much more.
Whether they’re overseeing the transition to hybrid work or ensuring that digital innovation is in line with industry regulations, or fortifying business defenses against cyberattacks – compliance officers are playing an increasingly prominent role in the business. Many Chief Compliance Officers (CCOs) sit on boards and report directly to the CEO. What’s more, compliance is no longer perceived as a cost, but an investment that can have a meaningful impact on the business.
A well-functioning compliance department can help companies avoid legal liabilities and regulatory penalties that would otherwise cost hundreds of millions of dollars in fines. Also, by anticipating risks and implementing strong compliance controls, compliance officers can help their businesses improve operational efficiency, lower costs, build trust with investors, and enhance customer experiences.
But to fulfill their potential in a rapidly changing world, compliance officers will need to reimagine their strategies for the future. Instead of reacting to compliance failures or issues, they will be expected to proactively identify risks, provide strategic guidance, and drive sustainable growth.
Here's what a best-in-class compliance officer in 2023 looks like:
5 Compliance Priorities for 2023
While the worst of the pandemic may be behind us, the road ahead is still long and bumpy. To navigate it successfully, focused and well-thought-out compliance strategies will be key. With that in mind, here’s what compliance officers should be mindful of in 2023 and beyond:
1. Prepare for Uncertainty
The pandemic has reinforced the importance of preparing for uncertainty. The World Economic Forum’s Global Risks Report 2023 highlights several ‘new and eerily familiar’ risks over the next two years and the coming decade, including a cost-of-living crisis and geoeconomic confrontation. To stay resilient, compliance officers must take decisive action now, positioning themselves to stay on top of emerging risks and regulations despite uncertainty.
Past crises have shown that compliance becomes more important – not less – during times of crisis when risks are heightened. For example, an economic downturn can trigger a spike in cybercrime, price gouging, fraud, and money laundering. Without a well-staffed compliance team, companies won’t be able to spot and mitigate these risks in time.
To stay future-ready, compliance officers need to take actionable steps to prepare, shore up defenses, and respond with agility. Here’s how compliance officers can help:
- Proactively identify and map compliance risks that could be amplified
- Conduct regular risk assessments because risks can often fluctuate during a crisis
- Adapt policies and procedures as new risks arise
- Monitor third-party financial health, compliance risks, and contingency plans
- Communicate to employees the importance of conducting business compliantly and ethically
- Ensure that disclosures to investors, regulators, and clients continue to be accurate
- Maintain vigilance against phishing, malware, and other social engineering cyberattacks that aim to exploit the workforce
- Improve efficiency and do more with less through compliance automation
2. Eliminate Data Silos
Fragmented data is fast becoming one of the biggest drains on compliance productivity. When teams work within multiple disconnected compliance systems and taxonomies, it becomes harder (if not impossible) to spot compliance issues and produce timely compliance reports.
It’s time to establish a single source of compliance truth – one that enables compliance officers to:
- Capture, store, and map all regulations and related updates in one place
- Create a structured hierarchy of organizational processes and assets linked to compliance risks, ...controls, and testing activities
- Maintain associated policies, procedures, reporting requirements, and filing templates and schedules ..for various regulations
- Integrate with reliable regulatory content sources to capture, store, and monitor regulatory changes
Such a data repository can make it easier for compliance teams to find, track, consolidate, and report data.
In organizations that have multiple departments with different regulatory requirements, a federated approach to compliance can make all the difference. It involves applying common taxonomies and standards for compliance management and reporting across the business, while still supporting the unique compliance assessment methods of each department.
In a federated approach, various functions are able to share compliance information and tools – but use them in different ways. This makes compliance simpler and equips organizations with a more accurate picture of their risks which they can then use to make better-informed strategic decisions.
3. Build a Positive Compliance Culture
With compliance risks increasing, it can be hard for compliance officers to monitor every single risk and control. And they shouldn’t have to. The success of a compliance program doesn’t rest with one team. Only when everyone in the organization acts as a watchdog for compliance, can the business successfully navigate uncertain times with trust and confidence.
Empowering the frontline to own compliance risks is beneficial for two reasons. One, they’re the eyes and ears of the company, and are more likely to spot compliance violations first. We’ve seen it happen with multiple whistle-blowers – from Enron to Theranos.
Sharing compliance responsibilities also frees up compliance officers to focus on more high-value activities that can support business growth.
But empowering the frontline isn’t about micro-managing how they assess, manage, and monitor compliance. This will only undermine their capabilities and make them less likely to act on risk.
A better approach would be to give the front line a sense of agency and autonomy.
- Let them prioritize the compliance risks that they consider important and come up with action plans on their own
- Train them to use their judgment well when making decisions about risks or compliance violations
- Equip them with skills, guidance, and resources to confidently manage compliance risks
- Encourage them to identify red flags and feel protected when doing so
- Provide intuitive, user-friendly tools where employees can report anomalies easily and discreetly
- Act fast on these observations to show employees that you care about their inputs
95% of compliance leaders have built or are building a culture of compliance to share the responsibility across the enterprise Accenture Compliance Risk Study - 2022
Strengthening compliance ownership in the first line bolsters the compliance monitoring capabilities and oversight of the second line. Collaborative and synchronized efforts between both lines can improve risk visibility and forecasting, making the organization nimbler in the face of change.
4. Take Equal Ownership for Operational Resilience
In today’s volatile world, organizations face all sorts of crises. A pandemic triggers a lockdown and a complete shift in working models. An extreme weather event damages business equipment and disrupts supply chains. A cyberattack shuts down critical infrastructure and exposes sensitive information.
We can’t always prevent these situations, but we can adapt, recover, and bounce back quickly. Compliance officers play a key role in building this kind of operational resilience and agility.
One way they can help is by working with the business to size up a crisis, and then implement robust defenses, controls, and policies to respond quickly. Another way is by pre-determining processes, systems, and measures that can be implemented to speed up recovery in the event of a compliance failure or business disruption. Together, these approaches can help organizations minimize compliance damage, protect stakeholders, and get back to business-as-usual swiftly.
Compliance’s role in resilience becomes even more important in the light of the UK’s Operational Resilience Regime and the EU’s Digital Operational Resilience Act (DORA), as well as the US’s Sound Practices to Strengthen Operational Resilience. Companies rely on their compliance officers to better understand and navigate these challenging regulatory landscapes.
Ultimately, resilience building is an enterprise-wide effort that calls for collaboration and information-sharing among various teams – compliance, internal audit, enterprise risk management, and third-party governance. When everyone can work together in a unified manner, coordinating resilience and recovery strategies seamlessly, the organization is more likely to ride out a crisis successfully.
5. Leverage Technology to Strengthen Compliance
Compliance management is essentially a juggling act. Whether you’re tracking regulatory updates, overhauling policies, monitoring risks, or assessing controls – there’s a lot to do. And it can’t be done manually – not with regulations, risks, and business needs constantly changing.
Cost pressures are also increasing. Compliance officers are expected to manage an ever-widening range of responsibilities with fewer resources.
Technology can offer a way past these hurdles. For example, AI/ ML can automate and streamline risk assessments, regulatory tracking, and compliance testing to help reduce compliance costs. Meanwhile, a shared compliance platform can unite all teams in one place to seamlessly collaborate and share information.
Organizations with a robust compliance management solution can also expand the scope of compliance monitoring and auditing, significantly. Instead of testing just a sample of data to determine compliance levels, compliance officers can monitor the full range of documentation and activities to get a complete, real-time view of compliance.
Powerful analytics, dashboards, and reporting tools can provide valuable insights on compliance trends, enabling users to slice and dice the data in different ways.
Together, these cognitive tools and solutions are becoming strong enablers of compliance programs, opening the door to greater efficiency, effectiveness, and agility.
How MetricStream Can Help
MetricStream Compliance Management software simplifies and strengthens your compliance programs, helping you effectively navigate a complex web of regulations and regulatory changes. The cloud-based product streamlines compliance workflows, improves visibility into control effectiveness, and speeds up issue remediation. With it, you can spot risks early, while also improving collaboration and communication across compliance teams.
- Minimize the risk of compliance violations, penalties, and reputational damage with timely insights --on compliance readiness at each organizational level
- Improve compliance efficiency by automating control assessments and testing
- Strengthen business performance and decision-making with a unified, real-time view of --compliance status
- Proactively identify potential compliance risks through consistent and streamlined processes for control ..documentation, assessments, and testing
Conclusion
Being a compliance officer in 2023 is not just about overseeing regulatory obligations, but also helping the business thrive. Well-thought-out compliance programs provide the guardrails for everyone to take smart risks, uncover new opportunities, and move forward with confidence. Now is the time for compliance officers to focus on enabling this growth.
While 2023 will certainly have its share of challenges, proactive and data-driven compliance officers will be better-positioned to help their organizations weather the storms when they rise.
2023 is shaping up to be a busy year for compliance professionals worldwide. In the US, new consumer privacy laws are taking effect across five states — California, Virginia, Colorado, Utah, and Connecticut. Australia, too, has passed a bill to increase data breach penalties from AU$2.22 million to AU$50 million, or 30% of a company's adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information – whichever is greater.
Meanwhile, ESG (environmental, social, and governance) pressures are increasing from every direction – including regulators. On January 1, Germany enforced its Supply Chain Due Diligence Act which requires German companies to comply with core human rights and environmental mandates in their supply chains.
Also, this January, the EU’s Corporate Sustainability Reporting Directive (CSRD) entered into force with stronger rules around the social and environmental data that companies will need to report. Approximately 50,000 companies, both large and small, are covered under the new directive.
We’re also seeing an increase in regulatory investigations, enforcements, and fines for non-compliance. The US Securities and Exchange Commission (SEC) filed 760 enforcement actions in 2022, a 9% increase over the previous year. And in Europe, fines for breaches of the General Data Protection Regulation (GDPR) increased sevenfold year-on-year to $1.2 billion.
Clearly, compliance officers have their work cut out for them. They will be expected to efficiently manage a growing range of risks, while empowering the first line to assume greater responsibility for compliance – all this, with limited resources and budgets. Being agile, data-driven, and tech-enabled will be key to compliance success.
In this ebook, we’ll delve further into these topics, exploring how compliance roles are evolving, and what compliance officers would do well to prioritize this year.
Historically, compliance officers have focused on ensuring that their organizations are operating safely and in compliance with industry regulations. But in the wake of a global pandemic and a wide range of complex and multi-dimensional risks – from climate change and cybersecurity to geopolitical issues and digitalization – compliance officers are called on to be and do much more.
Whether they’re overseeing the transition to hybrid work or ensuring that digital innovation is in line with industry regulations, or fortifying business defenses against cyberattacks – compliance officers are playing an increasingly prominent role in the business. Many Chief Compliance Officers (CCOs) sit on boards and report directly to the CEO. What’s more, compliance is no longer perceived as a cost, but an investment that can have a meaningful impact on the business.
A well-functioning compliance department can help companies avoid legal liabilities and regulatory penalties that would otherwise cost hundreds of millions of dollars in fines. Also, by anticipating risks and implementing strong compliance controls, compliance officers can help their businesses improve operational efficiency, lower costs, build trust with investors, and enhance customer experiences.
But to fulfill their potential in a rapidly changing world, compliance officers will need to reimagine their strategies for the future. Instead of reacting to compliance failures or issues, they will be expected to proactively identify risks, provide strategic guidance, and drive sustainable growth.
Here's what a best-in-class compliance officer in 2023 looks like:
While the worst of the pandemic may be behind us, the road ahead is still long and bumpy. To navigate it successfully, focused and well-thought-out compliance strategies will be key. With that in mind, here’s what compliance officers should be mindful of in 2023 and beyond:
1. Prepare for Uncertainty
The pandemic has reinforced the importance of preparing for uncertainty. The World Economic Forum’s Global Risks Report 2023 highlights several ‘new and eerily familiar’ risks over the next two years and the coming decade, including a cost-of-living crisis and geoeconomic confrontation. To stay resilient, compliance officers must take decisive action now, positioning themselves to stay on top of emerging risks and regulations despite uncertainty.
Past crises have shown that compliance becomes more important – not less – during times of crisis when risks are heightened. For example, an economic downturn can trigger a spike in cybercrime, price gouging, fraud, and money laundering. Without a well-staffed compliance team, companies won’t be able to spot and mitigate these risks in time.
To stay future-ready, compliance officers need to take actionable steps to prepare, shore up defenses, and respond with agility. Here’s how compliance officers can help:
- Proactively identify and map compliance risks that could be amplified
- Conduct regular risk assessments because risks can often fluctuate during a crisis
- Adapt policies and procedures as new risks arise
- Monitor third-party financial health, compliance risks, and contingency plans
- Communicate to employees the importance of conducting business compliantly and ethically
- Ensure that disclosures to investors, regulators, and clients continue to be accurate
- Maintain vigilance against phishing, malware, and other social engineering cyberattacks that aim to exploit the workforce
- Improve efficiency and do more with less through compliance automation
2. Eliminate Data Silos
Fragmented data is fast becoming one of the biggest drains on compliance productivity. When teams work within multiple disconnected compliance systems and taxonomies, it becomes harder (if not impossible) to spot compliance issues and produce timely compliance reports.
It’s time to establish a single source of compliance truth – one that enables compliance officers to:
- Capture, store, and map all regulations and related updates in one place
- Create a structured hierarchy of organizational processes and assets linked to compliance risks, ...controls, and testing activities
- Maintain associated policies, procedures, reporting requirements, and filing templates and schedules ..for various regulations
- Integrate with reliable regulatory content sources to capture, store, and monitor regulatory changes
Such a data repository can make it easier for compliance teams to find, track, consolidate, and report data.
In organizations that have multiple departments with different regulatory requirements, a federated approach to compliance can make all the difference. It involves applying common taxonomies and standards for compliance management and reporting across the business, while still supporting the unique compliance assessment methods of each department.
In a federated approach, various functions are able to share compliance information and tools – but use them in different ways. This makes compliance simpler and equips organizations with a more accurate picture of their risks which they can then use to make better-informed strategic decisions.
3. Build a Positive Compliance Culture
With compliance risks increasing, it can be hard for compliance officers to monitor every single risk and control. And they shouldn’t have to. The success of a compliance program doesn’t rest with one team. Only when everyone in the organization acts as a watchdog for compliance, can the business successfully navigate uncertain times with trust and confidence.
Empowering the frontline to own compliance risks is beneficial for two reasons. One, they’re the eyes and ears of the company, and are more likely to spot compliance violations first. We’ve seen it happen with multiple whistle-blowers – from Enron to Theranos.
Sharing compliance responsibilities also frees up compliance officers to focus on more high-value activities that can support business growth.
But empowering the frontline isn’t about micro-managing how they assess, manage, and monitor compliance. This will only undermine their capabilities and make them less likely to act on risk.
A better approach would be to give the front line a sense of agency and autonomy.
- Let them prioritize the compliance risks that they consider important and come up with action plans on their own
- Train them to use their judgment well when making decisions about risks or compliance violations
- Equip them with skills, guidance, and resources to confidently manage compliance risks
- Encourage them to identify red flags and feel protected when doing so
- Provide intuitive, user-friendly tools where employees can report anomalies easily and discreetly
- Act fast on these observations to show employees that you care about their inputs
95% of compliance leaders have built or are building a culture of compliance to share the responsibility across the enterprise Accenture Compliance Risk Study - 2022
Strengthening compliance ownership in the first line bolsters the compliance monitoring capabilities and oversight of the second line. Collaborative and synchronized efforts between both lines can improve risk visibility and forecasting, making the organization nimbler in the face of change.
4. Take Equal Ownership for Operational Resilience
In today’s volatile world, organizations face all sorts of crises. A pandemic triggers a lockdown and a complete shift in working models. An extreme weather event damages business equipment and disrupts supply chains. A cyberattack shuts down critical infrastructure and exposes sensitive information.
We can’t always prevent these situations, but we can adapt, recover, and bounce back quickly. Compliance officers play a key role in building this kind of operational resilience and agility.
One way they can help is by working with the business to size up a crisis, and then implement robust defenses, controls, and policies to respond quickly. Another way is by pre-determining processes, systems, and measures that can be implemented to speed up recovery in the event of a compliance failure or business disruption. Together, these approaches can help organizations minimize compliance damage, protect stakeholders, and get back to business-as-usual swiftly.
Compliance’s role in resilience becomes even more important in the light of the UK’s Operational Resilience Regime and the EU’s Digital Operational Resilience Act (DORA), as well as the US’s Sound Practices to Strengthen Operational Resilience. Companies rely on their compliance officers to better understand and navigate these challenging regulatory landscapes.
Ultimately, resilience building is an enterprise-wide effort that calls for collaboration and information-sharing among various teams – compliance, internal audit, enterprise risk management, and third-party governance. When everyone can work together in a unified manner, coordinating resilience and recovery strategies seamlessly, the organization is more likely to ride out a crisis successfully.
5. Leverage Technology to Strengthen Compliance
Compliance management is essentially a juggling act. Whether you’re tracking regulatory updates, overhauling policies, monitoring risks, or assessing controls – there’s a lot to do. And it can’t be done manually – not with regulations, risks, and business needs constantly changing.
Cost pressures are also increasing. Compliance officers are expected to manage an ever-widening range of responsibilities with fewer resources.
Technology can offer a way past these hurdles. For example, AI/ ML can automate and streamline risk assessments, regulatory tracking, and compliance testing to help reduce compliance costs. Meanwhile, a shared compliance platform can unite all teams in one place to seamlessly collaborate and share information.
Organizations with a robust compliance management solution can also expand the scope of compliance monitoring and auditing, significantly. Instead of testing just a sample of data to determine compliance levels, compliance officers can monitor the full range of documentation and activities to get a complete, real-time view of compliance.
Powerful analytics, dashboards, and reporting tools can provide valuable insights on compliance trends, enabling users to slice and dice the data in different ways.
Together, these cognitive tools and solutions are becoming strong enablers of compliance programs, opening the door to greater efficiency, effectiveness, and agility.
MetricStream Compliance Management software simplifies and strengthens your compliance programs, helping you effectively navigate a complex web of regulations and regulatory changes. The cloud-based product streamlines compliance workflows, improves visibility into control effectiveness, and speeds up issue remediation. With it, you can spot risks early, while also improving collaboration and communication across compliance teams.
- Minimize the risk of compliance violations, penalties, and reputational damage with timely insights --on compliance readiness at each organizational level
- Improve compliance efficiency by automating control assessments and testing
- Strengthen business performance and decision-making with a unified, real-time view of --compliance status
- Proactively identify potential compliance risks through consistent and streamlined processes for control ..documentation, assessments, and testing
Being a compliance officer in 2023 is not just about overseeing regulatory obligations, but also helping the business thrive. Well-thought-out compliance programs provide the guardrails for everyone to take smart risks, uncover new opportunities, and move forward with confidence. Now is the time for compliance officers to focus on enabling this growth.
While 2023 will certainly have its share of challenges, proactive and data-driven compliance officers will be better-positioned to help their organizations weather the storms when they rise.
