Posted by Tom Rollauer, Executive Director, Center for Regulatory Strategies, Deloitte & Touche LLP
Deloitte and Compliance Week magazine recently released a joint survey report on key compliance trends in 2014. The annual survey, which is in its fourth year, included 209 responses representing a wide range of industries from America and around the world. Questions focused on three major issues:
- Do compliance executives have the appropriate authority and resources to do their jobs?
- Are compliance executives addressing the right risks?
- Do compliance executives use the right metrics to measure progress?
This year’s survey found some level of improvement in all three areas; however, the results were a mixed bag and overall there is still a burning need for organizations to improve how they handle their compliance activities — particularly in light of today’s increasingly demanding compliance environment and the complex new requirements associated with laws such as the Dodd-Frank Act and Affordable Care Act.
Here are a few key survey findings from each of the three areas:
Authority and resources
These survey results suggest that many organizations may be under-investing in compliance, both in terms of funding and staffing. The results also suggest that the compliance function continues to be under-represented in the C-suite, and in many cases does not have a direct hand in shaping business strategy or tackling strategic business issues.
Addressing the right risks
When respondents were asked to identify their compliance functions’ main responsibilities, the top four areas were: compliance training (87%), code of conduct (84%), complaints and whistleblower hotlines (81%), and compliance with domestic regulations (80%). These are all pretty standard, and the results closely align with previous years.
One rapidly emerging risk area is third-party compliance. In this year’s survey, 85 percent of organizations say they are starting to look at the compliance risks associated with their supply partners and other third-party relationships; however, only 5 percent have specific plans to reduce third-party risk. This is one area where the compliance function will likely play a much more active role in the future.
Metrics to measure progress
The main types of compliance reporting are (1) compliance violations, (2) results of regulatory compliance auditing or examinations, (3) compliance issue resolution tracking status, and (4) structure and compliance of the compliance program. Most of these standard compliance metrics are backward-looking; however, the survey results suggest an emerging emphasis on forward-looking metrics such as hotline call analysis, which can help identify issues before they become problems. External benchmarking is another emerging metric area that organizations may be able to benefit from.
In today’s increasingly complex and demanding compliance environment, a strong and capable compliance function is more important than ever. This year’s survey results show that while organizations are moving in the right direction, they still have significant room to improve.
To view the full survey report, please click here.