You might expect that regulatory change would be a major focus for ethics and compliance officers, especially considering the Trump administration’s examination of government regulations. You’d be right, to a degree.
In a recent survey of 55 ethics and compliance officers in attendance at a Consero Group compliance and ethics forum, the issue of changes in regulatory matters came in fourth on a list of six focus areas, following data privacy and cyber security matters, employee compliance training, and third-party oversight and management, and leading bribery and corruption and internal investigations (Consero, 2017).
Only a quarter of the respondents (24%) reported that administration policies have had a high or medium impact on their compliance strategy; over half (54%) reported no impact at all. Almost all (97%) believe that there will be no changes to their compliance budgets because of administration actions.
Data privacy compliance is a much bigger focus, with 80% of the respondents reporting they have a data privacy compliance program in place and the remainder reporting they are developing one. Most (79%) who have a program in place consider it to be effective or somewhat effective. Thirty-five percent reported themselves to be very involved in matters related to cybersecurity and data privacy, while 15% said they were not involved at all.
Employee compliance training is also a major focus. Almost all (98%) of the ethics and compliance officers in the survey reported they are confident their compliance training programs have prevented misconduct. As a result, it would be reasonable to conclude that compliance training will continue to be offered and supported—it’s effective.
Risk assessment is another major focus. The survey respondents reported that most of their companies (65%) conduct enterprise risk assessments annually, and another 12% conduct them semiannually or quarterly. Only 4% have never conducted an enterprise-wide risk assessment.
Perhaps because the majority of respondents reported that their firms provide ongoing ethics and compliance training, engage in compliance risk management, and pay attention to emerging issues like cybersecurity, data privacy, and foreign regulation, 88% of them consider their overall compliance program to be effective or very effective in mitigating ethics and compliance risks. The most-used tools to assess effectiveness are internal auditing and monitoring, training completion rates, hotlines, and third-party assessment tools, and very likely a combination of several.
Consero advises chief compliance and ethics officers to keep senior leaders educated on regulatory changes while continuing to strengthen risk management and training efforts. That sounds like good advice.
Ethical Advocate provides comprehensive ethics and compliance solutions, including ethics and compliance training and confidential and anonymous hotlines. Please contact us for additional information.
Consero Group. Corporate Compliance & Ethics Report: Facts & Analysis, August 2017. Request a copy at https://consero.com/august-2017-corporate-compliance-ethics-report/