Quick Links
Advertise with Sarbanes Oxley Compliance Journal
News


< Back

Sarbanes Oxley :   :  

Investment in Compliance Professionals Rising Too Slowly



Compliance risks from third parties a major concern while mitigation efforts fall short

Nicole Sandford
National Practice Leader, Governance and Enterprise Compliance
Deloitte

A new survey of compliance professionals released recently by Deloitte and Compliance Week indicates that although investment in compliance budgets and staffing has increased slightly in the past year, it has failed to keep pace with the growing compliance risks posed by third parties and industry regulation. A majority of respondents also believe they are not viewed as business partners throughout the whole enterprise and their authority is undermined as a result.

The report, “In Focus: Compliance Trends Survey 2014,” generated from a survey of more than 200 compliance executives across corporate America and overseas, focuses on the authority and resources of compliance executives, and reveals some positive trends as well as several areas in need of improvement. Positive progress is being made with regard to more companies establishing a stand-alone chief compliance officer position. One-half (50 percent) of respondents report having a stand-alone chief compliance officer, up from 39 percent in 2013. Additionally, by a 3-to-1 margin, respondents also report increases in compliance budgets from the previous year.

However, 40 percent of respondents say their compliance budgets are $1 million or less (including salaries), while 45 percent have staff of five or fewer employees. These findings are especially challenging in an environment of increasing regulatory scrutiny and growing fears of compliance risks from joint ventures and third-party suppliers, agents, distributors, and other vendors. Equally if not more concerning is the relative influence of compliance officers across the entire enterprise. Nearly half of those who say they hold the top compliance job at their company do not have a seat on the executive management team and just 58 percent say they are perceived as business partners across the enterprise only “in certain aspects.”

“Compliance is becoming more complex and reputational risks due to inadequate oversight carry greater consequences than ever before,” said Thomas Rollauer, executive director, Center for Regulatory Strategies, Deloitte & Touche LLP. “In many companies, the chief compliance officer still lacks the authority and influence to secure the necessary resources, budget and staffing, to effectively address today’s compliance challenges. A cultural shift is needed at the top, from leadership in the C-suite, to stop viewing compliance merely as a pure cost that does not drive top-line growth, and instead, as an investment in critical infrastructure that protects the value of the entire enterprise.”

A passive approach to ensuring compliance of third parties

One of the more problematic findings of the survey is the impact limited compliance staffing levels and budgets has on compliance officers’ approach to third-party oversight. Too few compliance staff and too little money make it difficult for compliance professionals to provide the necessary oversight of third-party relationships across the enterprise. As a result, many compliance measures are passive, such as ensuring third parties have a copy of a company’s code of conduct or requiring anti-corruption language in contracts rather than more vigorous measures like conducting thorough background checks or audits of third-party compliance.

Less than one-quarter (17 percent) of respondents say they “rarely or never” conduct background checks on third parties; 48 percent “sometimes do.” Moreover, 42 percent say they “rarely or never” provide third parties with compliance training while 43 percent say they “sometimes” audit third-party compliance.

Despite the inconsistent and often limited oversight of third parties, there is no indication that companies are bringing more of the functions and services third parties provide back in-house. Only 5 percent of respondents believe that “re-assessing” third-party relationships will lead to bringing more of those activities back into the corporation. Rather, a majority of respondents said they would step-up monitoring and due diligence of third parties.

“There is little doubt that most companies are exposed to compliance risks as a result of their third party relationships,” said Nicole Sandford, national practice leader, governance and enterprise compliance, Deloitte & Touche LLP. “Brand value built over years can disappear in an instant. To guard against this, companies may need to invest in more robust measures to protect their reputation and take an active approach to assessing all their third-party relationships. More money, more staff -- and most importantly -- recognition of the importance of third-party compliance by leadership are needed to effectively mitigate these risks.”

The survey also revealed four core responsibilities of compliance professionals across companies of all sizes. The widespread agreement among respondents, with over 80 percent citing each of these responsibilities, suggests an emerging consensus in the profession about what compliance departments should oversee on a daily basis. Core responsibilities include:

  • Compliance with regulation
  • Compliance training
  • Code of conduct
  • Complaints and whistleblower hotlines

Other “regulation-specific” responsibilities, such as ensuring compliance with the Foreign Corrupt Practices Act and anti-money laundering rules, were cited by fewer respondents compared with 2013, down four points from 62 percent and two points from 40 percent, respectively. The study concludes that such a segmented view of compliance by compliance professionals is likely a pragmatic response to lean budgets and small staff, though it poses considerable risks. If a compliance error is made in an area not directly monitored by the compliance staff, they will likely still be held accountable by their boards, company executives, and regulators. To mitigate this risk, compliance officers must find a way to have an active oversight presence in areas of compliance risk not directly under their control.

About In Focus: Compliance Trends Survey 2014

The “In Focus: Compliance Trends Survey 2014” report is a joint report between Deloitte and Compliance Week and offers a sense of the scope and complexity of the modern corporate compliance function. The survey was drafted by senior Compliance Week editors and Deloitte professionals and administered to an audience of senior-level corporate compliance, audit, risk, and ethics officers at primarily U.S. companies earlier this year.

More than 200 senior-level executives, working in ethics, compliance, audit, risk management, or corporate governance, participated in the survey. The survey also went to a wide range of industries. Of the qualified responses, the single largest industry groups represented was financial services at 25 percent. Next was life sciences & health care at 19 percent, consumer products at 13 percent, energy at 11 percent, and a dozen other sectors in total. This was a self-reported survey from Compliance Week’s audience of ethics & compliance professionals, and Deloitte and Compliance Week did not attempt to verify or audit the data reported by survey-takers.

About Compliance Week

Compliance Week, published by Haymarket Media Inc., is an information service on corporate governance, risk, and compliance that features a weekly electronic newsletter, a monthly print magazine, proprietary databases, industry-leading events, and a variety of interactive features and forums. It reaches more than 26,000 financial, legal, audit, risk, and compliance executives, and is based in Boston, Mass.

About the Deloitte Center for Regulatory Strategies

The Deloitte Center for Regulatory Strategies provides valuable insight to help organizations in the financial services, health care, life sciences, and energy industries keep abreast of emerging regulatory and compliance requirements, regulatory implementation leading practices, and other regulatory trends. Home to a team of experienced executives, former regulators, and Deloitte professionals with extensive experience solving complex regulatory issues, the Center exists to bring relevant information and specialized perspectives to our clients through a range of media including thought leadership, research, forums, webcasts, and events. www.deloitte.com/us/centerregulatorystrategies

About Deloitte’s Enterprise Compliance Services (ECS) practice

The ECS professionals within Deloitte & Touche LLP work closely with chief compliance and ethics officers to assess, design, and implement effective and efficient enterprise-wide compliance programs. Cutting across multiple business units, these programs are built from the top down and help organizations use their people, processes, and information technology to address the rapidly changing compliance landscape. The managed regulatory compliance practice within ECS executes critical regulatory compliance activities on behalf of our clients, extending the company’s resources and offering a cost effective alternative to traditional, in-house compliance models.

www.deloitte.com/us/ecs








About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY