Rapid changes in the global marketplace mean that organisations across all sectors – financial, healthcare, utilities, automotive, manufacturing, transport - face increasing complexity in the regulatory environment.
Changing regulatory landscape
New compliance rules and regulations are evolving quickly and with disparity across regions. Organisations are having a difficult time keeping up with the changes as they must increasingly consider new areas of regulatory requirement such as sustainability transparency reporting as well as mature but updating compliance requirements such as health and safety. These challenges include the ability to manage compliance against an exhaustive set of legal regulatory obligations, the ability to distribute updated policies, and the necessity of managing actions that ensure people are on task to complete regulatory procedures across their business units and departments.
A recent BDO survey of corporate directors at public company boards found that 69% identified regulation/compliance overload as the single greatest risk to the business. This number eclipsed the percentage of directors who felt that fraud and corruption, or cyber and privacy breaches represented their greatest risk-management challenges
It’s not just regulators and the board members concerned about compliance, though.
In light of the global financial crisis and climate change and a number of high-profile failures, investors and the general public have joined legislators in taking an increasingly active interest in corporate transparency and regulatory compliance performance. It’s fuelled all the more by the immediacy of information due to social media breaking down the corporate walls.
Preparing for major change
This year sees a significant change in the mandatory reporting requirements of potentially 12,000+ companies within the member states of the European Union. Alongside their annual financial report, they will now be required to provide transparency on how they manage and mitigate risk within so-called ‘non-financial’ matters like environmental, social, anti-bribery & corruption and diversity. Previously, the inclusion of this information was voluntary and while the majority of companies acquiesced, it was not as prescriptively monitored as it will be in the light of the new legislation. But the key emphases are on comprehensive data collection and careful reporting requirements of the sweeping changes it entails – a challenge faced by CEOs and compliance officers in many industries that face new environmental regulations, increased industrial safety demands and other compliance issues.
Investing in strong compliance
Most organisations seek to be in good-faith compliance with their respective regulatory requirements.
However in order to do so, corporate leaders and decision-makers must first have the information and necessary resources, especially when enacting new policies and programmes.
Adding to the challenge is the need to recruit and retain the right personnel, increasingly in an environment where compliance professionals come at a premium. A 2013 Financial Times report found that for compliance officers in the U.K., remuneration had gone up 11 percent in the past year, and that’s likely to rise as the demand increases. In the United States, the Society of Corporate Compliance and Ethics reports that the highest-paid compliance officers are working in biotechnical and pharmaceutical firms, followed by manufacturing and the energy sector, according to a 2012 survey.
Protecting financial stability
Strategists in all sectors are making the investment in strong compliance because they recognise that compliance failure results in unwanted circumstances: litigation and financial penalties, lower market value, regulatory constraints, and a damaged reputation that may directly and strategically affect the organisation and its financial health, among them.
A stark contrast in the impacts of regulatory compliance, over against failure, is available in the 2011 “The True Cost of Compliance” report, a benchmark study of multinational organisations completed by the Ponemon Institute.
“We learned that while the average cost of compliance for the organisations in our study is £2.1 million, the cost of non-compliance is much greater. The average cost for organisations that experience non-compliance related problems is nearly £5.6 million,” the report said. The authors note that investing in compliance can help avoid non-compliance problems such as business disruption, reduced productivity, fees, penalties and other legal and non-legal settlement costs.
Unfortunately, new compliance rules are evolving so quickly that organisations are having a difficult time keeping up with the changes, leading to some of these negative consequences.
Enterprise compliance programmes
Clearly, organisations that actively facilitate their programmes will have a better standing with regulatory agencies. This means that organisations that discover compliance issues should take steps to rectify the problems on their own, in addition to notifying regulators after the situation is resolved. The main problem here is that organisations need to have programmes that promote compliance before they can even identify or fix these issues.
Many organisations seek out programmes that help them design enterprise-wide compliance risk management frameworks and develop written compliance programmes. These documents have to be consistent with management objectives and regulatory requirements, and they need to be implemented in the context of a corporate culture oriented toward compliance.
A corporate compliance culture
The board of directors is ultimately responsible for creating that cultural expectation but every employee is engaged in the execution. A positive culture encourages employees to express their concerns about risk and necessary controls and to highlight where businesses should be focusing resource. In the case of larger corporate cultures, reliable whistle blower programmes provide a safety harness.
Throughout this process, organisations often seek out the resources of third-party professional services to help them develop compliance risk management processes that are focused on creating low-cost and sustainable compliance programmes and processes. Many in the financial sector also recommend regulatory readiness compliance reviews to assist institutions in their preparation for regulatory examinations. The companies observe and identify potential regulatory gaps and provide specific recommendations to address these and other issues.
Ultimately, regulatory compliance failure often results in negative public perception, along with hefty financial penalties. Repetitive failures could ultimately put organisations in financial peril. Those who have yet to invest in systems and processes for legal and regulatory compliance, risk falling into regulatory compliance fire-fighting. Spending increasing resource on reactive management instead of strategic and smart investment to manage regulatory compliance proactively will be the clear dividing line between those companies who lead and those who fall behind.
A pervasive technology-led approach
Regulatory compliance solutions require a number of pain points to be addressed and the approach must be both integrated and across the enterprise. As always an enterprise approach to risk management is only effective if it is pervasive and effective across the whole enterprise. This may seem obvious, but many corporations leave risk management and the use of allied risk management IT systems to specific teams, job titles or divisions.
- Training and competence management to ensure the workforce and supply chain are appropriately educated in terms of knowledge and timeliness on regulations that affect their business and their job roles.
- Obligation management to store and actively assess and monitor compliance to the full range of regulatory and legal obligations by office, division, job title, user and region.
- Document and policy management to store, distribute, attest and validate regulations, clauses, obligations and policies to your workforce and supply chain, anywhere in the world on or offline.
- Action management to enable appropriate notification for employees when they have forthcoming regulatory requirement actions, providing robust oversight and governance where particular regions, locations or teams are at risk/overdue on their regulatory workloads.
Again, as always the solutions to be fully effective should be integrated in a single platform that allows total oversight, governance, visibility, control and reporting. Rivo Safeguard is an integrated platform with multiple software solutions that address the challenges in corporate regulatory and legal compliance management.