The Positive and Negative Mix of Corporate Compliance Trends
We all like to believe in straight-forward and consistent trends and developments. For example, compliance programs are improving, budgets are increasing, and CCOs are embracing new technologies. Everything is just rosy when it comes to compliance. But reality is far from consistent and far from simple trend lines and straight-forward explanations.
Please do not get me wrong – over the last ten years, the rise of the compliance profession and ethics and compliance programs is the most important trend in corporate governance. It is an unmistakable and powerful change in the corporate governance landscape.
But we do not live nor operate in ten-year time frames. Unfortunately, many companies are beholden to the quarterly framework based on the need to report quarterly earnings. As you look closer at compliance trends and developments, there is a simple reality – good news and bad news, positive and negative. Nothing in life is so simple and compliance, like other aspects of life, is far less black and white but more like grey with different shades. Okay, enough with all the trite descriptions, what do I mean?
Here are a few of what I call “mixed” results (taken from KPMG recent report of CCO survey, NAVEX Global third-party and hotline benchmarking):
- While roughly 75 percent of companies include ethics and compliance as part of an overall employee evaluation, 25 percent do not include ethics and compliance in employee evaluation;
- Approximately 40 percent of companies surveyed indicated that their corporate boards are engaged in governance and oversight of their ethics and compliance program;
- Only 25 percent of companies are embracing automated platforms to manage and mitigate third-party risks, despite the significant corruption and sanctions risks posed by third parties;
- Nearly 25 percent of CCOs reported that their company fails to ensure that all third parties are subjected to due diligence and onboarding procedures;
- Only approximately half of companies surveyed have embedded compliance as a valuable partner in the corporate business operations;
- Employee reporting rates have been flat for the last few years;
- Retaliation rates against employees who report misconduct have increased in the last few years; and
- Only one-third of companies are tracking issues uncovered from internal investigations for mitigation purposes in order to remediate and enhance existing program controls.
While I am not usually a pessimist, I remain surprised at corporate failures or inaction to embrace basic elements of effective ethics and compliance strategies. I consistently read and hear about the new frontiers of compliance – data, technology, artificial intelligence and other high-minded solutions. In the absence of an effective foundation, a compliance program seeking new technologies and solutions may suffer from significant deficiencies and gaps in their compliance program. Technology is an effective tool but only when a company has the fundamental elements in place.