The Evolution of the Compliance Profession
One of the benefits of old(er) age is perspective and experience. (As we age, we have to find the positive reasons to tout). If there is one thing (of many) the compliance profession has demonstrated, it is that compliance professionals are nimble. It comes with the territory. Building and maintaining a compliance program, requires compliance professionals to adjust their focus and prioritize resources and time in response to evolving threats.
In looking over the risk landscape, in the last few years, we have seen the growth in two significant risks – cybersecurity and data governance and trade compliance. I know this does not appear to be too surprising but hear me out.
Cybersecurity and data governance reflects the change in technology, the rise in information technology businesses (e.g. cryptocurrency) and creativity and effectiveness of malign actors and hackers. Approximately 2000 businesses per year suffer serious ransomware attacks. The consequences of such attacks can be devastating to a company’s operations and its reputation. Such an attack can result in millions lost through collateral litigation, let alone the reputational harm.
In the last two years, the compliance profession has responded to this new landscape by forging a new and important bond with information technology leaders. Compliance usually takes the lead in pushing cybersecurity training and awareness. Compliance professionals know how to develop and deliver content – cybersecurity requires extensive training employees on avoiding phishing and malware attacks. Many companies now provide real-time phishing exercises to ensure that employees avoid clicking on the phishing or malware attack.
The second most important trend that has evolved is trade sanctions and export controls. DOJ is poised to reinforce the importance of trade sanctions compliance with an aggressive corporate prosecution program that is beginning to take shape. The Ukraine-Russia war focused attention on this risk, along with an aggressive DOJ and regulatory response by OFAC and the Bureau of Industry and Security.
The compliance profession responded by forging a new and effective relationship with trade compliance professionals. For years, trade compliance professionals operated in a silo reflecting their expert knowledge of technical issues underlying compliance with export controls. Compliance professionals recognized the available efficiencies by leveraging resources to support trade compliance initiatives.
Frankly, corporate compliance programs should have integrated trade compliance from the beginning. Companies that failed to do so are now catching up and before long, I expect we will see all trade compliance functions incorporated into all compliance departments. It only makes sense given the shared mission and common tools and requirements.
Compliance professionals know how to step up and adjust a program’s focus. It is in their DNA. The strength of an effective compliance professional is his/her ability to recognize new and evolving risks, respond to those risks, and then mitigate those risks.
Compliance professionals benefit from line-of-sight across the organization. They have a unique perspective, and as a result, they are able to identify new trends, business risks and plan.
Compliance professionals always face a challenge in staying ahead of the risk curve and building a proactive compliance program rather than a reactive program. If compliance professionals fall behind in identifying changes in the company’s risk profile, companies will face increased enforcement risks.