Compliance programs are becoming increasingly important at the executive level due to increased demands for information on effectiveness from the regulators and the board.
In the financial services industry, the saying that “banks operate globally but fail locally” refers to the challenge of managing the complexities of compliance requirements – which vary significantly by region and country. In other words, compliance capabilities don’t scale easily.
PwC’s “State of Compliance 2013 Survey” offers up an analogy from another industry—health care—to suggest how readers (those with endurance, as the report is lengthy) can use the survey results to help scale their compliance programs in a more efficient and effective manner. The report compares the chief compliance officer (CCO) role to that of a primary care physician: he or she puts forth recommendations for improving compliance health, but it ultimately is up to the business/patient to adhere to the treatment.
One of the most beneficial aspects of the report is the breadth of its diagnoses; it includes industry cuts that will help GRC professionals in some sectors (e.g., services) compare the health of their efforts to more advanced capabilities in highly regulated sectors (e.g., financial services). PwC principal Sally Bernstein notes that the compliance-management-sophistication gap between historically highly regulated industries and “less than very regulated” industries is closing.
The report’s appendix also contains strong data, particularly in leadership structures and compliance-information reporting frequencies. Bernstein and her colleague, PwC partnerBobby Kipp, responded to questions via e-mail:
What is one survey finding that surprised you and why?
Bobby Kipp:While budgets are generally not decreasing, I’m surprised that only 37 percent of companies’ budgets for central compliance functions are increasing. I’m surprised because of the tremendous level of demand for evidence of compliance effectiveness by all stakeholders.
I continue to be surprised that compliance committees often do not have representatives from sales and marketing, supply chain, or the business. This is surprising because the nature of some of the greatest risks, such as bribery and corruption as well as industry-specific regulations, most directly impact these areas of the business.
Based on your analysis of these survey results, how do you expect compliance programs to evolve in the next few years?
Sally Bernstein: Our results indicate several trends, but two specific examples. The first is the rising profile of compliance on the executive/C-suite/board agenda, both through increased demands for information on effectiveness from the regulators and the board, and through the changing organizational position of the CCO towards the C-suite.
The second is the growing use of effectiveness measures to gain a better understanding of success related to specific risks, including the growing use of compliance audits.
If you were the head of a compliance program, what would concern you about any of these results?
Kipp: The fact that budgets don’t seem to be keeping up with the demands of the job. The response [to Question 5 on page 37 of the report] suggests a disconnect between CCOs’ views about the extent to which the compliance program is helping to achieve the organizations’ goals (86 percent of U.S. CCOs believe this is the case) and what the CCOs feel their leaders believe (only 78 percent of U.S. CCOs think their executive leadership believes that the compliance program supports strategic objectives).