TOPICS: Business Ethics, compliance, compliance officer, Ethical Compliance, ethics program
SUMMARY: new report released by Deloitte & Touche LLP and Compliance Week says that while there is positive progress in identifying compliance risks, many U.S. corporations' compliance programs may lack the appropriate structure, resources and measurement tools to mitigate such risks and manage them effectively. The report, In Focus: Compliance Trends Survey 2013, also reveals that many compliance officers may not be devoting enough attention to some of today's most prevalent emerging risk areas, such as social media and privacy. The report, which gathered data from 189 compliance executives working mostly at U.S. corporations, identified three primary issues that prevent many companies from maintaining objective, effective and forward-looking compliance programs: 1. Problems with effectively setting priorities related to specific compliance risks, 2. Difficulty identifying and using proper measurement and performance benchmarks and 3. A lack of appropriate and dedicated compliance staffing and financial resources. In the current regulatory environment, many chief compliance officers (CCOs) are primarily focused on establishing standards for ethical business conduct, whistleblower protection, managing the complaint and incident hotlines and anti-bribery compliance. However, the survey indicates that there are several potentially high-priority risks that are receiving less attention from many companies. In particular, anti-money laundering and privacy are low on the priority lists for compliance officers at larger companies, with only 40% reporting they had oversight responsibility for anti-money laundering and 49% for privacy. "These findings are surprising," says Nicole Sandford, partner and national practice leader of Governance and Enterprise Compliance Services at Deloitte & Touche LLP. "I think many companies are probably more exposed to these areas than they appreciate." "Measuring the effectiveness of the compliance program is important for several reasons, including the ability to demonstrate to stakeholders, including regulators, that the company is making good-faith efforts to follow standards of good business conduct and to justify compliance expenditures to the board and other senior leaders," she explains. According to U.S. Sentencing Guidelines and guidance from multiple state and federal regulators, with few exceptions, companies should operate an objective compliance function that is led by a full-time chief compliance executive reporting to the CEO and board. The report indicates that only 37% of U.S. companies that participated in the survey have an independent compliance executive, and only 51% of respondents indicated that the position reports directly to the CEO or board.
CLASSROOM APPLICATION: A very credible survey indicates that compliance efforts in corporations may not be addressing emerging risk areas. Compliance is important in any organization to develop internal controls that spot potential misconduct and hopefully take corrective measures before transgressions occur. Chief compliance officers are focused on complaint and incident hotlines, but many do not measure the effectiveness of their compliance programs. It is more likely that compliance officers track volume of calls, completion rates for compliance training, etc.
QUESTIONS:
1. Why do you think compliance officers may not be devoting enough attention to emerging risk areas such as social media and privacy?
2. What are the implications of one-third of the companies not measuring the effectiveness of their compliance programs?
3. With only 50 percent of companies indicating that the compliance officer reports directly to the CEO or board, what type of risk does this create?