by Nicole Stryker and Richard Girgenti

Compliance officers today face many challenges. The pace of regulatory change is swift and expectations globally are constantly changing. For example, while the Trump Administration has voiced plans to roll back regulations – particularly in the financial, healthcare and environmental arenas – many international and U.S. state regulators have said they may look to fill any gaps, making it hard for compliance officers to predict the net impact of these regulatory changes on their organizations. Brexit and other significant geopolitical developments further complicate the regulatory landscape. These regulatory fluctuations make it challenging for compliance officers to prioritize their compliance efforts.

Chief Compliance Officers (CCOs) are also finding that new technologies and analytics are becoming increasingly important given pressure to reduce costs and improve efficiencies. This comes at a time when their role is expanding beyond regulatory and legal compliance to include a wider range of concerns such as ethical standards and sustainability. This said, CCOs need to be able to nimbly react to and prepare for change.

CCOs responding to a recent KPMG Survey representing major organizations across seven industries, including highly-regulated sectors such as financial services and healthcare, reported on their challenges. Based on their responses, KPMG identified three key priorities for compliance officers to consider.

Focus on Promoting a Culture of Compliance and Accountability

In this regulatory environment, many CCOs are focused on further grounding their compliance efforts in the tenets of good risk governance, conduct, and culture.  Such concepts are already entrenched in regulators’ and consumers’ expectations across the globe. Additionally, global regulatory trends support better corporate governance and risk management. Therefore, it is important to continue to emphasize, instill and enhance a culture of compliance across the organization. KPMG’s survey found that CCOs agree more can be achieved in this area:

• More involvement needed from lines of business – 36% of respondents did not know, or disagreed, that their lines of business management take ownership of the compliance culture and agenda. Only 15% of CCOs strongly agree with this statement.
• Additional communication to employees needed on the importance of compliance – 31% of CCOs did not know, or did not communicate, conduct and culture lessons across their organizations.

Instilling accountability also helps foster a culture of compliance.  While most organizations address compliance infractions in a timely manner, CCOs can do more to instill accountability and a compliance culture. Many respondents reported they do not assess compliance skills annually for first-line and second-line personnel, and a number of CCOs do not have (or do not know if they have) defined compliance roles and responsibilities for their first-line and second-line compliance personnel.  Almost 4 in 10 CCOs (39%) do not consider (or do not know if their organization considers) employee adherence to compliance policies and procedures as a factor in performance ratings and compensation decisions.

Invest in Technology Solutions to Further Integrate and Automate Processes and Controls

CCOs can also utilize data analytics and technology to further support their compliance program.  At a time when budgets and resources are strained, organizations can use technology to help achieve efficiencies and improve aspects of their compliance program activities such as risk assessments, monitoring, testing, training, and reporting and document retention. Technology can help make it easier for compliance officers to identify weaknesses before they escalate into compliance issues.

Yet, CCOs reported the least progress in their compliance program maturations.  Many said they do not know or do not leverage technology to support their compliance initiatives. In fact:

• Opportunities to leverage technology exist – Only 69% of CCOs say their organization leverages technology to support compliance initiatives, while less than half—just 47%—say they use data analytics and other technology processes to conduct root cause and trending analysis.
• Metrics are not widely integrated – 40% of CCOs integrate KRIs/KPIs (key risk indicators/key performance indicators) into compliance governance and risk management.
• Technology infrastructure alignment not broadly confirmed – 40% of CCOs have analyzed their technology infrastructure to confirm it aligns with their compliance requirements and to confirm significant gaps have been addressed.

Enhance the Regulatory Change Management Process

CCOs can also work to enhance their regulatory change management process. This not only includes managing existing requirements, but also identifying prospective changes, regulatory trend assessment and impact analysis.  Regulatory change management is a pain point for many CCOs, particularly in de-centralized organizations where different business or operational units are responsible for managing this process.  KPMG’s survey found that this activity requires better focus. Specifically:

• Regulatory change management needs development – Less than 1/3 of respondents said that their organizations do not have, or they do not know if they have, a regulatory change process that incorporates changes in laws, rules and regulations.
• Regulatory changes not extensively incorporated in the program – Only 27% of respondents said they have a process to incorporate such changes into their policies and procedures.

Effectively managing regulatory change can be a competitive advantage.  Once the regulatory environment is understood and the impact of prospective changes on the organization assessed, CCOs can prioritize core investment activities consistent with their compliance vision.  Further, by investing in and leveraging emerging technologies and digital solutions, CCOs can more proactively support compliance efforts more cost effectively.

The Compliance Road Ahead

Compliance officers must have a risk-based approach to executing compliance activities that can be cultivated over time through further integration and automation. Their overall compliance program should be able to quickly pivot as regulatory changes, geopolitical forces, innovation and market disruptions dictate.  Compliance officers should focus not only on complying with regulatory obligations but also on building integrated processes which leverage technology to capture changes across their enterprises.

Nicole Stryker is a director in KPMG LLP’s Financial Crimes and Enforcement network, based in New York. Richard Girgenti is a Principal at KPMG LLP’s Forensic Advisory Services, also based in New York.