Internal and external stakeholders, particularly in the areas of data protection and environmental, social and governance (ESG) responsibility, are placing increasing emphasis upon compliance. This compels chief compliance officers, chief risk officers and other executives to create a more flexible and responsive compliance function, even as they manage rising costs and company-wide expense-cutting pressures.
Steve Culp, a Forbes contributor, wrote: “Compliance executives are facing big challenges, with multiple changes happening at high speed. In a phenomenon we call “compressed transformation”, we are seeing five-year plans become one-year plans as companies cope with change throughout the enterprise while trying to create value and grow.”
I submit that, as a consequence, compliance resources have become overburdened. Against such a backdrop, this writer suggests two shifts are required to weather the storm caused by the changing business environment.
Consideration One: Be proactive versus reactive
It must become more common for compliance functions to take on a proactive role in supporting business activities, rather than being a reactive advisor. By leveraging data-driven insights in the quest to find new trends, and anticipating future decisions, compliance can assist in building superior forward-looking capabilities that can help companies stay ahead of the competition. When companies adopt this expansive perspective with the help of compliance, they can make decisions faster and with greater confidence, and address previously tricky challenges. This can also open new business opportunities - a complicated arena that most businesses find hard to master.
Consideration Two: Make the business case
The compliance leader plays an essential role in how their companies manage and communicate risk. One such part involves demonstrating to internal and external stakeholders that data protection, climate change and social responsibility should be core corporate values, as mismanagement could lead to financial and reputational losses.
Chief compliance officers and chief information security officers (CISOs) have become increasingly concerned with the security of their company’s data due to shifting external and internal user dynamics. This concern requires constant monitoring and updating, which ultimately carries a cost. It is not enough for compliance professionals to merely identify the risks associated with cyber security. Instead, they have to mitigate the impact when companies choose to underfund cyber security or downplay the effect on balance sheets when things go wrong. IBM’s 2021 Data Breach Report noted that, during that year, “data breach costs rose from $3.86m to $4.24m, the highest average total cost in the 17-year history” of its report.
Companies must recognise that ESG (environmental, social and governance) metrics are directly related to performance. Compliance professionals must assist their companies with understanding this. For example, studies have shown that “between 2013 and 2020, companies with consistently high ESG performance tended to score 2.6 times’ higher on total shareholder returns than medium ESG performers”. To directly tackle the risk associated with ESG, corporate leadership must determine what success looks like, agree on a clear strategy, and transparently embed accountability for sustainability analytics that is routinely monitored with reporting to leadership.
It is vital to understand the impact of data protection and ESG on your company. A proactive programme of regulatory change management requires the involvement of compliance leaders at the highest executive level to ensure that such activities are aligned with the firm’s business strategy.
NB: About Derek Smith Jr
Derek Smith Jr. has been a governance, risk and compliance professional for more than 20 years. He has held positions at a TerraLex member law firm, a Wolfsburg Group member bank and a ‘big four’ accounting firm. Mr Smith is a certified anti-money laundering specialist (CAMS), and the compliance officer and money laundering reporting officer (MLRO) for CG Atlantic’s family of companies (member of Coralisle Group) for The Bahamas and Turks & Caicos.