[author: Linda Luty]
NAVEX publishes the Risk and Compliance benchmark report each year, surveying over 1,100 industry professionals. The purpose of this report is to provide insight into the effectiveness of R&C programs and enable leaders to share findings with their boards of directors, c-suite, and other stakeholders. Among other things, this information can be used to demonstrate how the program stacks up and where opportunities exist for improvement.
Before we explore this year’s findings, let’s recap data from last year. In 2021, our data indicated that for management and senior leadership, 75% and 71% respectively, demonstrate a commitment to compliance. However, when faced with competing interests and/or business objectives, only 38% and 46% persist in that commitment.
This year, we saw similar responses when leaders were asked the same question. According to the 2022 survey, 77% of managers and 71% of senior leaders reported they demonstrated a commitment to compliance. When faced with competing interests and/or business objectives, 48% of managers and senior leaders indicated they persist in that commitment.
While the percentage of those who persist in the commitment to compliance did increase from last year, it begs the question: why do less than half persist in a commitment to compliance?
In order for a commitment to compliance to persist, what is needed is an organizational culture with E&C as the North Star. For this to happen, compliance must be addressed from the top down – from the board of directors to individual contributors.
Relatedly, an interesting finding from this year’s survey of risk and compliance professionals indicates that 30% of boards of directors do not receive periodic reports on compliance matters. Further, the survey also indicates only 56% of boards have oversight of compliance programs and less than half (48%) examine compliance reporting data when exercising oversight – a decrease of 12% from 2021.
“For roughly half of the organizations represented in this study, there is a disconnect between words and actions. Compliance officers in organizations that fall in this category have an opportunity to open a discussion with leadership about the challenges leaders face and how to bridge this gap.”
Highlighting this finding, only 52% of respondents indicate senior leadership models proper behavior to subordinates. So, for the other 48% it is clear there is work to be done. Especially given the U.S. Department of Justice’s renewed focus and emphasis on a culture of compliance.
The DOJ guidelines clearly state that the compliance function must have:
- sufficient seniority within the organization;
- sufficient resources, namely, staff to effectively undertake the requisite auditing, documentation, and analysis;
- sufficient autonomy from management, such as direct access to the board of directors or the board’s audit committee
While the survey findings indicate 83% of organizations have sufficient access to resources, only 36% of respondents indicate they hold executive and/or private sessions between compliance and the board of directors.
So, what is needed to create a culture of compliance? First and foremost, the board of directors needs increased involvement – communicating the importance of ethical values and holding leaders accountable will go a long way in demonstrating that ethics and compliance is a priority.
One of the ways this is best done is by setting clear policies, and using the code of conduct and ethics and compliance training in tandem to communicate that this is a priority for the organization. However, the commitment to compliance needs to be more than words on paper. It’s up to senior leaders and management to not only voice these ideals, but also hold all employees accountable for ethical behavior.
Taking an honest look at how your organization functions in practice can be a tough pill to swallow for some. Some organizations may choose to believe everything is fine and turn a blind eye to the warning signs of an unhealthy culture. While this may work for a short time, more and more attention is being paid to how organizations do business – and those that choose ignorance as bliss will have to face those harder truths eventually.
NAVEX is committed to helping organizations of all sizes improve their cultures through ethics and compliance. One of the ways we do this is through the annual Risk and Compliance Hotline and Incident Management Benchmark Report, a valuable resource that provides insight into cultural trends from thousands or organizations globally.
Another important resource is the Risk and Compliance Survey Benchmark Report. This report consists of the data yielded from over 1,100 risk and compliance professionals surveyed and gives valuable data on the state of risk and compliance programs across the world. For more insights and a deeper understanding of E&C programs