Each year, NAVEX releases the Top 10 Trends in Risk and Compliance to provide leaders with guidance and insights on where to focus their initiatives and resources. Staying ahead of global trends in risk and compliance has never been more complex than it is today. In this current environment, the need for digitally enabled and agile compliance programs is readily apparent.
The sheer amount of information produced by a company’s GRC program, paired with a fluid regulatory environment means risk and compliance (R&C) leaders have their work cut out for them. That said, the past few years have, for lack of a better phrase, forced increased buy-in and maturity for compliance programs. Take for example, the Russian Federation’s invasion of Ukraine. The complex sanctions environment created as a response to this war created an enhanced need for automated monitoring of sanctioned individuals and entities in order for organizations to stay on the right side of compliance.
But that is just one example of many that demonstrate the complexity of compliance in this day and age. Other examples discussed in this publication include the EU Whistleblower Protection Directive, upcoming global privacy legislation, the U.S. Department of Justice’s declaration that organizations will need to attest to and certify compliance programs, and several more. The common thread connecting all of these trends is that managing multiple compliance areas requires a mature program with a holistic view of organizational risk and operations.
The common thread connecting all of these trends is that managing multiple compliance areas requires a mature program with a holistic view of organizational risk and operations.
The good news is that much of the change on the horizon has been years in the making, and most of the data and resources needed are already available and in use for R&C leaders. However, it is worth taking a step back and evaluating how well compliance programs are performing given the increased intensity of the regulatory environment.
Another theme we see in this year’s edition of Top 10 Trends is the need for a culture of ethics and compliance. Most organizations endeavor to do the right thing, but a common pitfall remains – sometimes compliance is viewed as a cost center or thought of as a “check-the-box” task to avoid legal repercussions. However, recent declarations from the DOJ, and large settlements being handed down for violations, prove that doing the bare minimum will no longer suffice. Partially due to increased public and stakeholder attention, partially because of increased regulatory enforcement, organizations are being held to account for their actions at a rate that is cause for increased attention. No matter the driving force, creating a culture of ethics and compliance will pay dividends in avoiding penalties, mitigating risks, and retaining top talent – just to name a few.
No matter the driving force, creating a culture of ethics and compliance will pay dividends in avoiding penalties, mitigating risks, and retaining top talent – just to name a few.
The past few years of trends and predictions have largely focused on adjusting to the “new normal” with policy, technology, and cultural adjustments to hybrid and remote work. This year, as many organizations are now established with their operations in this environment, the focus shifts towards managing the complexity of the regulatory environment. This is best done through automation and leveraging tools available to gather and act on the wealth of data already present.
The growing focus on how organizations and their third parties conduct business is a good thing for the compliance function, and ultimately, for the business itself. While doing the “right thing” may take more time and resources, operating with ethics and integrity is a principle that always benefits organizations in the long term. The ongoing disruption and fluid regulatory environment can be difficult to manage, but it has also been the best practical case for increasing compliance program maturity. In the coming years, this is only expected to ramp up – meaning the work to stay ahead should already be in progress.