4. With the growing cost of compliance, organizations want more proof of its value
In 2016, 69% organizations told Thomson Reuters that they expected an increase in their total compliance budget over the following 12 months. As compliance departments expand globally and take on more authority, staff, and responsibility, they also become more visible cost centers in the organization. As a result, compliance programs are not only expected to have minimal negative impact on the bottom line, more than ever there are pressures to demonstrate how they are contributing a positive impact. Return on Compliance (ROC) is hardly a new concept but 2017 brings with it the ongoing challenge for organizations to demonstrate what their company is getting for their investment.
1. Define the metrics – What will you use to measure the success of your compliance program and the ROI? Examples include legal expenditures and fines that are avoided or reduced and efficiency gains in compliance processes.
2. Set a baseline – It’s difficult to demonstrate improvements without baseline measures, so if you haven’t done so, collect them now.
3. Benchmark against industry best practice
4. Review the many industry studies that show how compliance is good for business. Executives and Board members will appreciate data and research.
5. Review, review, review – Just like other business areas, assessing ROI in compliance shouldn’t be a once a year activity. Review and amend your plans and strategy on, at least, a quarterly basis.
5. When it comes to compliance, you are your brother’s keeper – companies still grappling with third party risks
When Navex Global asked, 32 percent of survey respondents reported that in the last three years they faced a legal or regulatory action involving third parties. Thirty percent respondents from the same survey also felt their third party engagements will increase. According to GRC20/20, the second biggest driver for governance, risk and compliance (GRC) initiatives is “the growing array of 3rd party relationships with increased regulatory and risk exposure in bearing down on organizations.” In increasingly growing and complex global supply chains, the actions and practices of your vendors and partners directly affect you, can lead to litigation, painful fines, and also the most costly impact – loss of customer trust. Third party risk management continues to be a focus in compliance programs in 2017.
It’s no surprise that organizations with mature and sophisticated third party risk programs report better outcomes. This includes having bigger budgets and automated systems. Key steps therefore would include having a current and effective third party due diligence policy, strong cross-functional sponsorship of the third party program, and a clear and vocal program champion and owner (often Compliance and Ethics or Legal).
So to compliance chiefs and officers, brace for an exciting 2017! It’s going to be a bumpy ride, perhaps leaving you with a few bruises but exhilarated!