2022 was both chaotic and transformative – a war in Ukraine, increased cyber-attacks, disrupted supply chains, an adjustment to work at home and new trust paradigms. This has ushered in new ABCs that redefine the risk landscape: A for Accountability, B for Business ethics, C for Consumer confidence. For many organizations, mitigating these risks is already shaping their 2023 strategy. For others, that journey starts now by learning to address the ABCs of compliance.
Here are five predictions for the upcoming year.
A, B, C, D, ESG: Social sustainability compliance will be mission critical
Advancing environmental, social and governance (ESG) priorities into business operations will continue to dominate the boardroom. To date, much of the priority has been on the “E” (i.e., net-zero emissions, carbon neutrality). In 2023, I predict more “S” technology investments will help transform how organizations manage their relationships with customers, employees, suppliers and communities. According to IDC, by 2024, 40% of use cases for sustainability/ESG software worldwide will have a strong focus on social sustainability topics due to organizations’ more integrated approaches to ESG.
Activities that had previously been managed in silos (e.g., supplier practices, cybersecurity) converge as a multidisciplinary, cross-functional undertaking. Impacting employees and customers, data privacy will continue to be a key priority, especially in the U.S., where numerous state privacy laws go into effect in 2023 (that subject requires greater discussion and will be covered in a separate blog).
A Know Your Supplier (KYS) strategy is needed to drive trust
Investment in technology providing transparency into supplier ethical practices will explode in 2023, driven by ESG priorities and mandatory due diligence obligations. Germany’s Supply Chain Act, which went in effect this January, follows a global trend to adopt laws requiring businesses to monitor, report and remediate human rights violations within their organizations and their supply chains or face significant penalties and lost revenue opportunities for non-compliance.
In the E.U., two others loom large – the recently adopted Corporate Sustainability Reporting Directive that will require more comprehensive reporting on sustainability factors and the Corporate Sustainability Due Diligence Directive (which may take longer to adopt) that is expected to set mandatory human rights’ supply chain due diligence obligations. Many businesses of all sizes have no choice but to assess their current activities to play by these new rules.
Leadership will commit to building a safety culture
Workplace safety has re-emerged as a critical priority for compliance leaders. Around the world, countries are revising or enacting new regulations aimed at strengthening safety conditions. In the U.S., the Biden Administration has prioritized more regulation and enforcement. For example, by recently expanding employer eligibility for inclusion in the Occupational Health and Safety Administration’s (OSHA) Severe Violator Program (which severely punishes employers who continue to disregard worker health and safety), more employers will need to review their safety procedures and other compliance protocols to mitigate risks.
In addition, proposed rule changes to both the Environmental Protection Agency’s Risk Management Program (RMP) and OSHA’s Process Safety Management (PSM) standards underscore the urgency to decrease accidents and protect vulnerable communities. In 2023, expect a concerted effort to leverage innovation to identify Environmental, Health and Safety (EHS) vulnerabilities and mitigate risks that impede the cultivation of a safety culture.
Cybersecurity harmony needed to win the cyber war
In 2023, increased organizational resilience will be needed to combat hostile attacks and ransomware demands. Cybersecurity priorities will be driven by the societal impact caused by threats to our critical infrastructure — operational shutdowns and breaches making our communities more vulnerable to health and safety risks. I expect new E.U. cybersecurity regulations such as the NIS2 Directive and Critical Entities Resilience Directive– that harmonize cybersecurity requirements among the member states and establish effective cooperation and information sharing – to force essential and critical entities to strengthen their cyber posture and boost resilience.
Beyond cybersecurity measures, I anticipate a convergence of cybersecurity and information governance activities as part of a broader content security infrastructure strategy and framework. Stronger document access controls and encryption are also needed to mitigate improper data handling activities to win the cyber war.
Individual accountability is demanded by regulators
In the U.S., recent Department of Justice (DOJ) policy changes will have a profound impact on compliance program development. This past September, the federal agency released a memo outlining changes to its corporate criminal enforcement policy emphasizing individual accountability and the importance of providing timely disclosure of evidence of misconduct to receive cooperation credit.
The DOJ also announced a policy requiring both CEOs and Chief Compliance Officers to certify their companies’ compliance programs are “reasonably designed” and effective in deterring and detecting future anti-corruption violations. With misconduct investigations at an all-time high, compliance leaders could now face criminal liability for false certifications if their programs are ineffective. As prosecutorial pressure is applied, expect compliance leaders to double down on tools to support compliance effectiveness.
As we enter 2023, businesses must demonstrate Accountability, improve Business ethics and retain Consumer (and employee) confidence to both survive and thrive. While there is still time to catch up, those who have begun addressing this alphabet of priorities will be better positioned to respond to regulatory demands and maintain a competitive advantage in the marketplace.
Learn more about how OpenText solutions help organizations implement a foundation for an ethical supply chain, support a safe workplace, and leverage cybersecurity and investigation tools to protect their business from regulatory risk and reputational harm.