PwC released its annual State of Compliance survey on Tuesday, and let’s start with the angst: most compliance officers aren’t confident that their companies’ compliance programs are effective.
Of the 825 professionals surveyed, only 17 percent said they are “very satisfied” with the effectiveness of their compliance programs. About 45 percent say they are somewhat satisfied. The rest, which PwC calls “strivers,” ranged from neutral to dissatisfied.
Andrea Falcione, U.S. leader for ethics and compliance with PwC, rattled off a list of forces that have heightened risks dramatically in the last 12 months. Among them: social media movements such as #MeToo, ballooning whistleblower programs, and investigative journalists using Big Data to discover corporate misconduct.
“In this day and age with the 24-hour news cycle, the stakeholders, and watchdogs that I mentioned previously, we’re surprised and a little bit concerned about the number and percentage of folks who identified themselves as strivers,” Falcione said during a webcast Tuesday to discuss the results. “So the challenge really is for everybody to try to reach into that leadership role.”
So who are these 17 percent in the Very Satisfied category? For starters, they have higher rates of technology use. For example, 66 percent in that group use technology to monitor employees’ compliance with policies and procedures, compared to 50 percent overall.
Likewise, 67 percent of the Very Satisfied say monitoring technology gives them better insights and root cause analyses, compared to 56 percent overall. (Side note: smarter use of technology, to build better analytics, to strengthen risk management — that’s exactly what the internal audit profession has been talking about all spring, too.)
Leaders are also more likely to use data analysis tools, dashboards, and data extraction tools than their peers.
“We live in a world now where you can’t really do any of those things without technology,” Linette Hwu, vice president of ethics and compliance for Discovery, said during the webcast. “Particularly if you’re part of a large enough organization, it’s just not feasible to do all those things in the super-manual way that we used to,”
Among the Very Satisfied leaders, 62 percent say they’re better equipped to identify outlier transactions or compliance violations in real time thanks to their use of technology. That not only helps them stay ahead of regulators; it informs their efforts to push the right compliance training in front of the right audience as needed, Falcione said.
Nancy Jardini, chief compliance officer for Fannie Mae, said on the webcast that her team began using GRC tools about two years ago. They pulled together all the compliance issues from every department (such as internal audit and SOX compliance), to create an integrated reporting system that has been “extremely effective.” Next, Jardini wants to use artificial intelligence to crawl through the enormous amounts of data and identify vulnerabilities.
“There’s a lot out there that we’re going to be able to leverage. Things are changing every day,” Jardini said.
PwC recommends that organizations looking to join that Very Satisfied 17 percent should:
- Think about how technology can assist you in your compliance risk management efforts.
- Think about processes that need to be updated or improved.
- Do a technology needs assessment, focusing on what kind of data is already available in your organization and what kind of technology your company is already using.
- Make a business case for an increased technology budget.
The overall goal is to become more data-driven and technology focused in compliance risk management efforts, Falcione said. That can help businesses stay ahead of issues (and regulators) in real time.
Radical Compliance will have more detailed analysis of the report in subsequent posts. Meanwhile, if you have an opinions on the report and its findings, feel free to comment below or email us at [email protected].