Everyone loves end-of-year surveys predicting corporate compliance challenges for the year to come, and today we have a double dose of them: one survey report from the audit world and the other from legal, both suggesting that companies are struggling to keep pace with regulatory burdens and compliance risk.
First is a survey from the Center for Audit Quality, a lobbying voice for the accounting industry. Last week the CAQ released its latest Audit Partner Pulse Survey, which polls audit firm partners about business and economic conditions affecting their client companies. One day later, FTI Consulting released its annual General Counsel Report, polling corporate legal officers on the legal and risk management pressures they face.
Neither survey captures compliance officer opinion directly — but taken together, they do offer a detailed sense of the landscape compliance officers will need to navigate in 2024. From there we can deduce the implications for your compliance program. So let’s take a look.
We can start with the CAQ survey. Most respondents weren’t pessimistic about the economy in 2024 overall (53 percent neutral and another 20 percent optimistic, versus only 27 percent who were pessimistic), but their expectations for the coming year shifted considerably.
The top concerns for 2024 were cost management (cited by 57 percent), financial performance (52 percent), and growth (40 percent). The hunt for talent, however, dropped sharply as a top priority, from 47 percent one year ago to just 26 percent today. See Figure 1, below.
None of that is surprising. Executives are still nervous about possible recession even though the economy is humming along nicely. High interest rates have made borrowing more expensive, so you want to count pennies and wring every possible bit of efficiency from current operations, and only invest in activities that will bring new business through the door.
That’s not cheerful Christmas music to compliance officers’ ears. Management teams will see regulatory compliance as a cost burden, just as they’re pressuring employees to be more productive (read: do more with at least the same, and ideally less) and help the company grow top-line revenue.
Meanwhile, findings about regulatory compliance were rather glum. Consider this excerpt from the CAQ survey:
Most audit partners said regulation has had a discernible effect on business, with the vast majority (74 percent) concluding the effects have been negative under current standard setting or rulemaking in the U.S. When audit partners were asked how companies have been negatively affected, they cited compliance costs and legal and regulatory risk as the top two issues.
So regulatory compliance is a drag, driving up costs and increasing risk. The question for compliance officers is how you will respond to that challenge, keeping costs low and taming risk — especially when cost management, financial performance, and growth are senior management’s primary concerns.
That will require some real ingenuity on your part. You’ll need to manage and streamline compliance in ways that will help the company (a) fulfill its regulatory obligations; (b) be more responsive to changing risk conditions; and (c) seize growth opportunities without picking up an excessive amount of risk along the way. Plus, if your ingenuity requires any additional investment, you’ll need to demonstrate a direct, crystal clear ROI on that proposed spending.
Survey Two: A ‘Tipping Point’ of Risk
Then we have that survey of general counsels from FTI Consulting. It dwells more on the question of whether legal teams (and by extension, compliance teams) can keep pace with so many risks swirling around the modern corporate enterprise.
The answer from respondents was generally no, they can’t. Essentially, legal teams are trapped in a triangular vise of three forces:
- Increased regulation and enforcement;
- New technologies (everything from messaging apps to cloud-based services to artificial intelligence) sweeping through the enterprise;
- The enterprise’s need for growth.
Altogether, those three forces are creating new digital risks that didn’t previously exist. The question now for legal and compliance teams is whether you have appropriate systems in place to identify and quantify that digital risk. If you don’t, you can’t understand how much risk the enterprise actually faces. Then you can’t fulfill your job of helping senior management and operating teams navigate those risks.
That can bring compliance officers and general counsels to some bad places. For example, if you promise senior management, “Our privacy risk is well controlled,” and then you suffer a major privacy breach because you didn’t understand all the technology employees were using — that makes you look like a fool to senior management, and ruins their trust in you. Plus the company still has a major privacy breach to address.
Now recall the CAQ survey, which listed cost management and growth as two of the top business priorities for 2024. If companies are under even more pressure to grow and keep costs down, then your ability to manage all those risks — risks that keep proliferating thanks to greater regulation and new technology — slips ever further out of your grasp. As one FTI respondent put it:
“Overextension is a key risk… Companies are trying to grow and overextend or over commit their resources and that process of over leveraging creates a much higher level of risk.”
FTI said all these pressures “have cascaded into tipping points across the legal function.” That’s an apt phrase, and it applies just as well to the compliance function, too. It’s not so much that your compliance and risk management capabilities are withering. Rather, they aren’t strengthening enough to meet the economic, regulatory, and technology forces that are causing risk to accelerate.
Figure 2, below, tells the tale. It tracks respondents’ confidence in their ability to manage certain risks across the years. Every row that gets lighter means companies are growing less confident.
What can a compliance officer do in response? We can explore some ideas in future posts. For now, if you feel like your compliance team is overwhelmed, you can end 2023 on this note, for whatever it’s worth: you’re not alone.