March 14, 2017 by Canadian Underwriter
The majority of chief compliance officers (CCO) in the United States taking part in a KPMG LLP survey are struggling to integrate and automate compliance activities across their organizations.
Six in 10 polled CCOs report “their company’s technology infrastructure has not been analyzed to confirm it aligns with compliance requirements or they were unsure of such alignment,” notes a statement Monday from KPMG LLP, the independent U.S. member firm of KPMG International Cooperative.
That percentage was matched by about 60% of respondents saying they are unsure as to whether their technology infrastructure is proactively adapted to align with regulatory changes, the statement adds.
The survey, which reflects the input of CCOs from 62 major U.S. organizations across seven industries, asked respondents about their compliance activities and addressed, among other compliance elements, risk assessment, governance and culture, technology and data analytics, and monitoring/testing.
Many organizations “are not effectively using technology and data and analytics to take a proactive approach to compliance and to prepare for and adapt to regulatory change,” notes the report, The Compliance Journey – Boosting the Value of Compliance in a Changing Regulatory Climate.
That is clearly important, the report points out, since “technology and data and analytics can help organizations be more proactive in compliance efforts and address weaknesses before they escalate to compliance issues.”
Across nine components, organizations, generally, report having strong programs in governance and culture; policies and procedures; and communication and training.
However, program components needing the greatest improvement include technology and data analytics; monitoring and testing; and people, skills and due diligence.
For many CCOs looking to enhance their programs, the “regulatory uncertainty can make it challenging to identify where to prioritize their compliance efforts,” the report states.
Other survey findings include the following:
More positively, over 90% of CCOs report their board or a committee of the board is adequately informed of compliance risks and mitigation efforts; at least 94% of organizations say compliance requirements are embedded within their policies and procedures; and 84% of CCOs report having a compliance risk assessment process that leverages qualitative and quantitative measurements.
Despite some ground to make up, KPMP LLP reports the rising global regulatory expectation and scrutiny of organizations’ third-party relationships is driving CCOs to further enhance their third-party risk management programs.
“CCOs understand that weaknesses to adequately assess third parties can expose their organizations to operational risk, possible government investigations and reputational damage, as well as monetary penalties and potential criminal liability,” it notes.
That said, only about half of polled organizations have a compliance monitoring process to confirm their third-party vendors adhere to compliance due diligence processes.
“Given the broad spectrum of regulatory changes anticipated from the new administration and Congress, as well as differing and changing regulatory requirements across jurisdictions, organizations should continue to focus on investing wisely in areas of their compliance practices and programs that will help them to more effectively and efficiently comply and operate,” says Amy Matsuo, a partner and regulatory risk network leader at KPMG.
“At a time when chief compliance officers are strained for budgets and resources, they can achieve efficiencies as well as improve their organization’s compliance program by leveraging technology and data and analytics to support a wide range of compliance activities including risk assessments, monitoring, testing, training, reporting and document retention,” adds Richard Girgenti, KPMG’s principal and leader of forensic advisory services for the Americas.
The many challenges in this current environment elevate the need for CCOs “to develop a risk-based strategic vision for compliance,” the report states.
“Such a vision is stronger when it is based on a robust understanding of the organization’s current regulatory environment as well as the likely trajectory of regulatory change,” it adds.
Global regulatory trends “support better corporate governance and risk management, not reversals of it,” the report emphasizes.
“Therefore, CCOs’ overall commitment to instilling and enhancing a culture of compliance within their organization and their vision for further strengthening governance, compliance and risk management as part of their risk-based strategy should continue to guide them forward despite this time of uncertainty,” it notes.
“CCOs can benefit from having a five- and 10-year plan that projects what their future compliance program will need to look like, based upon existing regulatory and enforcement action trends, and continue to invest in foundational elements for this future program,” KPMG LLP adds.