Survey respondents in the ethics and compliance community state that their program sophistication comes from two core areas: the technology they use and the data they collect.
image source: PwC's 2018 State of Compliance: Getting ahead of the watchdogs: Real-time compliance management
PwC's recently released their 2018 State of Compliance Study, an annual report they publish based on survey results from the ethics and compliance community. This year's PwC State of Compliance Study shares the results of 825 surveyed global risk and compliance executives to see:
- how satisfied they are with the effectiveness of their current E&C programs;
- what makes them effective; and
- how changes to the regulatory and business climate around the world are forcing them to evolve.
In a previous piece of research conducted by PwC (their annual CEO Survey), it was discovered that executives consider over-regulation one of the top threats to the growth of their company, and that the maturity and growth of global regulatory agencies have led to a need for more sophistication in their compliance programs. As the findings of their State of Compliance Study reveals, that sophistication has come in the form of improvements to two pillars of their ethics and compliance programs: the technology they use and the data they collect.
The report itself is built on the foundation of one important question and trends that were identified as a result of the answer: “Please rate your level of satisfaction with the effectiveness of your compliance program.” Of the 825 executives asked, only 17% (140 executives) are very satisfied with the effectiveness of their compliance programs. The report uses that 17%, identified as 'leaders', to help identify what this group does differently than the rest. The differentiators between 'leaders' and their peers were broken down into four main factors that contribute to their compliance program's success and effectiveness.
Leaders invest in technology to improve their approach to data and support the infrastructure of their compliance program.
When asked what technologies could be leveraged more often by the compliance function to succeed and improve effectiveness, leaders said that analytics tools, dashboards, and the monitoring of policies and procedures.
Despite this, a look at data collected from all survey respondents revealed that
- 50% currently use technology to monitor employee compliance with E&C related policies and procedures;
- 44% currently use policy management technology as part of their compliance program; and
- 37% say one of their top challenges is an insufficient budget to invest in technology.
More than a third state that more budget would permit more (and presumably better) investments in technology. The reality is that their more successful peers are in their positions because of technology investments. Savvy survey respondents can leverage this data point to successfully argue for an increased technology budget to propel their organizations forward, like the leaders here.
Leaders use analytics and technology to increase compliance-monitoring effectiveness.
According to the report:
- 66% of leading compliance programs use technology to monitor employee compliance with policies and procedures - especially in relation to cybersecurity, fraud, data privacy, social media, and gifts and entertainment.
- Almost three-quarters (76%) of leaders use “moderately or very sophisticated technology to monitor employee compliance” in relation to cybersecurity, a full 24% more than the second ranked risk topic, fraud, and 42% above the bottom ranked risk topic, conflicts of interest.
Technology also enables leaders with better insights and root cause analyses, as well as the ability to respond to risk-related threats and identified behavioral outliers in real time.
Leaders streamline policy management to increase responsiveness and policy effectiveness.
Leaders in this category are more likely to keep their code, policies, and procedures current and easily accessible, and streamline these processes with GRC technology tools. In fact, 67% of leaders have one source for all of their policy management. The streamlined approach also make it easier to measure the effectiveness of these policies and procedures.
When it comes to Codes of Conduct, 43% of leaders review their Code of Conduct annually and 38% review on an as-needed basis. Compared to all survey respondents, only 30% review their code annually - a significant difference and one of the facets that sets apart the leaders from the rest of the pack. If you're interested in learning more about Code of Conduct best practices, or how to effectively review and rewrite a Code when that time comes, we recently hosted a webinar on that topic, and you can view a recording of it here.
When it comes to measuring the overall effectiveness of E&C policies and procedures, PwC's 2018 research revealed the most and least commonly used methods, as illustrated in the image included with this post.
Leaders use data and technology to provide targeted, engaging, and up-to-date compliance training.
How do leaders differentiate themselves from the rest of the E&C community when it comes to the actual training they provide?
- First and foremost, they use multiple sources of data, and technology, to target their training to specific employees.
- Second, they cover more risk topics than their peers as part of their overall approach to training and communications, and 67% will update their training and communications on an annual basis, compared to 49% of the entire survey group.
- Third, leaders also use a variety of different training methods to engage their audience, and use data from monitoring activities to inform decisions around their program. Last, this group of effective E&C executives plan to increase their use of “frequent, short-form, anytime, anywhere, any device communications.”
These differentiation tactics are extremely valuable from the perspective of how employees perceive ethics and compliance training and engage with it. Neglecting to update training and communications on an annual basis, with new information or new formats, can actually undermine your efforts and effectiveness in the long run. Ask yourself this question; how seriously will my employees take our training on bribery and corruption if we don't take the time and effort to actually update the content we send them from one year to the next?
From the perspective of the entire group of participants, 53% expect to increase how often they conduct traditional online training (30+ minutes) in the next three years, while 52% expect to do more frequent, short-form communications in the next three years.
When it comes to what they'll be focusing on, these are the top seven topics cited from the survey results:
- Data privacy
- Mutual respect and harassment
- Conflicts of interest
- Gifts and entertainment
- Bribery and corruption
PwC's 2018 State of Compliance Report is full of insights valuable to our community. What we found most interesting is data to support two ideas we believe with conviction. First, the definition of program effectiveness is constantly evolving. Second, equipping your organization with technology and data that can operate across your entire risk and compliance program is critical to keep up in today's business landscape. If you're interested in learning more about measuring program effectiveness and the technology that helps enable it, don't hesitate to contact us and talk about it.