• wblogo
  • wblogo
  • wblogo

When compliance surveys combine

Chris Hamblin, Editor, London, 22 August 2017

articleimage

The international law firm of Baker McKenzie has done the gruelling job of combining the results of various surveys by Kroll, AlixPartners, PwC and others into one super-survey of attitudes at compliance departments around the world.

In this 'benchmark' survey of surveys we have reviewed the PwC "State of Compliance Survey" of 2016 (with 817 respondents); the AlixPartners annual global anti-corruption survey of 2016; the KPMG "2016 Compliance Transformation Survey"; and the Kroll anti-bribery-and-corruption 'benchmarking' report of 2017 (with 388 respondents).

These studies dealt with many topics but our amalgamated survey concentrates on: compliance executives and their authority; compliance staffing and budgets; compliance measures; and current issues.
 
Compliance executives and the authority they wield

Many a respondent pointed out that his organisation had a chief compliance officer or CCO. 70% of all companies reported in 2016 that they had a CCO – a decline from 76% in 2015. 47% of compliance executives believed that employees viewed the CCO as the "compliance and ethics champion" at their offices, but this seems to be something of an illusion because 67% of compliance executives stated that they were using various processes to identify 'owners' of specific compliance and ethics-related risks, with the compliance and ethics and legal departments being 'key owners' of risk. At the same time, 82% of compliance executives pointed out that senior leaders (PwC's actual phrase was "senior leadership") communicated formally with their underlings about the importance of a culture conducive to compliance and ethics.

The majority of compliance executives, according to the respondents, reported to senior leaders (67%) and to boards of directors (63%) at least quarterly. 18% of them were convinced that their boards did not understand their organisations' compliance-related and ethical risks to a comprehensive degree. 38% of respondents stated that their business unit/area compliance officers reported directly to the compliance functions.

Compliance staffing and budgets

Most organisations have a centralised compliance function with decisions and strategy directed centrally. The size of organisations, of course, varies enormously. 56% of respondents in all surveys work for firms with more than 5,000 employees in toto, while 18% work for companies employing up to 1,000. Because of this, corporate compliance functions have wildly differing numbers of staff. Large organisations, of course, tend to spend more money on compliance and employ more compliance people but almost one-fifth of compliance respondents from organisations whose annual turnover exceeds US$25 billion employ merely five (or even fewer) full-time people or their equivalents in man-hours. Contrariwise, 18% of compliance respondents from firms with annual turnovers of less than US$5 billion employ more than ten full-timer staff members. On the aggregate, compliance budgets exceed US$1 million for 32% of respondents, coming close to the figure from 2015 (33%). This is consistent with respondents’ expectations that compliance budgets will remain stable over the next few years (48%, up from 36% in 2015).

Compliance measures

The chances of bribery and corruption remain high

Not only do a majority (57%) of respondents expect no improvement in their risks in the 'ABC' area in 2017; 35% expect risks to increase and only 8% expect them to go down this year. So says Kroll.

Risk identification and assessment

77% of all companies reported in 2016 that they had organised some kind of enterprise-wide compliance risk assessment exercise. 65% of them said that they had done so annually, while a small number - 12% - were doing so less frequently. They listed the 'variables' [a statistical term for numbers that a mathematician does not yet know] that they considered when measuring compliance and ethics-related risks as 'impact' (93% of them weighed up various things connected with this word); 'likelihood' (91% thought that this term had some meaning), with 'velocity' ranking third (33% considered some things on which this word might have a bearing). Most compliance and 'ethics-specific' risk assessment processes had to do with people learning from compliance failures/problems that had emerged at their firms (76% did so), people learning from recent compliance failures/problems in the industry (70% did so) and trends in government enforcement (70%).

Third parties

Third parties (a third party being a person who is separate from two people who are primarily involved in a situation, especially a dispute) pose risks and continue to be the single biggest worry for compliance people (40%), ranking higher in seriousness than the complex regulatory environment (14%) and employees making improper payments (12%). Almost 50% of respondents maintain a business network that contains more than 500 third parties. Third parties only alert financial firms to about 17.9% of the legal, ethical and compliance problems that stem from their relationship with those firms, so most companies take continual steps to manage the risks that those relationships pose. Two-thirds of the respondents whose firms monitor all (or at least their most risky) of their relationships with third parties believe that they are prepared to take on "global bribery and corruption tasks" (a Kroll phrase).

Current issues

Corruption is still taking a considerable toll on corporate and economic growth. 90% of respondents say they believe that their companies' industries are exposed to at least some level of corruption risk, compared with 85% in 2015.

Highly risky locations

There is no such thing as a country or region that is immune to corruption, but firms perceive some to have more of it than others. These firms' perceptions of 'risk' in this area have increased a good deal recently vis-à-vis Africa (from 59% in 2015 to 78% in 2016) and the Middle East (from 48% in 2015 to 68% in 2016). 73% of respondents also think that Russia poses significant risks, compared with 75% in 2015. According to AlixPartners, 67% of respondents believe that in some places it is impossible to avoid corrupt business practices, citing Russia (35%), Africa (33%) and China (27%).

Data protection

77% of respondents argued that their companies faced "challenges in navigating local data protection laws" and almost the same share (76%) were finding it 'challenging' to keep their data secure. 27% even expected "an increase in challenges that are associated with moving data across jurisdictions" [a phrase of AlixPartners' invention].

Involvement needed from lines of business

According to a survey by the accountancy firm of KPMG, 65% of compliance respondents argue that "managers in the lines of business" (which could be a reference to line managers) should 'own' more of their firms' compliance culture and agenda. Only 15% of their colleagues "strongly agree" with their opinion. 39% of respondents do not consider adherence to compliance policies and procedures as a factor when rating people's performance and making decisions about compensation people for various things, and 32% are convinced that their fellow employees in other departments do not that a strong compliance culture is important in helping a firm to compete with other firms.

Latest Comment and Analysis

Latest News

Award Winners

Most Read

More Stories

Latest Poll