Through the GRC Lens – November-December 2019

Posted by

The Changing Winds of Compliance

As compliance teams strive to manage new regulations and technological advancements, here are some of the trends and headlines that made compliance news in November and December.

In the face of changing business models, as well as new risks and dynamic global ecosystems, compliance as a discipline is rapidly evolving. Stakeholders rely on compliance teams to not only protect their organizations against regulatory penalties and legal liabilities, but to also strengthen reputation and credibility with customers. As compliance officers seek to demonstrate and enhance the value delivered to their organizations, the following are some key considerations.

New Regulations

While 2020 began with a focus on data privacy, here are some updates on other areas of compliance that made the headlines:

  1. Data Privacy: This month, the CCPA came into effect giving customers more control over their data. However, in a study by Ethyca, only 12% of 85 respondents believed they had achieved an adequate state of compliance readiness for the emerging regulated privacy landscape.An article in Forbes suggested that “Rather than looking at CCPA compliance as a chore, look at it as an opportunity to innovate your business practices and seek ways to regain a first-party relationship with your customers.”

  2. Payment Security: Payment security compliance declined for the second year in a row in 2019, according to Verizon’s 2019 Payment Security Report. The report also pointed out that a compliance program without proper controls to protect data has a more than 95% probability of not being sustainable and is more likely to be a potential target of a cyberattack.

  3. Banking and Finance – As the financial services industry continues to grapple with regulatory complexities, many are turning to regtech solutions to enable and support their compliance efforts. The goal isn’t just to avoid non-compliance penalties but to strengthen trust and credibility with customers. The report, ‘Hooked: RegTech Reliance in Capital Markets Compliance’ by Greenwich Associates states that 63% of firms recognize that reputation protection is the core purpose of compliance.  

  4. Communication – Compliance teams are also struggling to keep pace with electronic communication channels, with 45% saying they are in constant catch-up mode rather than proactive mode, when it comes to electronic communication compliance, according to a report by Smarsh.

  5. Technology: The use of AI in regulatory compliance is helping both regulators and businesses. A recent Deloitte poll stated that nearly half (48.5%) of C-suite and other executives at organizations that use AI expect to increase AI use for risk management and compliance efforts in the year ahead. But only 21.1% of respondents report that their organizations have an ethical framework in place for AI use within risk management and compliance programs.

Compliance is now a key topic of discussion at the executive level, and is also a strong part of core business strategy. Newer technologies like AI and advanced analytics are helping compliance teams deliver value to the business in the digital age.

Compliance Week’s second annual technology survey highlighted that, ‘’companies are moving along the technological maturity curve in qualitative and quantitative ways today’’. According to the survey, companies are willing to spend more in 2019 than they were even a few years ago to build a more robust technology-enabled compliance function. Nearly, a quarter (23%) of compliance practitioners said their technology budget is much larger today than it was three years ago.

As compliance teams strive to do more with less, the emergence of new technologies will not only improve efficiency and cost-effectiveness, but will also enable teams to derive quick, meaningful insights from data to make well-informed decisions.