Almost half (48.3 percent) of risk and compliance, internal audit, C-suite executive and board professionals plan to modernise their compliance functions by changing core compliance execution practices during the next 12 months, according to a recent Deloitte poll. Further, resource levels for compliance teams are expected to increase (27.5 percent) or stay flat (37.6 percent) in the year ahead for the majority of organisations.
“Regardless of whether an industry is highly regulated or not, we often see compliance budget fluctuations due to shifting business priorities,” said Rebecca Chasen, Deloitte Risk and Financial Advisory partner, Deloitte Financial Advisory Services LLP. “Thankfully, compliance modernising technologies are evolving quickly and becoming more available, enabling compliance teams of various resourcing levels to streamline processes, increase capacity and continue to do more with less. Of course, compliance teams need more than technology alone to offer strategic counsel and predictive insights to leadership.”
Deloitte defines compliance modernization as a functional transformation that pulls on productivity levers across the organization, including emerging technologies, such as cognitive compliance, automation and robotics, to drive integration of risk and compliance with business strategy and drive value across the enterprise.
Only 11.5 percent of professionals surveyed reported that their compliance functions are value-creating, or seen as a strategic advisor that offers predictive insights and greatly efficient through the use of RegTech (regulatory technology; cognitive compliance, risk sensing, automation/robotics, etc.). This is a marginal improvement from a similar Deloitte poll in 2017, in which 10.9 percent of respondents said their organization is value-creating.
Compliance Modernisation Trends to Learn From
“One of the typical challenges we see companies face while trying to achieve a modernised compliance program is weighing ‘shiny and new’ solutions against those that have been evaluated as sustainable, effective solutions. It may seem simple to differentiate between the two, but it’s not always,” said Tom Nicolosi, Deloitte Risk & Financial Advisory principal, Deloitte & Touche LLP. “To me, the question to ask of a solution is ‘will this robotic process automation, artificial intelligence and/or cognitive computing solution have the power to increase productivity, drive down costs and create value across the organization via a solution all three lines of defense — business units themselves; risk management and compliance functions; and, internal auditors — can leverage?”
When asked which group in their organizations is most responsible for executing compliance, 24.9 percent say the first line of defense — business units, their professionals and centers of excellence; even more (26 percent) say the second line of defense — risk management and compliance; and, 34.4 percent say the first and second lines of defense are equally responsible.
Nicolosi continued, “While there is a trend to over rely on the second line of defense — risk management and compliance teams — to execute compliance, it’s encouraging to see one-quarter of respondents indicate the first line of defense is taking primary responsibility for compliance in their organizations. I suspect we’ll see further acceleration adopting that approach to compliance management.”
Compared to 12 months ago, respondents say their organisations’ compliance and information technology teams work more closely together (37.4 percent of) or just as closely together (34.5 percent) now as before. Just 6.8 percent report compliance and IT functions working less closely together now than they did a year ago.
Image courtesy: Trustweaver