Welcome to the 2016 Compliance Benchmark: Quantifying the Fundamentals survey. We have reviewed the benchmark studies listed below and summarized their results with regards to the following topics:

  1. Compliance professionals
  2. Chief Compliance Officer and their authority and resources
  3. Compliance Staffing and Budget
  4. Compliance Measures
  5. Anti-Corruption Survey as an example for a current Compliance issue

The following studies were part of our review:

  1. PwC State of Compliance Survey 2015 (1.102 respondents)
  2. AlixPartners Annual Global 2015 Anticorruption Survey
  3. Deloitte and Compliance Week Compliance Trends Survey 2015 (364 respondents)
  4. Kroll 2015 Anti-Bribery and Corruption Benchmarking Report (267 respondents)
  5. Primo Europa Compliance Horizon Survey 2015 (200 respondents)
  6. Ernst & Young´s global governance, risk and compliance survey 2015
  7. Society of Corporate Compliance and Ethics Officer Salary Survey 2015 (1.489 respondents)

1. Compliance professionals

83% of compliance professionals opine that compliance has become more complex and challenging in the past two years.

69% are feeling more exposed to risk than they did two years ago and only 19% feel very confident in their team’s ability to protect the business to the level required.

Compliance professionals are under increased pressure to safeguard their company’s reputation. 59% note that this best describes their role within their company and 51% cite fear of negative exposure as the top driver for compliance in their organization. 37% of them argue that more people with the right knowledge of the business would make the biggest difference to compliance teams’ ability to protect the business over the next years.[1]

2. Chief Compliance Officer and their authority and resources

Many respondents believe the role as an Chief Compliance Officer (CCO) is most effective if the individual is a full-time and stand-alone CCO who reports directly to the board.

59% of all companies reported in 2015 that they now have full-time and standalone CCOs – a growth from 50% in 2014 and 37% in 2013. This suggests that more and more organizations are deciding that the scale and scope of the CCO requires a full-time commitment. 57% of those CCOs report directly to either the Chief Executive Officer (CEO) or the board; this number has fluctuated over time.[2]

Data shows that furthermore 32% of all responding companies say that compliance is seen as a business partner across their entire organization. In contrast 55% cite that compliance is seen as a partner only “in some respects”. So even if CCOs now feel like a part of the company’s inner circle, results are mixed on whether that authority extends down through the entire organization, supporting the CCO as he or she tries to help build a strong, transparent, risk-intelligent organization.[3]

Only 43% of all reporting companies say their corporations have established compliance officers in subsidiaries, geographic markets or business units; 44% do not. Within that group who do, 49% of those business-unit compliance officers report to the global CCO; 40% report to local senior managers.

3. Compliance Staffing and Budget

Most organizations have a centralized compliance function with decisions and strategy being centrally driven.[4] More than one-third of the respondents indicated they were involved in at least 76% of the company’s legal and regulatory risk.

The size of organizations represented in this study varied enormously. 13% work for organizations with more than 30.000 total employees while 21% work for companies employing less than 250 total employees.[5]

Even large organizations maintain relatively small compliance teams. About 50% of all responding companies say they have fewer than five employees devoted to compliance; roughly 40% say their total budget is $1 million or less. Larger companies (with $5 billion or more in annual revenue) have larger budgets and staff: 34% cite budgets of $1 million to $10 million, while 54 % of smaller organizations report budgets of $1 million or less.

Smaller organizations do have less solid compliance functions than larger ones. Comparing all companies reported in 2015 with annual revenue less than $5 billion to those with more than $5 billion, smaller organizations are less likely to have a designated CCO (64% to 84%), that job is less likely to be a stand-alone position (51% to 70%) and budget support can be slim (9% of small respondents say they have no stated compliance budget). From this follows that smaller organizations are more likely than larger ones to expect compliance budgets to increase in the next years.[6]

4. Compliance Measures

Respondents´ most common responsibilities are compliance training (76%), code of conduct oversight (74%), whistleblower hotlines (70%) and regulatory and compliance investigations (68%).

4.1 Addressing the right risks

75% of large companies make some effort to measure the effectiveness of their compliance programs, compared to 53% of smaller companies. 58% say they are “confident” or “very confident” they are looking at the right metrics to gauge effectiveness.

4.2 Risk Identification and assessment

82% of all companies reported in 2015 that they organize some kind of enterprise-wide compliance risk assessments. 67% of them organize risk assessments annually; 11% conduct risk assessments less frequently. 67% say they engage with senior stakeholders to conduct risk assessments.

Many companies follow a variety of other practices as well: as a stand-alone exercise (33%), in conjunction with internal audit´s risk assessment (33%) or as part of a larger assessment of all organizations risks (33%).

4.3 Third Parties

Third parties, and all the risks therein, continue to be the single biggest worry. Third parties are ranked as the most challenging factor and because of that companies conduct a plenty of measures to manage third-party risks. 42% of all reporting companies say they always check compliance with policies or regulations; 38% always conduct extensive and comprehensive background checks; 32% always require trainings or certification.[7]

5. Anti-Corruption Survey as an example for a current Compliance issue

Corruption is still taking a considerable tool on corporate and economic growth. 85% of respondents say they believe their companies´ industries are exposed to at least some level of corruption risk and 40% believe their organization´s bribery and corruption risks will increase this year. Global expansion (55%), increases in the number of third party relationship (54%) and increased enforcement of existing regulations (51%) are the reasons cite by respondents for increased risks.

Most reporting companies cite that in 2015 they were either as concerned (60%) or more concerned (31%) about bribery and corruption risks than in prior years. In contrast only 3% of all companies reported in 2015 that they spent less time on anti-corruption issues than in prior years.[8]

22% of the reporting companies say they thought their companies had lost business or customers because a competitor had made a illicit payment to a government official. 26% note corruption had put their M&A efforts on risk. 28% say they had stopped doing business with a partner because of worries about corruption and 34% report they had avoided doing business in territories with a potential higher risk of corruption.

5.1 Identifying High-Risk Geographies

A country or region that is immune to corruption doesn´t exist – but some places are perceived as particular vulnerable to it. 75% of all reporting companies cite Russia and 50% cite Africa – ahead of China (53%), Central and South America (52%) and the Middle East (48%) – as regions that pose significant corruption risk. Of respondents who say their companies avoid doing business in places with high corruption risk, 27% cite Russia and 23% cite Africa as geographies they avoid. In addition to this 32% cite “entering or doing business in high-risk regions” as “very challenging” for their compliance programs; 26% determine “variations in local laws”.[9]

5.2 Strengthening Corporate Compliance Programs

81% of all reporting companies have a dedicated anti-corruption compliance program or written antibribery and anti-corruption policies. All of these companies acknowledge that their company distributes program and policy documentation to employees. In contrast 12% note these policies are not distributed to business partners and 2% say it is not distributed to board members.[10]