Welcome to the 2017 Compliance Benchmark: Quantifying the Fundamentals survey. We have reviewed the benchmark studies listed below and summarized their results with regards to the following topics:
- Compliance Executives and their Authority
- Compliance Staffing and Budget
- Compliance Measures
- Current Issues
The following studies were part of our review:
- PwC State of Compliance Survey 2016 (817 respondents)
- AlixPartners Annual Global 2016 Anticorruption Survey
- KPMG 2016 Compliance Transformation Survey
- Kroll 2017 Anti-Bribery and Corruption Benchmarking Report (388 respondents)
1. Compliance Executives and their Authority
Many respondents pointed out that their organization has a named Chief Compliance Officer (CCO). 70% of all companies reported in 2016 that they now have a CCO – a decline from 76% in 2015. 47% of compliance executives believe that employees view the CCO as the compliance and ethics “champion” at their organization. Yet, this seems to fall short from the facts as 67% of compliance executives stated that within their company they have a process in place to identify owners of specific compliance and ethics-related risks, with the Compliance and Ethics and Legal departments being key owners of risk. At the same time 82% of compliance executives point out that senior leadership formally communicates with their employees on the importance of a compliance and ethics culture. The majority of compliance executives reports to senior leadership (67%) and to the board of directors (63%) at least quarterly. 18% of them are convinced that their board of directors does not have a comprehensive understanding of the organization’s compliance and ethics-related risks. 38% of respondents stated that their business unit/area compliance officers report directly to the compliance function, and 58% pointed out that these are full-time resources.
2. Compliance Staffing and Budget
Most organizations have a centralized compliance function with decisions and strategy being centrally driven. The size of organizations, however, varies enormously. 56% of respondents work for organizations with more than 5.000 total employees while 18% work for companies employing up to 1000 total employees. Correspondingly, staffing in corporate compliance functions varies significantly among respondents’ organizations. Unsurprisingly, large organizations on average employ greater budgets for compliance and maintain higher levels of staff in corporate compliance functions. Nonetheless, almost one fifth of respondents representing organizations that exceed an annual turnover of USD 25 billion, employ merely five or less full-time equivalents in corporate compliance functions. Vice versa, 18% of respondents representing organizations that have an annual turnover of less than USD 5 billion employ even more than ten full-time equivalents in corporate compliance functions. On the aggregate, compliance budgets exceed USD 1 million for 32% of respondents, coming close to par with the corresponding share in 2015 (33%). This falls in line with respondents’ expectation that compliance budgets will remain stable over the next years (48%, up from 36% in 2015).
3. Compliance Measures
3.1 Anti-bribery and Corruption Risks Remain High
Not only do a majority (57%) of respondents expect no improvement in their organization’s risks in 2017, 35% even expect increased risk with merely 8% expecting a decreased risk this year.
3.2 Risk Identification and Assessment
77% of all companies reported in 2016 that they organize some kind of enterprise-wide compliance risk assessment. 65% of them organize risk assessments annually, while merely 12% conduct risk assessments less frequently. The key variables considered when measuring compliance and ethics-related risks are impact (93%) and likelihood (91%), with velocity ranking third (33%). Most compliance and ethics-specific risk assessment processes include learnings from prior compliance failures/issues at the organization (76%), learnings from recent compliance failures/issues in the industry (70%) and government enforcement trends (70%).
3.3 Third Parties
Third parties, and all the risks therein, continue to be the single biggest worry (40%), ranking straight ahead of the complex regulatory environment (14%) and employees making improper payments (12%). Almost 50% of respondents maintain a business network with more than 500 third parties. As merely 17.9% of legal, ethical and compliance issues stemming from an ongoing relation with third parties came to light through a third party disclosure, most companies conduct numerous ongoing measures to manage third-party risks. Two-thirds of those respondents that do monitor all third parties (or at least their highest risk third parties) believe to be appropriately prepared to address global bribery and corruption tasks.
4. Current Issues
Corruption is still taking a considerable toll on corporate and economic growth. 90% of respondents say they believe their companies´ industries are exposed to at least some level of corruption risk compared to only 85% in 2015. 28% of respondents cited even significant risk, benching to just 22% in 2015.
4.1 Identifying High-Risk Geographies
A country or region that is immune to corruption doesn´t exist – but some places are perceived as particularly vulnerable to it. Risk-perception increased significantly for Africa (from 59% in 2015 to 78% in 2016 ) and the Middle East (from 48% in 2015 to 68% in 2016 ). 73% of respondents also indicated significant levels of risk in Russia, compared with 75% in 2015. 67% of respondents pointed out that there are locations where it is impossible to avoid corrupt business practices and cite Russia (35%), Africa (33%), and China (27%) respectively.
4.2 Data Protection is a Contemporary Area of Risk
77% of respondents argued that their company faces challenges in navigating local data protection laws and almost the same share (76%) categorized ensuring the security of their data as “challenging”. 27% even expected an increase in challenges that are associated with moving data across jurisdictions.
4.3 Involvement Needed from Lines of Business
65% of respondents argue that management in the lines of business should take greater ownership of the compliance culture and agenda. Only 15% strongly agree with this statement. 39% of respondents do not consider adherence to compliance policies and procedures as a factor in performance ratings and compensation decisions, and 32% are convinced that their employees do not understand the competitive importance of a strong compliance culture.