Most US and European companies started to seriously invest in corporate compliance and ethics programs a decade ago and have nurtured their rapid growth ever since.
And for good reason: legislation and regulations have prompted numerous compliance standards and requirements. For US companies, this includes Chapter 8 of the US Federal Sentencing Guidelines from the early ’90s, the passage of Sarbanes-Oxley (SOX), and changing enforcement patterns of the Foreign Corrupt Practices Act at the turn of the millennium.
This proliferation of regulation in the past decade, coupled with companies’ increasing desire to enter new markets – and so new jurisdictions – has yielded the birth of a new corporate function.
Since 2004, CEB Compliance & Ethics Leadership Council has run a biennial survey to help those that work in the burgeoning function prepare and defend budgets, prioritize compliance risks and activity ownership areas, use aggregate and industry comparisons for board reports, and improve overall program performance and efficiency.
Looking back over 10 years of data from five surveys reveals five pertinent trends.
Five Trends in Corporate Compliance & Ethics
Industry determines program location, staffing numbers, and budget size: The role compliance functions play for their company is often determined by the industry in which the firm operates. Applicable regulations and restrictions, or “regulatory intensity”, largely determines where the department is located, and how many resources and capital are granted annually to achieve their goals.
Traditionally, compliance programs were located in Legal. In 2006, 70% of respondents answered that compliance was housed under Legal, but that percentage has dropped since then; in 2014, 58%. And, the more highly regulated the company, the more likely compliance is to stand alone as an independent function or, in some cases, within the umbrella of Finance, Risk, or Internal Audit. This was especially apparent in 2010, when 71% of pharmaceutical and biotech participants reported an independent location, and 85% of telecommunications reported a location under Legal.
Firms in more highly regulated industries also employ higher numbers of full-time staff. Four years ago, insurance companies had a median staff count of 129 while banking and financial services reported in at 85. On the other hand, consumer products, food, and tobacco firms reported full-time headcount at a mere three full-time employees, or equivalent, and construction and engineering even lower, at two. Today, the overall median full-time staff for all companies is 11.
And while median budget numbers on the whole have decreased and subsequently flattened over ten years (from $5 million in 2004 to $1.8 million in 2014), they vary widely by industry. In 2012 this ranged from as high as an $11.7 million industry median in insurance, and as low as a $0.5 million industry median in energy.
Widening range of compliance activities: Although budgets have plateaued and staffing numbers have grown only modestly, the scope of activities that compliance programs either own or participate in has widened. Some activities have shifted to the desks of others since 2004, such as implementing a records management schedule and policy (Legal), or managing SOX (Internal Audit). But as the function expands its value proposition to the business, compliance executives have been asked to “do more with less.”
In addition to the perennial tasks of code of conduct development, helpline administration, training design and rollout, and program effectiveness measurement, CEB Compliance & Ethics members now spend considerable time on monitoring third-party controls, reviewing new business partners, assessing and mitigating risk, and managing internal investigations. With more granular regulations governing corporate activities, the technical purview of compliance has expanded to reach many aspects of operations.
Growing access to the CEO and board committees: Across the entire decade, general counsel has been most likely to manage the head of compliance, but the data also show more and more access to the top levels of member organizations.
Specifically, starting in 2010, there was almost a 10% increase of companies whose seniormost compliance officer reported directly to the CEO (32% of respondents), often with dotted-line reporting to an audit or governance board committee. In line with their growing compliance oversight expectations, directors expect more frequent reporting and live interactions with heads of compliance, while also asking Compliance to shield the company from risk exposure without harming progress towards corporate strategic goals.
The emergence of compliance liaisons: In the past four years, the median number of liaisons at survey respondent companies across all industries grew from 0.5 in 2010 to a whopping 15 in 2014.
These “ambassadors” are not formally a part of the compliance department, yet commonly assist centralized teams by relaying and reinforcing ethics communications, promoting a positive ethical culture, serving as a watchdog to receive and escalate concerns, and facilitating compliance training sessions on the local level.
The advent of liaison programs stemmed from a need to save time and money, increase risk awareness, strengthen the function’s influence, and understand line employees’ receptivity to compliance and ethics.
A more holistic view of program effectiveness: Since Compliance rests at the intersection of government expectations, business strategy, and individual interest, teams are creating more balanced scorecards to track and report on not only functional efficiency, but regulatory, operational, and employee/cultural metrics as well.
This year, 70% of survey participants said they perform a compliance program maturity exercise (either externally or as a self-assessment), and nearly 60% ask internal clients to provide feedback on their service. Another common measurement approach is employee cultural surveys that test employees’ awareness of the program, perceptions of integrity, and their observations of misconduct. These can be a part of an overall program effectiveness review, and used to garner risk information directly from the front-line.
CEB research shows that strong levels of corporate integrity at an organization help profitability, employee engagement and productivity levels, and overall risk reduction. Yet two years ago, while a majority (58%) of compliance and ethics programs viewed “promoting a corporate culture of integrity” to be the ultimate goal of their program, only 22% launched a cultural assessment as a barometer for success. That percentage is growing, however, and the future will see more programs assess employee feedback on tone at the top, comfort speaking up, organizational justice, ethical leadership, and other cultural indicators.