The way companies sell products and create profits has changed dramatically over the past five or six years and this in turn has meant big changes for the way employees get their work done. There are numerous implications for all corporate functions – from HR to IT – but one of the most straightforward for all is to make sure the right policies are in place.
Unsurprisingly, corporate legal teams and their counterparts in corporate compliance are under particular pressure to codify and guide employees toward the right behavior in the midst of all this change. What’s worse is that, while there is a lot of complex and difficult work to do in response to these changes, corporate functional teams are under pressure to do it more quickly.
Working with and talking to thousands of functional executives this year, CEB staff have heard some version of the same refrain again and again: “It seems more difficult to get stuff done; we just feel really slow.” The size and complexity of firms, and the need for managers to collaborate with so many people, has also slowed the making of important decisions just when it needs to speed up.
Often managers think that if they want to make faster decisions, they will also need to be prepared to make worse decisions. But this doesn’t always follow. There are three areas where corporate legal and compliance professionals can make quicker and better decisions in 2016.
Data privacy: Most of the media’s fascination with companies leaking private data, centers on the work of malicious hackers. But while it’s the malice that gets the headlines, the majority of privacy failures are generally down to employees just not knowing how to safeguard corporate information.
CEB data shows that 59% of unintentional data privacy failures were caused by employee errors during the working day, while 38% were caused by weak processes and procedures within the company. This is either because the right policies and processes aren’t in place or because of insufficient training.
So firms need to improve employee awareness of their own privacy failures, as new issues that arise before others are fully resolved will make privacy costs spiral. But although roughly 50% of companies incorporate privacy training into training courses (pdf), the brief time spent on data privacy issues makes it difficult for employees to understand and correctly apply what they’ve learned.
As well as making time for dedicated data privacy training, the firms that see the best results don’t consider “increasing employee awareness” as the only goal of their training. Rather, they teach job-relevant skills and foster employees’ motivation to apply the training across different work contexts.
Employees’ legal IQ: Most managers would agree that the use and awareness of in-house legal advice diminishes rapidly as one travels down the corporate hierarchy. This is especially a problem when it comes to mid-level managers as, why they may not always set strategy, they are responsible for implementing it.
CEB research into how employees make legally sensitive decisions (pdf) show that 75% of managers made a decision with significant legal implications in the past year. But only about 40% of managers believe they fully understood their decisions’ legal consequences. And, managers in general turned to the legal team for support less than a third of the time. This uncertainty over decision making can manifest in one of two ways: employees taking excessive risks though ignorance or missing opportunities for unjustified fear of breaking the law.
The solution to this is to improve employees’ “legal IQ.” That doesn’t mean giving all employees a legal education. Rather, it means improving the quality of their decisions by helping them develop a radar for legal issues and understanding what to do when they spot one. Developing legal IQ is powerful (pdf): employees at companies with high legal IQ are 28% more likely to consult legal resources when making decisions, five times more likely to seek the legal department’s advice, and, perhaps most importantly, three times as likely to say their decisions achieved the desired outcome.
The risk of using third-party vendors: Third-party vendors –whether they are a single contractor or a team from a big multinational – often bring fresh ideas and fresh energy to a project. But compliance teams and the business should be aware of the high risk involved (pdf).
Third parties create over 40% of companies’ total compliance risk exposure, magnifying many compliance concerns including bribery, data privacy, and reputation risk. With the average multinational partnering with around 5000 third parties, compliance executives must find a way to manage this extensive network without slowing down important business decisions. Typically, corporate compliance teams are brought in to help evaluate third-party vendors after they’ve been selected. At this stage, compliance teams may be handling the onboarding process but they are not managing the risk.
To manage this risk properly, compliance teams must evolve their approach to not only establish risk management processes but also create transparency about the internal cost of third-party compliance. While most compliance teams assume that managers won’t care about this kind of information, providing a more accurate cost-benefit analysis for third-party vendors will show the value that the compliance team can provide.