of Corporate Compliance Programs ” asks, “Is the risk
RISK from Page 15
Managing the impact of AI and hybrid work Last year, E&C programs focused comparatively less of their activities on bribery and corruption and more on information security, including AI and data protection (see chart at left). This is likely to stem, at least in part, from recent regulatory moves around AI. U.S. regulators have made plenty of noise about regulating AI and Big Tech, but it is the European Union and the UK that are putting their money where their mouths are and launching decisive regulatory action. European regulators have recently blocked major M&A deals by the likes of Adobe (both) and Microsoft (in the UK), and the EU has lined up legislation to regulate AI in the form of its AI Act, due to come into force later this year. Another key issue taxing the brains of E&C professionals is how to manage programs in an era when hybrid and remote work remain commonplace. Almost three-quarters say they have made significant changes to their E&C programs to meet the needs of employees in the face of altered workforce models. This includes tailoring programs to be more relevant to individual employees and make it easier for them to comply, facilitating staff to access training remotely and offering shorter courses, as well as prioritizing data analytics so they can measure impact and continuously improve. — Ty Francis
improvement and said that risk analysis is the most useful factor for evaluating program impact. This matters because minimizing risk is the bedrock of any E&C program. And the global risk landscape is becoming more challenging all the time, as new threats emerge and existing ones alter in shape and scope. Indeed, about seven in 10 of our respondents indicated that they had faced new or unexpected compliance risks in the past 12 months. Compliance risks were brought into sharp focus last year, with prosecutions against cryptocurrency exchange Binance Holdings and its CEO and the conviction for fraud, money laundering and conspiracy of FTX founder Sam Bankman- Fried hitting the headlines. These cases highlight how broadly U.S. regulations apply to organizations worldwide — since neither company was U.S.-based — and the extent to which they drive the evolution of best practices in E&C. Small wonder, then, that today, our survey respondents are focusing most of their efforts on addressing the implications of complex government regulations that impact their business (94% have put effort into this) as shown in the chart on the previous page. The focus on risk must, of necessity, be an ongoing process, with changes to the risk landscape being monitored over time and E&C programs being brought up to date accordingly. As the U.S. Department of Justice’s most recent updates to its “ Evaluation
assessment limited to a ‘snapshot’ in time or based upon continuous access to operational data and information across functions? Has the periodic review led to updates in policies, procedures and controls?” Encouragingly, our research suggests most companies have their finger on the pulse. Many say they regularly analyze issues like regulatory requirements and expectations. Compliance risks are also at the top of board members’ E&C agendas. Not all risks are getting the same amount of attention, though. Despite the heightened focus on the global risk landscape, and the ongoing wars in Ukraine and the Middle East, plus enhanced sanctions on China, Russia, Iran and other countries, fewer than two in five survey respondents (38%) said they have bolstered their risk controls concerning sanctions and trade controls. That proportion has dropped from almost half (45%) who said so two years ago. Focusing on incentives and accountability E&C programs must both encourage ethical behaviors and prevent misconduct. Therefore, on the one hand, it’s reassuring to see that so many E&C professionals (more than three-quarters) indicated that their organization emphasizes values rather than rules to motivate ethical behavior, up 27 percentage points from when we first asked the question back in 2016. (This is not just a nice-to-have. It has real impact:
Cover story
corporatecomplianceinsights.com | 17
Made with FlippingBook Ebook Creator