Amid global developments from inflation to war, companies across industries have a lot on their plates these days, with few departments working closer to the heart of the action than risk and compliance.
What are the top issues keeping these teams up at night? How confident are they in their ability to stay on top of threats and keep their leadership informed?
Diligent and Censuswide surveyed over 450 risk and compliance professionals in the United States this summer to find out.
Supply chain issues, cyberattacks, and market volatility ranked high among their concerns, which is little surprise given the events dominating headlines over the past several months. But these were only three of the top five challenges. Survey respondents also cited evolving legislation and regulations (36%) and social responsibility issues (35%).
Over the past year, we’ve seen the Securities and Exchange Commission (SEC) propose new rules around cybersecurity and climate disclosures while investors and activists alike have increased their scrutiny on disclosures related to diversity, equity, and inclusion (DEI).
In such an evolving landscape, maintaining a good reputation among stakeholders and staying in good stead with regulators have become urgent priorities. Read on to discover where risk and compliance teams are feeling most vulnerable, and how investments and efforts to address these challenges have been going.
Reputational Risk: Looming Threats, Lagging Resources
In terms of corporate reputation, what activists, investors, talent and the marketplace think increasingly matters. Today’s companies want to be perceived as secure, socially responsible and successful, according to our survey. But many expressed problems keeping up — and keeping their boards informed.
The first challenge involves an expanding and increasingly complex risk landscape, with cybersecurity, ESG and economics posing growing threats to stakeholder perceptions.
In the category of reputational risk, information security (40%) and data breaches (37%) ranked near the top. One in three (33%) of survey respondents reported concerns about third-party relationships.
Risk and compliance professionals are also worried about perceptions of their companies as good corporate citizens. Social responsibility (38%), fraud (36%) and environmental impact (35%) rounded out the list of top concerns related to corporate reputation. Roughly 3 out of 10 (31%) of survey respondents expressed concern about their company’s lack of DEI strategy.
Economic concerns loomed large throughout. Over three quarters (77%) of survey respondents said that inflation is affecting their profitability. A full 72% of respondents have implemented a hiring freeze in their organization in the last six months, and over two thirds (69%) say they are currently considering layoffs to manage costs.
How will operational risks like these affect hiring, retention, analyst ratings and activist proposals? As monitoring internal operations and external sentiment become more important than ever, risk and compliance teams have mixed views of their ability to keep up.
Heightened Pressure on Compliance and Disclosures
Meanwhile, risk and compliance teams are concurrently grappling with how their company’s actions are perceived by regulators.
As legislation and regulations evolve, like the proposals brewing at the SEC, only 40% respondents feel their organization is “very prepared” for climate-related disclosure. Just under half (48%) expressed feeling “somewhat prepared.”
Over 7 in 10 (72%) respondents feel there will soon will be more pressure to act urgently on ESG. By comparison, just over 1 in 7 (15%) are feeling less pressure.
In short, just over a third of survey respondents said that one of their organization’s top compliance risks is regulatory compliance (34%).
Compliance risks on survey respondents’ minds ran the gamut, including:
- Corruption and/or fraud (42%)
- Workplace health and safety (41%)
- Employee behavior (harassment, discrimination) (38%)
- Quality assurance (37%)
- Environmental impact (36%)
Companies Are Investing — But Are They Prepared?
The good news: Companies recognize the need for risk and compliance solutions and are allocating resources in this direction.
Over three quarters (79%) of survey respondents said their organization has increased spending on risk or compliance in the last two years. Only 7% decreased spending over the past two years and only 14% said that spending remained the same.
Looking ahead to the next two years, a smaller but still sizable amount (68%) anticipated their organization to increase their spend on such technology over the next two years. Only 1 in 9 (11%) expected spending on risk and compliance solutions to decrease.
The next question is: Are companies investing in the right areas — such as technology solutions for more effective risk management and compliance?
On the positive side, just over a third (34%) of survey respondents said they are maintaining clear oversight of global entities and their risk profiles. The same percentage reported using technology to gain a holistic view of risks across the organization.
Yet a greater percentage (42%) of survey respondents said they are unable to connect data from disparate systems, depriving them of a holistic picture for timely monitoring and informed decision-making.
Doing more with less, and being confident of efficacy, have been challenges as well. Nearly 2 out of every 5 (39%) respondents reported insufficient time and resources for automating workflows. The same percentage said they were inadequately able to identify failures in their risk monitoring and management systems, and a slightly smaller number (37%) said they didn’t know if their efforts to measure known risks are working as expected.
Perhaps most critically, data management came in first as survey respondents’ top compliance risk (45%). Just as concerning, over a third (37%) felt challenged to communicate top risks up to the board.
When it comes to risk and compliance — from evolving regulations to global reputations — what companies don’t know can hurt them, in terms of fines, growth, stock price and shareholder value. Risk and compliance teams understand the landscape, as our survey demonstrated. The next step is strengthening their ability to monitor and measure it.
Start sharpening your ability to monitor and manage risk today — and communicate it to the board. Contact Diligent here.