Technology and data and analytics can help organizations be more proactive in compliance efforts and address weaknesses before they escalate to compliance issues. However, many are not effectively using technology and data and analytics to take a proactive approach to compliance and to prepare for and adapt to regulatory change, according to a new report by KPMG LLP, “The Compliance Journey – Boosting the Value of Compliance in a Changing Regulatory Climate.”
Many companies continue to struggle to integrate and automate compliance activities across their organizations. About 60 percent of the chief compliance officers (CCO) surveyed said either that their company’s technology infrastructure has not been analyzed to confirm it aligns with compliance requirements or they were unsure of such alignment.
Six out of 10 respondents also said they were unsure as to whether their technology infrastructure is proactively adapted to align with regulatory changes.
“Given the broad spectrum of regulatory changes anticipated from the new administration and Congress, as well as differing and changing regulatory requirements across jurisdictions, organizations should continue to focus on investing wisely in areas of their compliance practices and programs that will help them to more effectively and efficiently comply and operate,” said Amy Matsuo, partner and Regulatory Risk Network leader at KPMG LLP.
Richard Girgenti, principal and leader of Forensic Advisory Services for the Americas at KPMG, added: “At a time when chief compliance officers are strained for budgets and resources, they can achieve efficiencies as well as improve their organization’s compliance program by leveraging technology and data and analytics to support a wide range of compliance activities including risk assessments, monitoring, testing, training, reporting and document retention.”
Compliance programs not keeping pace with changes in regulation
Despite the quickening pace of regulatory change globally, CCOs report there is room for improvement in their ability to monitor and prepare for such change:
- Only 27 percent of CCOs strongly agree that their compliance function has a change management process in place to identify and incorporate changes in laws and regulations into their policies and procedures.
- Nearly one-third said that their organizations do not have, or they do not know if they have a regulatory change process that captures changes in applicable laws, rules and regulations.
Room for improvement in third-party monitoring
Rising global regulatory expectation and scrutiny of organizations’ third-party relationships is driving CCOs to further enhance their third-party risk management programs. CCOs understand that weaknesses to adequately assess third parties can expose their organizations to operational risk, possible government investigations and reputational damage, as well as monetary penalties and potential criminal liability.
However, only about half of organizations have a compliance monitoring process to confirm their third-party vendors adhere to compliance due diligence processes.
About the survey
KPMG surveyed CCOs from 62 major U.S. organizations (representative of the largest 100 U.S.-based companies) across seven industries about their compliance activities. The survey addressed compliance elements such as risk assessment, governance and culture, technology and data analytics, and monitoring/testing, among others. Read the full report.