In December we asked thousands of compliance officers what their TOP priority was for 2020. The answers are in, and they may surprise you. Is your top priority aligned with everyone else’s? Let’s find out.
Number One: Compliance Program Assessment
42% of respondents answered that their program review/assessment was their top priority for 2020. This isn’t surprising, given the huge focus the DOJ’s Evaluation of Corporate Compliance Programs gave to program assessment. In it, prosecutors were instructed to consider, “whether the company has engaged in meaningful efforts to review its compliance program, and ensure that it is not stale.” Companies must “evaluate periodically the effectiveness of the” program.
Program reviews are critical because new laws and regulatory guidance mean that expectations shift over time. Without a program assessment, it’s easy to fall behind regulatory expectations or legal requirements. Nearly half of respondents took this to heart to make completing your program assessment their top priority for the year.
Number Two: Risk Assessment
33% of respondents stated that performing or updating their risk assessment was at the top of their list. Every compliance program should be based on a risk assessment. Why? First, if you don’t have a current risk assessment, you won’t know which risks are the most problematic. Without this knowledge, it will be impossible to properly allocate your monetary and human resources in tackling risk. Then if you have a problem, you can’t show the regulator/prosecutor that you’re employing a risk-based approach – and that can cost the company its mitigation credit. Everything should start with a risk assessment, and a third of respondents are focusing on making sure theirs is completed this year.
Number Three: Third-Party Pain
30% of respondents chose “Third-Party Due Diligence Program: Create, Update, or Evaluate” as the top priority for 2020. Third-party pain is real and continuous. It is estimated that 90% of reported FCPA cases involve the use of a third-party.
To add to the challenge, it’s not just anti-bribery third-party due diligence anymore. Due diligence is now expected on a raft of compliance topics, frequently including modern slavery/human trafficking risk, data privacy, and sanctions.
Many third-party due diligence programs were set up years ago and need a refresher to meet current best practices and regulatory expectations. A third of respondents will be spending their time focusing on easing third-party pain this year.
Number Four: Privacy
California rang in the New Year with the new California Consumer Privacy Act taking effect. The CCPA and GDPR dominate the thoughts and focus of 24% of respondents this year. Privacy is becoming a hotter and hotter topic, with several US states and multiple countries throughout the world updating their laws to match the growing expectations of their constituents to protect them. No government wants to be seen as ignoring the need for privacy of its citizens. The problem for compliance officers is that no country or state seems to protect privacy in the same way, leading to a maze of laws with small distinctions that can cause big problems if requirements aren’t met. A quarter of respondents will be focused on privacy in the New Year.
Tied for Fifth: Training and Code of Conduct/Policies
The perennial updating of the Code of Conduct, policies, and/or training came in as a joint fifth place, with 21% of respondents focused on these bedrock program elements. Codes of Conduct are typically refreshed on a three-to-five-year basis, as are training programs and policies. A fifth of respondents will be spending their time focusing on these next year.
And the Others…
18% of respondents will be focused on whistle-blower procedures and investigations, while another 15% will be focused on something else not listed as a survey response.
Compliance programs all have the same basic elements, but new laws and guidance influence which parts of the program we focus on in any given year.
It’s been said that if you have more than three priorities, you have zero. The compliance officers that answered our survey are quite clear – they’ve got their priorities, and they’re sticking to them in 2020.
Spark Compliance Consulting provides world-class compliance program reviews, risk assessments, and third-party due diligence program creation and assessment. Email us at firstname.lastname@example.org or visit our website to find out how we can work together to bring your program to the next level.