What a difference a year makes. The shifts from 2023’s survey are profound, especially when it comes to the risk areas keeping you up at night.
We asked three simple questions in this survey:
- What is your highest priority among regulatory risk in 2024?
- What is your highest priority from a programmatic standpoint in 2024?
- What do you anticipate being your biggest challenge in 2024?
Last year, we asked the first two questions so we can compare and contrast. What happened?
What is Your Highest Priority Among Regulatory Risk in 2024?
Last year, the biggest area of regulatory risk was anti-bribery/anti-corruption. This year? Bribery and corruption fell off its throne, overwhelmed by more than a third of respondents who said that data privacy was by far their biggest concern.
In third place was modern slavery prevention/ESG, which makes sense in the context of how many folks are concerned about third-party programs (see next section).
People were much less bothered about antitrust than they were about the other risks. Given the new laws in data privacy and the focus on cybersecurity by authorities, compliance officers are focusing on the right place.
What is Your Highest Priority From a Programmatic Standpoint in 2024?
Compliance officers are focused, focused, focused on risk assessments, which came in first at 36%. More than a third of you are most focused on this area, followed by 21% focusing on third-party programs.
The focus on third-party programs makes tremendous sense. European, German, and California law have put in place disclosure requirements relating to supply chain, and as these laws come into effect, people are highly focused on getting the information they need to comply. In addition, shareholders and consumers are increasingly focused on modern slavery prevention and sustainability, which ups the ante for organizations.
Third place went to training and communications, which came in second last year. Interestingly, the focus on policies and procedures as the program’s main focus dropped from first last year to fifth this year, with just 14% most focused on this topic.
What do You Anticipate Being Your Biggest Challenge in 2024?
This was a new question for 2024, and the answers were fascinating. We’re always hearing that budget is the biggest limitation, but that wasn’t the case this year for survey respondents. In fact, 31% of you said that lack of personnel was the biggest challenge.
This makes sense, as the workload of the Compliance team is continually growing. Many Compliance professionals have taken on ESG, sustainability, and/or privacy, and as noted above, there are many new regulatory requirements in each of these areas.
In addition, our focus on speak up and hotline reporting has been yielding results. In the recent NAVEX Top Ten Trends and Predictions webinar I performed with Carrie Penman, she noted that across the board, reports were substantially up in 2023 from the previous years. More reports are great for corporate culture, but can place huge burdens on Compliance teams that need to perform more and more investigations.
Coming in second place for challenges was a lack of understanding from the business about the importance of compliance. That’s a frustrating place to be for sure. Rounding out the top three was lack of budget, which is related to fourth place finisher, lack of technology.
I was pleased to see that lack of support from the top (10%) and lack of support from the middle (6%) ranked so low. While the business may not always understand the importance of compliance, top and mid-level managers aren’t the biggest issues.
What This All Means For 2024
2024 is poised to be a tremendous year for the compliance profession. There has been a substantial shift away from anti-bribery/FCPA being the center of the compliance universe. The DOJ didn’t have many blockbuster bribery cases, and enforcement was down all told.
The focus on anti-bribery shifted in favor of technologically based programs reviewing privacy concerns and monitoring sanctions.
Where to Start
I’m often asked where to start, and the answer will always be a risk assessment. We simply can’t do it all – at least not all at once. We need to focus on the activities that bring down risk most substantially, and that begins with understanding and characterizing risk. If you’d like professional help with the risk assessment process, Spark Compliance is on your side, or you can sign up for my online course, Risk Assessments Made Easy.
Typically, with greater regulatory responsibility comes greater attention. Greater attention leads to more respect and, if we’re lucky, more budget, technology, and personnel.
Cheers to 2024! May it be a great year for everyone in the community, no matter what your priorities.