Compliance Risk Management: four key areas of opportunity for a stronger compliance program

As organizations focus on business strategies and operations, implementing adaptive and integrated frameworks around four key areas of compliance management is essential to strengthening internal compliance programs.

In light of the COVID-19 pandemic, shifting regulations and increased enforcement and adoption of new technologies present challenges to organizations that want to build and maintain compliance regimes.

According to the EY Compliance Risk Survey, 63% of organizations consider compliance a top challenge. Taking into consideration a rapidly evolving regulatory environment, organizations must focus on strengthening and maintaining agile compliance frameworks.

As shifting regulations are expected to affect the policies related to domestic and regional supply chain, employment and human capital policies, data and cybersecurity among other functions, compliance programs will need to be developed with more agile and efficient frameworks. Though many organizations have a fragmented approach to their current strategy and process, they can still make significant progress in their compliance journey through a more adaptive, integrated and digitally supportive compliance function.

The survey reveals the full cycle of compliance risk management including how certain practices are being addressed. Key highlights of the MENA region include the need for:

• Compliance framework and culture: The need to build a strong and well-defined compliance function with a formalized risk management program
• Compliance governance: Compliance ownership that needs to be strengthened and made to be involved in strategic decision-making
• Compliance process and policy: Increased tracking of regulatory obligations and changes to applicable laws and regulations as well as emerging compliance risks
• Digital enablement: Investing in automation and digitalization of compliance risk management activities as well as training

Rather than the current fragmented approach, organizations need to integrate compliance as a part of their business strategy and process to develop a holistic approach to compliance management.

Compliance of the future needs to be:

1. Integrated: A formalized and integrated compliance risk program
2. Adaptive: Evaluation and improvement of regulatory change management process with multi-skilled compliance resources and dedicated compliance functions
3. Advisory: Compliance governance framework including a compliance function to act as an advisor through informed decision-making
4. Predictive: Identification and mitigation of emerging compliance risks
5. Digitally-enabled: Investment in the digitalization of the compliance risk management process including continuous monitoring, assessments, and reporting

A key priority for organizations is to develop and drive agile and efficient compliance frameworks that are supported by a robust and digitally-enabled process. Key insights from the survey show that more than half of the organizations rated their compliance risk programs as “basic” or “developing'' indicating a lack of defined framework, compliance culture and formal organization. Additionally, only 43% of respondents view the function of compliance as a business enabler and partner in facilitating success.

The challenges organizations in MENA face are centered around a lack of accountability and resources. For a majority of respondents, the key implementations toward stronger compliance risk management are related to strengthening governance, compliance culture, policy management, and automating compliance monitoring.

Organizations must also begin to invest in digitalization and automation tools in order to support compliance management.

According to the survey, 65% of respondents do not have a centralized repository of applicable regulatory obligations and 39% of respondents state that no formal training of regulatory obligations is in place.

Moving forward, organizations have the opportunity to leverage technology and improve strategic decision-making through independent compliance functions with a clearly defined framework.