Companies face three key challenges around compliance management.
Companies are struggling to build and maintain compliance regimes that keep up with new regulations and laws enacted in the markets where they operate. Compliance is a moving target, but does it have to be a barrier to doing business?
Here are three key challenges to understand around compliance management:
1. Compliance fatigue
The scope of the compliance function has grown oppressive. Tracking and documenting relentless regulatory changes is only the start. Policies and procedures must be amended, boards must be informed, and a “culture of compliance” must somehow be encouraged.
The combined burdens of regulatory compliance are so heavy that, for many companies, they’re sapping time and resources better used for innovating and staying competitive. Spending on compliance now comprises more and more of a typical IT budget that companies are stretching thin while trying to stay nimble in a market continually disrupted by new technology and nontraditional competitors. Rather than developing creative responses to business challenges, risk and technology groups are slogging through tedious — and often manual — compliance protocols.
2. Unaware of risks
Early-stage technology just a few years old can no longer be called “emerging” — it’s established. Cloud computing, data lakes, AI and robotics present unique challenges for risk and compliance functions, especially around privacy regulations such as General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Fair Information Practice Principles (FIPPs) and the state of Nevada’s recently enacted privacy law.
If these challenges aren’t addressed, thus creating compliance gaps, then the promise of new technology — efficiencies, flexibility and a competitive edge — is outweighed by the risks it can create. When day-to-day operations and backup systems are not compliant, companies face potentially devastating consequences including fines and reputational damage.
3. Disruptive impact to revenue and reputation
The costs of noncompliance are growing. Beyond the financial and reputational risks to firms, executives face specific risks, namely personal liability and accountability. Given these consequences, it’s a painful irony that executives often have little visibility into the overall state of compliance. They would never accept the lack of “digital thread” around operations or financials, but compliance is a noncore capability ruled by complex, manual processes.
It’s hard for executives to pin down obligations and whether or not they’ve been met. Compliance is also typically siloed across the organization, with low process integration and standardization. And a company’s growth, though welcome, compounds the compliance problem.