Deloitte In Focus - Chief Compliance Officers Survey
While chief compliance officers have seen their influence grow within the top management ranks of firms they work for, technology issues related to harnessing big data, remain as compliance challenges for many organizations, a new survey by Deloitte and Compliance Week has found.
Within this report, we have combined the deep knowledge and experience of Deloitte with the broad industry perspective of Compliance Week to draw insight into three questions:
- Do compliance executives have the appropriate authority and resources to do their jobs?
- Are compliance executives assessing the right risks in the right way?
- How do compliance executives use technology to tame the challenges they face?
The report contains “snapshots” of select findings from each of those three categories. We hope you find this information useful and that it can serve as guidepost for your own efforts to understand the compliance strategies that might work well in your company.
In addition, individual business units within large financial organizations remain cautious in embracing compliance as a so-called “business partner,” preferring instead to view the compliance unit as an independent watchdog.
The full report, published last month, includes a broad range of non-financial industries, such as healthcare and consumer products, but at the request of Thomson Reuters Regulatory Intelligence, Deloitte has broken out the results separately for financial services, which includes 105 institutions around the globe. Several highlights emerge from the study:
• The chief compliance officer (CCO) is a standalone position at 73 percent of firms, up from 63 percent in 2014. Of that group, 31 percent report to the chief executive officer, with others reporting either to the general counsel or chief risk officer
• 60 percent hold a seat on the executive management committee
• 60 percent have designated compliance officers in their subsidiaries, business units, or geographies
• 65 percent of compliance officers in subsidiaries, business units or geographies report directly to the enterprise CCO
• Just 41 percent feel that the compliance function is a business partner within their organization compared with 45 percent in 2014
• Regarding confidence in IT systems dedicated to compliance functions, only 37 percent expressed confidence, down from 43 percent last year
The picture that emerges from this year’s survey shows that the compliance function, especially within senior management ranks, has grown in importance, but for many firms issues remain regarding the infrastructure that supports the function, said Tom Rollauer, director in Deloitte’s Governance, Regulatory and Risk Strategies practice.
"That CCOs increasingly hold a seat on executive management committee is a signal that the C-suite is trying to elevate the position to discuss strategy and risk appetite, and have a voice in strategic decisions and other operational type decisions," said Rollauer.
"However, regarding confidence in IT systems for compliance. . .this is still a problem," he said, adding that without an improved compliance infrastructure, management would be hampered in evaluating the effectiveness of existing resources, and perhaps more hesitant to commit additional funding.
Another worry was the view that many business units have of the compliance function. While there is an effort underway to align compliance more closely with various businesses, many firms said they preferred to see compliance as a standalone and independent entity. Rollauer said this was perhaps a more difficult issue to capture accurately in the survey.
"People are saying they (compliance) shouldn’t be a partner and remain independent. We were asking how valuable is compliance for your organization, and whether you can go to them for advice and counsel," said Rollauer.
Another observation from the findings was that firms have to be on equal footing with regulators with regard to data analytics. Regulators were now surveying information such as customer complaints on numerous banks and playing back such metrics to the institutions they oversee.
While some firms were capable of harnessing this type of data, others were still lacking.
"Some larger institutions are moving down this path, but more need to do it in a prescriptive way.
http://www2.deloitte.com/content/dam/Deloitte/us/Documents/regulatory/us-aers-reg-crs-2015-compliance-trends-survey-051515.pdf