Compliance digitalization The impact on the Compliance function. Deloitte Risk Services April 2016

Similar documents
The digital fund lifecycle

It's your business Take control. Controlling services

Belgian report. Global Human Capital Trends 2015 Leading in the new world of work

Insurance Analytics: Organizing Analytics capabilities to get value from Data Analytics solutions A Deloitte point of view on Data Analytics within

Duty of Care: from must to accelerator?

Introduction. Key points of the recent ODPC guidance, and the Article 29 working group guidance

Going beyond risk and compliance: Legal functions embracing digital

Integrated Business Planning plus Your journey towards digital end-to-end planning

The Deloitte CFO Transition TM Lab

The 2016 Deloitte Millennial Survey. Australia - Country Report 17 January 2016

The 2016 Deloitte Millennial Survey. Switzerland - Country Report 17 January 2016

Reimagine Collections and Disputes Proactively identify and manage issues with machine learning

Digital Fluency Academy Do you speak Digital?

Investment management analytics The three-minute guide

GDPR journey: from ready to compliant GDPR survey results

Internal audit insights High-impact areas of focus

Investment management analytics The three-minute guide

Securing tomorrow today Getting more value out of your data. Jan De Clercq Deloitte Netherlands

H 2 N H. Supply chain management in the chemicals industry Key challenges and how Deloitte can support

Compliance Risk Management Powers Performance

EU General Data Protection Regulation: Are you ready?

Dutch Banking Supervision on Conduct and Culture Deloitte Dublin 26 June 2018

Evolution of the smart factory leading to new business models

Beyond ITSM: Moving Up the Value Chain through Service Management

Reimagine everything Accelerate digital enterprise transformation

Global Trade Radar How to leverage what tax authorities and forward-looking companies are doing in customs and global trade. Global Trade Radar

Board Effectiveness and Culture

H 2 N H. Supply chain management in the chemicals industry Key challenges and how Deloitte can support

Big data strategy to support the CFO and governance agenda

Audit quality Independent Audit

Digital era: technologies & strategy

Funds in a Box Solutions Factsheets and on-line Fund Profiles. Funds in a Box Solutions Factsheets 2.0

Barry Robinson. Forensic Accountant, Deloitte

Mastering Wellbeing & Compliance. Practical advice on how to protect people, reputations and revenues

The time is now The Deloitte General Data Protection Regulation Benchmarking Survey

FSI Governance Board effectiveness Insights & (emerging) best practices. EcoDa 25 October 2017

IAB report on online ad-spend Affiliates results 2011

Deloitte Forum 2017: Global and Thailand Economic Outlook and How Disruptive Innovations Affect Your Competitive Landscape

Enabling a Digital India. Rajarshi Sengupta Senior Director, Deloitte 26 June 2015

EU General Data Protection Regulation in the digital age: Are you ready?

Digital Testing and Controls Automation A transformative approach to automating your control environment

PSD2 and GDPR: An awkward match?

REGULATORY COMPLIANCE SAVING TIME, MONEY, AND LIVES

EU General Data Protection Regulation: are you ready?

Securing tomorrow today Improving the process of VAT compliance and return preparation

General Data Protection Regulation

Due for a transformation Accounts payable optimization with machine learning

Day 2: Session 5 Invoice Management

ADP ihcm Supporting Strategy and Execution ADP ihcm Executive Briefing for CEOs

Sustainability Reporting using the GRI Taxonomy Paul Hulst, Deloitte

Deloitte M&A Deal Corridor US/EU

A guide to assessing your risk data aggregation strategies. How effectively are you complying with BCBS 239?

The Report of the Audit Committee Analysing the trends in South Africa

Invloed technologische ontwikkleingen op kleine IAF s. 12 oktober 2017 WELKOM

Headline Verdana Bold Build your own board potential What it means to be a board April 2018

What is your ethics reputation worth at the checkout?

Taking labs to the next level with cloud and IoT VELP Scientifica tightens the customer connection

Mining Solutions Driving innovation in mining

Co/outsourcing and/or supporting of your customs and global trade management

Solve for now. Build for next. The Deloitte Audit

TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION

Driving the Future of Finance Finance as a Strategic Advisor and Insight Provider, enabled by Technology

EMEA TMC client conference Tax Operating Model defining your tax resourcing, governance and technology approach. The Crystal, London 9-10 June 2015

Boards and internal audit: Working together to strengthen risk management

Logistics & Distribution: Revenue driver or necessary evil? Deloitte Introduction. Logistics & Distribution A source of competitive advantage

The Future of the Automotive Value Chain Supplier industry outlook 2025

Audit committee performance evaluation

Take-aways from EY s series of Internal Audit Analytics roundtables over 2016

RegTech Lab Make real-time possible

Future-Proofing Your Talent. How agile talent practices can drive digital transformation

Chris Hodge Financial Reporting Council Fifth Floor Aldwych House Aldwych London WC2B 4HN. 10 July

Anti Money Laundering (AML) Advisory Services Effective solutions for complex issues Deloitte Malta, 2017

Engaging the workforce. Getting past once-and-done measurement surveys to achieve always-on listening and meaningful response

Document Management for Global Trade Deloitte Academy DMS for GTS Working Slides

Connected customers The transformation imperative for Utilities in a digitally disrupted world

Global trends for community services in Western Australia

How to design the optimal emarketing model

Privacy as a business enabler From risks to opportunities

Four faces of the CFO

CFO Perspectives CFO Speaks

Supplying the tools for a finance transformation MSC Industrial Supply Co. addresses complexity head on

Digital finance The new superhero

Global In-House Centers Mitigating Risks. Enhancing Reputation. Optimizing Returns.

Easing the burden of data privacy compliance

Governance in a multidimensional environment

The Robots Are Here! RPA Services in Greece

Open Banking: the technology revolution sweeping across the banking industry. Policy Pulse June 2018 compendium

Distributed ledger technologies services. Distributed ledger technologies services Using the power of blockchain

MDM offers healthcare organizations an agile, affordable solution To deliver high quality patient care and better outcomes

The direct approach Finding new value with direct procurement

Where big and small business meet Enabling Enterprise Development through Collective Development

Corporate Governance Board Effectiveness Reviews

Ready for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements

How can you turn digital risk into a source of competitive advantage?

Presentation to NERSA Work performed relating to Deloitte s review of Eskom s RCA application

Enterprise. Service. Transformation. Deloitte driving your digital service excellence with ServiceNow

1. Understanding Big Data. Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview

The General Data Protection Regulation (GDPR)

PSD2 DATA FINTECH MARKETPLACE AISP CUSTOMER AWARENESS ALLIANCES MOBILE ECONOMY PISP API DIGITAL COMPLY REVENUE RTS SCORING BANKING STRATEGIC

Does a disrupted Internal Audit function mean a stronger strategic partner?

Transcription:

Compliance digitalization The impact on the Compliance function Deloitte Risk Services April 2016

2

Contents Preface 5 Management summary 6 Effects of digitalization 7 Using data in the compliance function 11 Privacy 16 Respondents profile 18 Compliance in Motion A closer look at the Corporate Sector 3

The availability of data and opportunities for datamining are growing very rapidly. Companies that don t respond pro-actively will be less competitive than they can be and will have an information disadvantage. 4

Preface Welcome to the fourth in a series of annual surveys designed to gauge the challenges faced by compliance functions across industries. For the first time, this year s survey also includes the financial services industry. This report is the continuation of Deloitte s Compliance Benchmark. This report provides insight into the trends and challenges faced by compliance functions and their organizations in the Dutch corporate sector and financial services industry. This year s Compliance Benchmark includes in-depth questions and responses on the growing trend of digitalization in compliance. Last year s results and many questions we received on data and digitalization made us realize that many compliance officers see these topics as key opportunities to increase effectiveness of compliance in the coming years. The success of this benchmark depends on companies willingness to share their practices. We are very pleased, therefore, that the number of companies participating is growing each year. This benchmark was developed by the Governance, Risk and Compliance (GRC) team of Deloitte Risk Services B.V. We would like to thank the many people who contributed to it, including those who participated in this year s benchmark. We trust you will find the report valuable, and hope that you will gain useful insights from it. Digitalization means compliance will stop being boring. It will be easier for top management to see results. Compliance digitalization The impact on the Compliance function 5

Management summary The 2016 Compliance Benchmark explores the market trends and developments in compliance digitalization, data and privacy observed by compliance officers. Compliance function remains relevant Digitalization will change both the nature of compliance work and the tooling used. Today s compliance officers expect to be able to adapt to the digitalization of their functions. The vast majority of respondents do not expect digitalization of the compliance function to make compliance officers obsolete. Adaptive tooling Digitalization will enable compliance officers to become more flexible and adaptive. Respondents are confident that digitalization is an enabler rather than a challenge for using and developing policies, procedures, training material and so on. Selecting the right data When it comes to data and compliance, we see that respondents are struggling to collect and select the right data. Collecting data from the different business units is seen as a challenge. Compliance officers often feel they should be the ones performing the analyses rather than the business. Compliance digitalization The ever growing role of data in the compliance function will change the required skill set of a compliance officer to include IT and data analytics skills, according to the majority of respondents. The data that were seen as the most important input for the improvement of the compliance function are data regarding: reported incidents, training completion records, internal audit reports and the follow-up on incidents. Privacy at risk Companies are looking into the appealing and promising opportunities for using digitalization and big data. Our respondents feel that privacy regulations could be a showstopper for compliance innovation and a majority of the respondents expect the rising tide of big data to create privacy risks. Difference between industries While differences can be observed between the financial services industry and the corporates these are relatively minor compared to the way they view the challenges regarding digitalization, data, privacy and compliance. All industries see both challenges and great possibilities for compliance when it comes to digitalization and the use of data. 6

Effects of Digitalization Digitalization brings technological advances, which create new opportunities for companies. However, staying compliant while using new technologies can prove challenging. Although regulators are trying to keep up with the pace of technological change, they are not always successful. Companies are struggling to comply with technology-neutral regulations that have been put in place, but that do not take account of new technological developments. 34% In last year s Compliance Benchmark, participants considered data protection, ICT integrity and privacy as key themes for the coming years. On the other hand, it showed the rising trend of compliance officers looking increasingly to data and digitalization as a way of improving the compliance function with more and more of the compliance budget being spent on tooling. This year we have taken a closer look at the effects of the digitalization of compliance. Evolving technology and advanced analytics, such as machine learning, are enabling new risk-management techniques. For example, some companies are already working with selflearning algorithms to monitor and detect fraud. These eventflagging solutions are producing results that are promising for all compliance officers. Staying compliant in a digital world Our respondents believe that, to the extent their companies are affected by disruptive technologies and innovations, these disruptions will make it harder for them to stay compliant. Even though disruptive technologies may not seem to affect a company directly, certain compliance issues relating to technological innovations are foreseen by the majority of the respondents. Only 7% of the respondents claim to be certain that technological innovations will not pose a threat to remaining compliant. of respondents use advanced and automated pattern recognition Compliance digitalization The impact on the Compliance function 7

Compliance officers of the future The respondents in this year s Compliance Benchmark overwhelmingly (over 80%) think that digitalization will change both the nature of compliance work and the tooling used. Interestingly, only 33% is certain that the required skill set for compliance officers will expand to include IT and data analytics expertise. Feedback received from various clients indicates, however, that many compliance officers believe that digitalization will enhance rather than substantially change the function. Today s compliance officers expect in any event to be able to adapt to the digitalization of their function. Digitalization and the different industries Our survey shows that the respondents from the Financial Services Industry (FSI) have the most positive view on the role digitalization will play as a compliance enabler. The Energy, Resources and Transport (ERT) sector seems to be most critical of what digitalization will bring compliance. 37% of the respondents from this group deem it unlikely that digitalization will be a serious compliance enabler. Comments by respondents show that the level of regulation in the different industries play a crucial role in the extent in which digitalization is seen as a compliance enabler. This also explains why only 7% of respondents is most certain and 24% deems it likely that current compliance officers will become obsolete as a result of digitalization. Digitalization is a compliance enabler according to: 87% of FSI respondents 63% of ERT respondents 8

Digitalization and culture Various respondents state that they expect challenges regarding Compliance culture, tone at the top and perception of compliance will increase due to the digitalization of compliance. They state that the focus on hard controls to mitigate compliance risks will increase. Last year s Compliance Benchmark identified a trend of companies increasingly using hard controls, both in order to improve and measure the effectiveness of their compliance program. This year s report shows this trend to be catalyzed by digitalization, with 63% of respondents expecting a shift from soft controls to hard controls. Despite the various challenges perceived, our clients and also the respondents in the benchmark survey state they are looking forward to the benefits that digitalization can offer the compliance function. Of the respondents, 90% expect digitalization to enable their company to use more adaptive and compliant policies, procedures, training materials and so on. Feedback from various industries indicates, however, that finding adaptive tools can prove challenging as preferred options may not yet be available or can be deemed too expensive to use. Data and IT systems provide great opportunities for compliance. However, the cultural aspects and personal integrity must not be forgotten, for these are crucial for compliance. Compliance digitalization The impact on the Compliance function 9

The biggest challenge in using data for the compliance function is selecting the right key data to define hard and soft controls without causing an overkill of control on the business. 10

Using data in the compliance function The ever-increasing volumes of data available are creating a wide range of new opportunities, not only for business purposes but also for compliance officers. Never before has there been so much data potentially able to provide a solid picture of business performance. In theory, every compliance officer could have perfect insight into the state of compliance and performance of the company as a whole. However, as our respondents indicate, the data available in their companies are predominantly unorganized and still need processing before such meaningful intelligence can be provided. When measuring the effectiveness of the compliance function and program, companies indicated in last year s benchmark that they were looking at ways to incorporate professional judgment and data analytics so as to paint a reliable picture of the state of their compliance. Companies are increasingly basing their business strategies on the results of data analysis. Our respondents state that these opportunities also present new challenges. Making the right analysis and correctly interpreting the information extracted from the available data are becoming more and more important. It is no longer about producing the correct data, but about using the data correctly. Challenges in using data We asked our respondents what they see as the biggest challenge in using data as part of the compliance program. According to their responses, by far the most challenging aspect of incorporating data into the program is collecting the available data from the various parts of their organization (73%). The second biggest challenges (both in the 50%) are a lack of alignment between different IT systems (53%), and data and privacy issues (57%) that can arise. Most of the time, compliance uses its own data (77%) or data provided by HR (63%) for performing data analyses. Fewer than one third of the respondents are helped by their CIO office in collecting the data needed. Another remarkable finding is that 33% of the respondents use data supplied by external parties. It is no longer about producing the correct data, but about using the data correctly. Data for analysis was provided by: Compliance 77% HR 63% Legal Security 50% 50% CIO office External party 33% 33% Compliance digitalization The impact on the Compliance function 11

Turning data into information Turning data into useful information can be challenging. What tools do you need? What information can provide the most insight? What follow-up actions should be taken? Compliance reporting, Risk Assessments and compliance performance (KPI s & KRI s) continue to form the main purpose for which data is used by Compliance Officers. New and interesting purposes mentioned in the survey include culture assessment (50%), real-time compliance monitoring (40%) and pattern recognition (33%). Data scientists and compliance officers increasingly need to be able to convert data insights into business actions. This is shown by the fact that amongst respondents, data analysis is performed by the compliance function (90%) or the risk function (43%). In doing this they can become trusted advisers to support different business areas. Interestingly, 19% of our respondents state they use an external party to analyze data. Tooling is used to extract compliance and management information in support of data analysis. Most companies choose to develop their own tools for data analysis (60%) or use externally developed GRC tools throughout their organizations (37%). Data and the different industries Differences between industries appear. The FSI is more prone to using event flagging and the corporate sector show more inclination to using data from risk assessments to determine what actions to undertake. When it comes to using data to measure effectiveness of the compliance function it appears that the corporate sector puts greater confidence in the data at hand. A substantial part of the FSI respondents state that they do not use the data gathered to assess whether the compliance function is effective. For which purposes do you use data? Compliance Reporting Risk Assessments Compliance Performance KPI s & KRI s 12

Compliance and tooling Compliance officers are constantly seeking ways to enhance their compliance program. Using data to improve the compliance function is commonly believed to be a necessity and may even create strategic advantages. The trend seen in last year s Compliance Benchmark has continued with regard to the tooling and functionalities being used to improve the compliance function. The international Compliance Trends Survey conducted in 2015 by Deloitte and Compliance Week showed only 32% of respondents to be confident or very confident in the ability of their compliance department s IT systems to fulfill their organization s compliance responsibilities and reporting requirements. This year s Benchmark shows that the undisputed tools of the compliance officer remain: Questionnaires Training apps Dashboard functionalities The comments of respondents make it clear, however, that the number of tools is limited to the aforementioned as other tools and apps are often simply not available to compliance officers. The Compliance Trends Survey found the most frequently mentioned compliance program components not supported by technologies or tools to be: Tracking legislation or regulations Measuring effectiveness of compliance program Third-party risk management Conflicts of interest Undisputed tools of the compliance officer 1 2 3 Questionnaires To assess compliance and simultaneously raise awareness of compliance and other risks. Training apps Specific compliance trainings apps are being used on ipad/ iphone and other mobile devices. Dashboard functionalities Compliance officers use various dashboard functionalities to support compliance reporting. Compliance digitalization The impact on the Compliance function 13

Improving the compliance program through data analysis 75% Selecting the correct key data to support the compliance function is a challenge faced by many compliance officers. Different types of data are used to conduct data analysis designed to improve the compliance program. 42% As in last year s Compliance Benchmark, reported incidents are still the most common indicator of a good compliance program, with 87% of respondents stating that they use this data to improve their program. Data used to improve the compliance program Reported incidents87% 77% Training completion records Internal audit results 70% Training completion records Training results records Last year, over 80% of respondents stated that their organizations had mandatory compliance training. This year, we asked which data are used to measure the effects of training designed to improve the compliance program. Interestingly, far more respondents this year state they use training completion records (77%) rather than training results records (40%). Both answers show that training continues to play a vital role in creating solid and effective compliance programs. 67% Follow-up on incidents Employee surveys 63% 14

Compliance data and strategy Insight from key data can give companies a strategic advantage. Compliance data are seen as an important part of the information on which companies strategies are based. Over 80% of the respondents gave an affirmative answer (33% most certainly and 47% probably ) to the question whether compliance data play a role in strategic decisions made by management. The respondents are divided on the extent to which they expect compliance wishes and requirements to play a significant role in IT tenders and procurement. A total of 33% is convinced that compliance wishes and requirements most certainly will play a role, while 40% think this is probable and 27% believe it to be unlikely or even say their wishes will definitely not play a role in this. Do compliance wishes and requirements play a significant role during IT tenders or IT procurement? 23% 3% 40% 33% Most certainly Probably Unlikely Definitely not Compliance digitalization The impact on the Compliance function 15

Privacy Privacy has been an important issue in business ever since it was declared a fundamental human right in the mid-20th century. The discussions surrounding privacy have changed, however, and are becoming even more relevant in the evolving world of digitalization, with the increasing use of data and social media. Last year s respondents stated that they believed that privacy would become a top compliance theme for this year because of the expected increase in digitalization and the new General Data Protection Regulation. Privacy, innovation and big data In a world where digitalization, the use of data and all kinds of tooling are helping companies to structure and monitor their business processes and ensure compliance, where does this leave the subject of privacy? The opportunities for gathering data are almost unlimited in today s hyper-connected and ultra-transparent society. Most organizations already understand that privacy is set to become a significant aspect of the compliance program in the years to come. A total of 80% of the respondents expect digitalization to be of help in innovating compliance strategies, while 53% of this group see privacy regulations as a showstopper for compliance innovation. As Deloitte we believe that incorporating emerging privacy risks in the compliance program from the beginning is essential in today s evolving world of data and digitalization. In this way, privacy can be an enabler and strategic advantage, always staying one step ahead. We also asked participants how they feel about privacy in relation to big data. The vast majority (78%) expects privacy risks to emerge in response to the rising tide of big data. 16

Regulatory changes In two years time, the General Data Protection Regulation (GDPR), which was published on December 17, 2015, will replace all national privacy legislation in EU member states. Detecting data breaches is still a major issue, according to the respondents in the Privacy with a View research conducted by Deloitte s Privacy team in 2015. Indeed, 48% of these respondents were not confident of being able to detect personal data breaches. Even though the GDPR is significantly different from the existing data privacy legislation, 50% of respondents do not expect problems within their organization in terms of complying with the new Regulation. As many as 77% of respondents believe they are prepared for the changes in the data privacy regulation landscape. Percentage of respondents that expect problems within their organization regarding GDPR 43% 7% 10% 40% Most certainly Probably Unlikely Definitely not Laws and regulations are too slow for our compliance innovation and they delay execution. Compliance digitalization The impact on the Compliance function 17

Respondents profile A range of companies participated in Deloitte s 2016 Compliance Benchmark. This appendix outlines the profiles of the companies interviewed. Listed/non-listed 7% 22% The Compliance Benchmark covers Euronext-listed and also some large, non-listed companies. Around 30% of the companies included in this survey are currently listed in the Netherlands or abroad. The remaining 70% of the companies are large, non-listed companies based in the Netherlands. The benchmark includes companies in the Financial Services Industry (36%), Energy, Resources and Transport sector (29%), Consumer Business (18%), Telecom, Media and Technology sector (11%), Real Estate (4%) and the Public Sector (4%). The benchmark results derive from a representative group of companies in each of these sectors. Analyses of the results show some interesting differences between the different sectors. The respondents from the Financial Service Industry are strongly convinced that digitalization will be an enabler for using more adaptive and compliant policies in the future. Interestingly enough these respondents also indicate that one of the current biggest challenges is the quality of the available IT systems. 70% Abroad Netherlands Non-listed Sector 4% 4% 11% 36% 18% 29% FSI ERT CB TMT RE PS 18

Compliance digitalization The impact on the Compliance function 19

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see www.deloitte.nl/about for a more detailed description of DTTL and its member firms. Deloitte provides audit, consulting, financial advisory, risk management, tax and related services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte s more than 210,000 professionals are committed to becoming the standard of excellence. This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the Deloitte network ) is, by means of this communication, rendering professional advice or services. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication. 2016 Deloitte The Netherlands

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback