Global Corporate Compliance & Ethics Data Survey

Facts & analysis

January 28, 2016© 2016 Consero Group. Reproduction Prohibited.

In Partnership With

© 2016 Consero Group. Reproduction Prohibited.2 January 28, 2016

IntroDuCtIon

Global Corporate Compliance & Ethics Data Survey

Chief Compliance Officers face a variety of complex challenges. Among these

are increasing data privacy issues, changing foreign regulatory requirements,

and the logistical hurdles of global compliance training. While compliance

officers’ influence on decision-making and strategy has grown over time, there

remains a great deal of opportunity for more efficiency and impact. By working

across the C-suite and leveraging their teams and different tools, today’s

Chief Compliance Officer can ensure that the organization navigates a tough

compliance environment effectively.

Table Of Contents

3Access And Strategy

5Operations And Program Management

7Technology And Cyber Security

9Risk Management

11Conclusion

12Consero

© 2016 Consero Group. Reproduction Prohibited.2 January 28, 2016

Survey Structure And Methodology

Consero’s Corporate Compliance and Ethics Data Survey was conducted in

connection with its invitation-only North American and European 2015 Fall

Forums for Chief Compliance Officers. Produced in collaboration with The

Red Flag Group, the survey consisted of 17 questions, covering issues such

as compliance operations, technology infrastructure, and risk management,

among others. There were 76 respondents from Fortune 1000 companies,

providing valuable insight into the current and looming opportunities and

challenges of Chief Compliance Officers.

© 2016 Consero Group. Reproduction Prohibited.3 January 28, 2016

ACCESS AnD StrAtEGY

Overall Compliance Strategy Is The Top Area Of Focus For Chief Compliance Officers In 2016

The top three positions to which Chief Compliance Officers report are General

Counsel (42%), Board of Directors (33%), and Chief Executive Officers (21%).

Despite the seniority of their managers, 58% of Chief Compliance Officers do

not believe the compliance function is integrated adequately into corporate

decision-making and strategy. In addition,16% of respondents view senior

management buy-in as an impediment to their department’s progress.

Looking ahead, two-thirds of Chief Compliance Officers are focused on overall

compliance strategy in the next 12 months. Third-party oversight follows

second at 54%, and employee compliance training at 49%. Compliance

respondents claim insufficient staffing as the main impediment to their

department’s progress, indicating that recruiting and training will be a priority

in 2016.

Figure 2: Is your compliance function integrated sufficiently into corporate decision-making and strategy?

Yes 42% No 58%

Figure 1: to whom do you report? (Select all that apply.)

General Counsel 42%

Board of Directors 33%

Chief Executive Officer 21%

Chief Financial Officer 4%

Chief Risk Officer 2%

Other 11%

42%

21%

4%2%

11%

33%

© 2016 Consero Group. Reproduction Prohibited.4 January 28, 2016

ACCESS AnD StrAtEGY

Figure 3: What are your top areas of focus for the coming 12 months? (Select all that apply.)

Figure 4: What would you describe as the greatest impediment to your department’s progress?

64% Overall compliance strategy

54% Third-party oversight and management

49% Employee compliance training

46% Bribery and corruption

33% Data privacy and cyber security

36% Regulatory matters

21% Technology integration

16% Ethics risk

9% Other

22% Insufficient staffing

16% Senior management buy-in

14% Access to budgetary resources

14% Current IT infrastructure

13% Middle management buy-in

10% Evolving regulatory landscape

10% Global compliance program management

2% Other

© 2016 Consero Group. Reproduction Prohibited.5 January 28, 2016

oPErAtIonS AnD ProGrAM MAnAGEMEnt

Seventy-Three Percent Of Compliance Officers Believe Their Compliance Programs To Be Just Somewhat Effective In Mitigating Organizational C&E Risk

Most compliance respondents view their programs as just somewhat effective

in mitigating C&E risk for their organizations. This is an alarming reality,

given that failure to adhere to C&E mandates can result in severe and costly

penalties. Compliance officers may wish to spend time in 2016 strengthening

their current operations to protect their organizations from C&E risk

adequately.

When asked how they assess the effectiveness of their compliance operation,

72% of Chief Compliance Officers use internal auditing and monitoring, 68%

monitor training completion rates, and 58% leverage hotlines. A majority of

compliance executives rely on third-party vendors to monitor whistleblower

hotlines.

With regard to compliance training within organizations, 73% of respondents

have made bribery and corruption training mandatory for all their employees,

highlighting the focus Chief Compliance Officers and their companies place on

this issue. In addition, just over two-thirds of respondents view online tools as

an effective means to train their global employees.

Figure 5: How effective is your compliance program in mitigating C&E risk for your organization?

Very effective

15%

Somewhat effective

73%

Not effective

12%

© 2016 Consero Group. Reproduction Prohibited.6 January 28, 2016

Figure 6: What tools do you use to assess the effectiveness of your compliance operation? (Select all that apply.)

oPErAtIonS AnD ProGrAM MAnAGEMEnt

Inte

rnal

aud

itin

g an

d m

oni

tori

ng

72%

Trai

ning

co

mp

leti

on

rate

s

68%

Ho

tlin

es

58%

In-h

ous

e

emp

loye

e su

rvey

s

53% 39% 10%O

ther

Third

-par

ty

asse

ssm

ent

too

ls

Figure 7: Do you use a third-party vendor to manage your whistleblower hotline?

Yes 82% No 18%

Figure 8: Is online compliance training an effective means to train your global employees?

Yes 67% No 33%

Figure 9: Is bribery and corruption training mandatory for all managers in your organization?

Yes 73% No 27%

© 2016 Consero Group. Reproduction Prohibited.7 January 28, 2016

tECHnoLoGY AnD CYBEr SECurItY

Over 80% Of Chief Compliance Officers Report That Current Technology Infrastructure Is Insufficient For The Needs Of Their Operation

An overwhelming 84% of Chief Compliance Officers do not believe the current

technology infrastructure of their organizations meets the needs of their

compliance operation. Furthermore, 43% of respondents are not confident

in the ability of their IT departments to support the compliance needs of

the organization. This major gap between IT and compliance likely deserves

attention, as technology plays a crucial role in employee compliance training,

overall compliance program management, and data privacy management,

among other areas.

Fifty-six percent of compliance respondents are either very involved or

involved in cyber security and data privacy issues within their organization—a

figure that may rise over time as more companies are exposed to cyber

threats. Currently, 54% of Chief Compliance Officers have a formalized data

privacy compliance plan for their company, and 29% are in the process of

creating one. This validates the rising emphasis on monitoring data privacy.

Figure 10: How involved are you in cyber security and data privacy within your organization?

Very involved

31%

Involved

25% Somewhat involved

25%

Not involved

19%

© 2016 Consero Group. Reproduction Prohibited.8 January 28, 2016

tECHnoLoGY AnD CYBEr SECurItY

Figure 11: Do you have a formalized data privacy compliance plan for your company?

Yes

No

In the process of creating one 29%

17%

54%

Figure 12: Does your current technology infrastructure meet the needs of your compliance operation?

Yes

No 84%

16%

Figure 13: How confident are you in your It department’s ability to support the compliance needs of your organization?

0% Very confident

Confident 19%

Somewhat confident 39%

Not confident 42%

© 2016 Consero Group. Reproduction Prohibited.9 January 28, 2016

rISK MAnAGEMEnt

Compliance Officers Report Asia Pacific As The Region That Poses The Greatest C&E Risk To The Business

Compliance officers spend a significant amount of time identifying and

mitigating risks around the globe. Seventy percent of respondents are either

very involved or involved in enterprise risk management efforts for their

organizations. Sixty-one percent of Chief Compliance Officers conduct an

enterprise-wide risk assessment once a year, while 14% do so on a quarterly

basis.

In looking ahead, 49% of Chief Compliance Officers named Asia Pacific as the

geographic region that poses the most C&E risk to their business operations

by a wide margin. Just over two-thirds of respondents believe their compliance

teams to be educated on foreign regulatory requirements that are important

to the business. The perceived risk around the Asia Pacific region calls for

compliance and legal teams to have a greater amount of familiarity with foreign

regulations in the coming year.

Figure 14: How involved are you in enterprise risk management efforts within your organization?

Not involvedSomewhat involvedInvolvedVery involved

37% 33%

24% 6%

© 2016 Consero Group. Reproduction Prohibited.10 January 28, 2016

rISK MAnAGEMEnt

Figure 15: How often do you conduct an enterprise-wide risk assessment?

Annually 61%

Semi annually

10%

Quarterly

14%

Never

1%On occasion/

rarely

14%

Figure 17: Is your compliance/legal team sufficiently familiar with foreign regulatory requirements that impact your business?

Yes 67% No 33%

Figure 16: What geographic region do you foresee posing the greatest compliance and ethics risks to your business operations in 2016?

Asia Pacific 49%

Latin America 13%

Middle East & Africa 9%

North America 6%

Eastern Europe 5%

Western Europe 4%

Central America 1%

My company does not have a global presence 13%

6%

49%

9%

5%4%

1%

13%

© 2016 Consero Group. Reproduction Prohibited.11 January 28, 2016

ConCLuSIon

Lessons For The Industry

The compliance function maintains responsibility over a variety of activities

that are essential to risk mitigation and ensuring a successful and smooth

business operation. Chief Compliance Officer involvement in enterprise risk

management, data privacy, and strategy, among other priorities, signifies a

busy 2016. It will be necessary for the compliance department to prioritize

improving IT infrastructure, as well as hiring and retaining a strong team.

In doing so, compliance officers will give themselves their best shot at

strengthening their compliance operation and mitigating operational risks

effectively.

© 2016 Consero Group. Reproduction Prohibited.12 January 28, 2016

The Red Flag Group is The Compliance Firm® that helps companies turn compliance into a competitive advantage. Founded in 2006, the firm has offices and research centers in the United States, Europe, Asia, Africa, and Latin America. Our professionals include former in-house counsels and compliance officers supplemented by a diverse team of forensic accountants and regulatory officials, all tasked with building innovative and cost-effective solutions for our clients.

As one of the world’s leading independent corporate governance and compliance firms, we provide thought leadership to major corporations worldwide and assist them in creating and maintaining customized and integrated compliance solutions that add value to their business.

We co-develop our solutions with our clients, focusing on implementing best-in-class risk mitigation practices that align with their strategic goals. Our suite of services comprise tailored project advisory, due diligence covering more than 190 countries and technology solutions, including our proprietary ComplianceDesktop® Technology Platform, which allows compliance professionals to easily track, manage, and monitor their global compliance programs amid the ever-changing regulatory landscape.

For more information, please visit www.redflaggroup.com.

© 2016 Consero Group. Reproduction Prohibited.13 January 28, 2016

How Is Consero Different From Other Conference Companies?

Branded as the anti-conference company, Consero’s model is a vast improvement over

the traditional model for conferences and trade shows in several important ways.

Exclusivity, Intimacy, and Commonality. Consero puts its executives first. Unlike

other conferences, a Consero Forum brings together executives with common levels

of experience and seniority, as well as similar business challenges. This format ensures

optimal networking and collaborative development of best business practices.

Original Content and Thought Leadership. Consero views its events as a means to an

end—solving business problems. Consero prides itself on generating, original content

that contributes to practical discourse, yielding useful takeaways that help participants

to improve their own performance, as well as that of their organizations. By permitting

its programs to evolve until the Forum takes place, Consero can integrate the most

current significant developments into the solutions that emerge from the Forum.

What Problems Does Consero Solve?

Today’s senior executives are busier than ever and inundated with information—too

little of which addresses their specific current needs. Consero brings together these

senior executives to learn from one another in an efficient, exclusive format and build

relationships that facilitate ongoing collaboration. Through interactive discussions,

each moderated by an industry expert, executives share ideas and address particularly

difficult problems with their counterparts in the room.

In addition to superior educational opportunities, Consero Forums expose senior

executives to participant-requested and Consero-vetted industry solution providers

that offer innovative enterprise solutions to challenges identified by the executives

themselves. Consero’s selective criteria for solution providers and insistence that those

companies send senior executives provides a different kind of sponsoring partner

experience.

Building upon its unique learning and networking events, Consero also offers senior

executives access to a membership platform called Consero Connect. Connect delivers

a customized platform that provides the support you need when you need it, along with

a wide array of event-generated content. This exclusive membership allows executives

to leverage Consero’s network of C-suite leaders to benchmark, recruit top talent, and

solve specific departmental challenges efficiently. Visit conseroconnect.com to learn

more.

1 Gonsalves, Antone. “Consero Takes Aim at Bored C-Suiters with Its ‘Anti-Conferences.’” Bloomberg. Jan. 28, 2011. <www.bloomberg.com/news/2011-01-28/consero-takes-aim-at-bored-c-suiters-with-its-anti-conferences-.html> Jan. 28, 2011.

Opportunities To Participate at Future Consero Forums may be available on a limited basis. Please contact our team for additional information.

Consero Group

consero.com

inquiries@consero.com

4915 St. Elmo Ave., Ste. 100

Bethesda, MD 20814

tel (202) 595-9300

2016 Consero Compliance Forums

corporate compliance & Ethics Forum

March 6–8, 2016 Ponte Vedra inn & club, Ponte Vedra Beach, Fl

corporate compliance & Ethics Forum

september 18–20, 2016 island Hotel newport Beach

newport Beach, ca

corporate counsel & compliance

Forum

november 28–30, 2016 Millennium Gloucester Hotel

london, England