We all know that the world of compliance is not always the most exciting of topics, but do we really want to be known to send legal executives to sleep? Well, in this case, yes.
The environment the General Counsel’s office operates in is changing dramatically. In 2011, Altman Weil’s Chief Legal Officer Survey analyzed the top priorities of CLOs, and unsurprisingly the top three in order were:
No surprises there, right? Those priorities have remained pretty consistent for many years, and have become part of business as usual. But then business changed. By 2015, Risk and Compliance jumped to the 3rd spot in terms of a CLO’s priorities, and two separate 2017 surveys – Corporate Counsel’s General Counsel Up-at-Night survey and ACC’s Chief Legal Officer 2017 Survey – now show that not only is Risk and Compliance the absolute top priority for the CLO, but convincingly so. To put this seismic shift into perspective, in 2011, 24% of CLO’s rated Legal Costs/Budget priority as their priority; in 2017 74% rated Risk and Compliance as their top priority. As one CLO put it, “risk, compliance, and regulatory burden is what keeps me up at night.” Since 2008, what started off as a financial services reaction to the need for increased regulation, has resulted in an increase of almost 600% in regulatory activity across all industries, globally. While organizations were struggling to keep up and adapt to the challenges, regulators and federal agencies were getting tougher. Compliance could no longer be ignored. In fact when the Ponemon Institute conducted an investigation of The True Cost of Non-Compliance, they concluded that the cost of non-compliance was 3x higher than the cost of remaining compliant; a figure that has no doubt increased since this research was conducted.
It seems that we compliance folk have an impossible task at hand, but all is not lost. For many years we have had to watch significant and record breaking fines being levied for a range of compliance breaches, yet scratch our heads on exactly what regulators are looking for in an effective compliance program. How do we mitigate this risk effectively? The good news is that federal and industry guidelines are starting to come through. Both the Federal Sentencing Guidelines for Organizations (FSGO), and Department of Justice (DOJ) have released their thoughts on what constitutes an “Effective Compliance Program”; both also stating that the ability to prove compliance against these guidelines can reduce potential fines by up to 95%. With over $320 billion in fines globally for the banking industry since 2008, these are some serious risk mitigation metrics. Many industry regulations are pursuing compliance, not fines. This is demonstrated by FERC, who state “achieving compliance, not assessing penalties, is the central goal of the Commission’s enforcement efforts.”
So where does Compliance fit in with being able to help the General Counsel or Chief Legal Officer? Whilst Will Smith’s lyrics in the 90’s classic, Men in Black, “we are the first, last, and only line of defense” is not totally accurate, compliance does plays a critical role in ensuring the legal department does not face a litigation battle from compliance breaches. With statistics showing that over 80% of all compliance breaches originate from some sort of employee negligence, compliance must ensure that all the appropriate processes, education, and tools are in place to best protect the organization, and technology can help. A recent poll at Compliance Week’s Annual Conference showed that 43% of organizations are currently using technology to assist in their compliance efforts, and a further 37% are actively exploring technology.
Here at Mitratech, we want to make sure that your team isn’t losing sleep over preventable issues. Our mission to “break down the traditional barriers between legal, risk and compliance” is simple. However, it is the second part of our mission statement that is the most important: “….reducing the impact of adverse events with transparency, predictability, and control.” In order to reduce the impact of non-compliance on the legal department, we must provide visibility into organizational risks and put the controls in place to provide transparency of corporate performance against its regulatory obligations. Mitratech’s GRC software solution portfolio includes Risk Management, Policy Management, Audit and Assessments, and Incident Management. Please contact us for further information, and for further reading, please download our whitepaper At the Intersection of Legal and Compliance: The Opportunity for General Counsel to Meet Increasingly Complex Compliance Requirements and Lower Business Risk.