Deloitte & Touche LLP and Compliance Week recently released a joint report -- "In Focus: Compliance Trends Survey 2013" (found here: http://www.deloitte.com/assets/Dcom-UnitedStates/Local%20Assets/Documents/AERS/us_aers_grr_final_deloitte_compliance_week_pdf_080813.pdf).
The report gathered data from 189 compliance executives and details positive progress in identifying risks, but observes a lack of follow through; finding that many U.S. corporations’ lack the appropriate structure, resources and measurement tools to mitigate and manage risks. Tellingly, and consistent with other surveys, the report shows that many companies are not devoting enough attention to emerging areas including social media and privacy risks.
The report found three primary issues hindered the creation and maintenance of objective, effective and forward-looking compliance programs:
- Problems with effectively setting priorities related to specific compliance risks,
- Difficulty identifying and using proper measurement and performance benchmarks
- A lack of appropriate and dedicated compliance staffing and financial resources
In house and outside counsel can help address the gaps noted in the Deloitte & Touch LLP and Compliance Week report by:
- Learning about clients’ regulatory and compliance environments (both here and abroad) to help them be risk managers and not just fire-fighters.
- Conducting regulatory and compliance audits to help clients identify and avoid risk. This must also include assessments of vendor relationships -- regulators have been clear: companies are responsible for ensuring their vendors’ regulatory compliance.
- Evaluating cyber and social media risk. Social media can accelerate other risks (disclosures in violation of SEC rules; information about data leaks, etc.) and policies and procedures must keep pace with technology and regulatory changes.
- Identifying and fixing policy gaps, establishing standards of conduct to address audits and risk evaluations.
- Preparing clients for, and leading them through, internal investigations related to litigation, internal complaints, and regulatory inquires. Using attorneys can help maintain legal privilege.
- Acting quickly when fires are lit to resolve disputes efficiently (using legal project management and Six Sigma principles to conserve economic and personnel resources) while avoiding reputational risk.
To start creating and implementing a risk management plan for your internal and external clients contact me at firstname.lastname@example.org.