The business risk landscape continues to evolve and has challenged the compliance and ethics efforts of organisations worldwide.

PwC’s 2018 State of Compliance Study shows how leading compliance and ethics organisations are prioritising cultural impact and embracing technology to increase their effectiveness.

The report shares the results of more than 825 respondents (including CCOs, CFOs, audit committee members and other compliance stakeholders) to see how satisfied they are with the effectiveness of their E&C programmes; what makes them effective; and how changes to the regulatory and business climate around the world are forcing them to evolve.

Compliance officers are grappling with an ever-more complicated risk landscape and ever-changing regulatory requirements. Their role in helping balance risk is growing in importance and complexity as their organisations address new watchdog threat vectors and seize new opportunities generated by technology and business innovation.

Shirley Machaba, governance, risk and internal audit leader for PwC Africa, says: “Leading organisations are excelling in this environment by taking more-comprehensive approaches to compliance, as enabled by more information and better technology tools.

“As regulators become increasingly technology and data savvy, the compliance and ethics functions of organisations have to keep pace by using the best tools and information available to protect their organisations and to scan the horizon for new requirements, trends and risks.”

This includes frequent updates to policies, ongoing training and communication as well as high levels of efficiency. Without a strong technological foundation to help compliance functions operate in real time, then these requirements are challenging, if not impossible.

The new business environment has opened itself to new threat vectors, not least including successful whistle-blower programmes driven by watchdogs.

But, while there is a growing need for an ever-more agile and effective risk compliance programmes, the State of Compliance report found the startling fact that most businesses are only moderately prepared, and even if they wanted to increase their preparedness now, they lack the infrastructure to do so.

Given the high-stakes environment, this is not the most encouraging finding and makes a case for action on the part of companies. Technology is the primary means by which they are going to get ahead of these threats, but the survey found that most companies lack the sophisticated infrastructure required to support a modern compliance function.

Furthermore, finding resources with the right skill sets is challenging – particularly because workers increasingly require an understanding of technology, the business and compliance. According to the survey, a shortage of skills was, in fact, a top challenge to using technology to manage compliance risk; it was cited by 28% of respondents.

Nonetheless, with multiple new, highly motivated watchdogs now providing their own forms of oversight, the case for strengthening compliance risk management through technology is strong.

PwC found in its report that a minority of organisations had what could be described as strong, relevant and effective compliance programmes. In fact, only 17% of businesses said they are very satisfied with the effectiveness of their compliance programmes. We call those respondents ‘leaders’. ‘Leaders’ are driving forward by following progressive practices on all aspects of compliance risk management and by using information and technology to increase programme effectiveness.

“Other traits among the companies leading the pack in terms of compliance include business optimism, a strong business culture of ethics and compliance and they say their organisations derive significant value from their risk compliance,” Machaba adds.

‘Leaders’ know they stand out, because the vast majority (85%) who call their compliance programmes very effective also rate their programmes well above average relative to the programmes of their peers. More than half (52%) also say their organisation is more innovative than their peers are.

A large percentage (65%) rate their risk management internal audit programmes as highly valuable, suggesting strong risk cultures overall and contributions from all lines of defence within their organisations.

‘Leaders’ take a more-comprehensive and current approach to compliance risk management as enabled by technology.

The report identifies four ways in which ‘leaders’ execute differently:

* Invest in tech-enabled infrastructure to support a modern, data-driven compliance function. ‘Leaders’ more often have various infrastructure elements and tools in place than do their peers. Specifically, they more often use data analytics tools, dashboards and continuous monitoring than their peers do.

* Increase compliance-monitoring effectiveness through analytics and the use of technology. Two-thirds (66%) of ‘leaders’ use technology to monitor employees’ compliance with ethics-and compliance-related policies and procedures. Differences between ‘leaders’ and others are also notable in fraud, gifts and entertainment, privacy, social media, and trade compliance, with a greater percentage of ‘leaders’ noting technology use at their organisations for at least intermittent monitoring in those areas.

* Streamline policy management to increase responsiveness and boost policy and procedure effectiveness. ‘Leaders’ take several steps to strengthen their policy management. They more often than their peers keep their codes of conduct, policies, and procedures current and make them more easily accessible across their organisation.

* Take advantage of information and technology to provide targeted, engaging, and up-to-date compliance training. ‘Leaders’ tend to address a wide array of risks in training and update their compliance training and communication programmes annually. Among ‘leaders’, compliance training starts at the top. Board training is an area in which all organisations can – and should – make more headway.

Effective compliance risk management must be grounded in strategy and business engagement. A strong strategic foundation -enabled by compliance technology and talent is more critical than ever in building programmes that boost the value that compliance brings, in managing risks stemming from the organisation’s strategic objectives and in driving cost-effective compliance.