The regulatory environment continues to be unpredictable, with swings in compliance and regulatory demands across different areas of the organization that force organizations to keep up. The focus on compliance has grown dramatically over the past several years, and ethical behavior has received more attention than ever before. In April 2019, the Criminal Division of the Department of Justice released a new guidance document for white-collar prosecutors on the evaluation of an effective corporate compliance program for corporations. The document describes specific factors to consider when determining if a corporation’s compliance program was effective during the time of the offense. In the 2017 report, The True Cost of Compliance with Data Protection Regulations, conducted by Globalscape and Ponemon Institute LLC, the average cost of compliance for multinational organizations in the US was $5.47m, an increase of 43% from $3.53m in 2011. For more highly regulated industries, such as financial services and industrial, the cost of compliance was much higher at $30.9m and $29.4m, respectively. Specifically, the penalties incurred by multinational companies for comparable investigations that EY Forensic & Integrity Services conducted ranged from $675m to $1b, exemplifying the high cost of noncompliance.
Additionally, organizations are conducting more investigations and expanding their compliance functions. Compared to the 2015 benchmarking report conducted by the Association of Certified Fraud Examiners (ACFE), Benchmarking Your In-House Fraud Investigation Teams, the 2017 report saw that 16%2 of fraud investigators within organizations investigate 20 to 99 cases at a given time, an increase from 11.9%3 in 2015, and 37% of fraud investigators spend 76% to 100% of their time on fraud investigations compared to 33.1% in 2015. Furthermore, organizations with more than 10,000 employees had on average 59 fraud investigators internally in 2017, a growth from 41.9 in 2015.
While housing a large compliance function can help an organization be responsive to its regulatory and compliance matters, it may not be the most cost-effective method. The model is not flexible to the peaks and valleys that often are associated with the regulatory environment. When regulatory demands slow down, organizations are left with high expenses associated with underutilized staff in nonrevenue-generating areas of the organization. Salaries and benefits are the most obvious costs incurred to maintain an in-house compliance function, but additional costs, such as technology and training and development, also figure prominently.
Macroeconomic and geopolitical environment
Political power shifts, both domestic and international, and economic growth challenges continue to create uncertainty as organizations struggle to figure out how these external factors will impact their business. In the EY Global Fraud Survey 2018, 42% of survey respondents stated that the macroeconomic environment poses the greatest risk to their business.
Additionally, in the 2018 annual survey of global business executives conducted by A.T. Kearney, a weak macroeconomic performance and an unstable geopolitical environment were identified as top concerns of many organizations. For example, the international sanctions environment, trade confrontations and Brexit are top matters of importance that will have a domino impact globally. Despite the instability and increasing levels of complexity in the macroeconomic and geopolitical environment, organizations are still expected to comply with new regulatory decisions and minimize the risk exposure these decisions will have on their business.
Regulators and consumers today are demanding a greater level of transparency and accountability from companies. At the same time, shareholders expect organizations to continue to find ways to generate profit, often by exploring emerging markets and making acquisitions to both accelerate growth and profit from less-developed markets. This leads to a greater exposure to third-party risk that increases the strain on the compliance function. These pressures and demands place organizations in a precarious situation as they seek to grow their business without sacrificing their compliance duties while managing their risks. The EY Global Fraud Survey 2018, with a perspective on emerging markets, indicates that fraud and corruption risks remain one of the biggest risks in the emerging markets, with 52% of respondents stating that bribery and corruption practices occur widely in business in their country vs. 20% in developed markets. To limit the risks involved with acquiring or forming new relationships with businesses abroad, proper third-party due diligence is critical, as is an understanding of the regulatory environment abroad and the risk trends that exist there.
Digitization and technology
Digitization and the continually advancing frontier of technology bring their own challenges. While organizations embrace and implement technologically advanced features into their business for added benefits and efficiency, these changes also create vulnerability. Ninety-one percent of the survey respondents from the EY Global Fraud Survey 2018 stated that they will incorporate advanced technology, such as digital payments, the Internet of Things (IoT), robotics and artificial intelligence, into their business within the next two years. However, the survey respondents also recognized the increased risks of cyber attacks and data breaches as a result of the digital era. In fact, the EY Global Forensic Data Analytics Survey 2018 showed the most prevalent increase in the levels of concern around data protection and data privacy compliance, cyber breach and inside threat compared to previous years. Without transforming their compliance functions to properly manage the risks associated with the digital era, organizations will expose themselves to financial risk, as well as reputational damage from consumers and regulators.
About the Expert:
Daniel Torpey is a partner with EY’s Forensic & Integrity Services. Dan assist companies with their compliance programs and investigative matters involving financial reporting, management’s integrity and other sensitive issues. Dan has testified as an expert in state, federal and international proceedings. When not fighting crime Dan competes as a Masters athlete in Olympic Weightlifting and Strongman events and has qualified for state and national competitions in those respective sports. Contact Dan at Daniel.Torpey@ey.com.
Sarah Nguyen is a senior manager in EY’s Forensic & Integrity Services. She assists clients with investigations, regulatory response, and compliance-related matters. She has led different types of projects managing teams of varying sizes, and has considerable experience working with clients across industries. In her spare time, Sarah is a prolific ceramicist.