2018 Compliance & Risk Report: Compliance Settles In, Personal Liability Concerns Persist and Technology Emerges as the Next Frontier

Third annual survey finds that organizations continue to value and invest in corporate compliance programs

Although corporate compliance officers (CCOs) received greater support for their programs, concerns about personal liability increased over the past year, according to a new survey released by DLA Piper.

DLA Piper's 2018 Compliance & Risk Report found that 75 percent of CCOs are concerned about their own personal liability or that of their CEOs. That is up from 66 percent in 2017, but still lower than the inaugural report two years ago, which found 81 percent of respondents who were concerned.

"There are many reasons why CCOs are more cognizant of personal liability, but the surge in deal-making is likely a leading cause," said Brett Ingerman, co-chair of DLA Piper's Global Governance and Compliance practice. "A heavy amount of commercial activity always puts pressure on CCOs to vet national and international transactions – from due diligence to operational integration – and this year was extraordinary in terms of such activity and economic growth."

Despite their worries, CCOs were more sanguine about their own programs this year. Eighty-nine percent, the highest in the three-year history of the survey, said they have sufficient resources, organizational clout and board access. In fact, 42 percent agreed to a great extent that they have what they need, a significant jump from previous years.

Fifty-five percent said they have sufficient budgets to support adequate compliance programs – 16 percentage points better than in 2017, perhaps a result of companies providing more resources amid a strong economy. But aside from training, most companies are not using technology to deploy their compliance initiatives. And only about one in five use technology or automated tools to measure compliance training participation among employees.

"Tracking employee compliance with training requirements is commonplace and this data could be used to reward managers whose teams are participating and penalize employees who aren't," Ingerman said. "These same organizations, however, generally aren't using technology to enhance other elements of their compliance programs. Whether this the result of a dearth of effective and affordable technology or organizational reluctance, it seems there is room for more innovation in compliance."

The Survey Highlights:

  • CCOs more concerned – 75 percent of CCO respondents were at least somewhat concerned about personal liability, up from 67 percent in 2017, but lower than 81 percent in 2016.
  • Lack of technology use in M&A – Just 26 percent of respondents said they use technological solutions for M&A due diligence and integration, notwithstanding the spate of M&A activity in recent years.
  • Data breaches/data privacy focus – Respondents again identified data breaches/data privacy as the areas that take up the largest amounts of their time, followed by general increased regulatory risk and cybersecurity. While ever-present cyber-threats and more sophisticated cyber-attacks will keep this risk atop every risk assessment for years to come, multinational compliance officers also had to grapple with the EU's General Data Protection Regulation this year.
  • Reporting general counsel, boards – Fifty-one percent of respondents said their company's compliance function reports to the chief legal counsel, up from 34 percent in 2017 and 44 percent in 2016. These figures suggest that organizations have explored where compliance best fits and more are landing in the legal department. Consistent with best practices, compliance reporting to the board of directors and/or audit committee continues to be more commonplace (63 percent), and it's typically done quarterly (68 percent).

About the 2018 Compliance & Risk Report

DLA Piper distributed surveys in the second quarter of 2018 and received responses from 62 corporate in-house counsel, compliance professionals and members of boards of directors. Forty-six percent of respondents' revenue comes from North America, followed by 22 percent from Europe, the Middle East and Asia, 21 percent from Asia-Pacific and seven percent from Latin America. Half of the respondents were from publicly-traded companies.

Subsequent qualitative interviews were conducted to add commentary and insights to the analysis of the results.

For more information and to receive the complete survey report, please visit: www.dlapiper.com/compliance_survey.