Absent dedicated and sufficient resources, any program will struggle to succeed. This is often a point of contention, as many leaders feel their business units the lack funding they deem necessary – especially in the wake of the pandemic. For something as fundamental as compliance, programs often go without dedicated resources; and when the going gets tough, or there are competing business priorities (i.e., revenue driving initiatives), attention to compliance matters often falls by the wayside.
A common theme emerges when looking at the data: Mature risk and compliance programs have more funding and staffing, and in turn, more program satisfaction.
The NAVEX Global Definitive Risk & Compliance Benchmark report highlights this narrative. While most respondents (over 70%) state their leadership demonstrates a commitment to compliance, fewer than half persist in that commitment when faced with competing business priorities.
Compliance is often pushed aside in pursuit of other “more important” objectives. And if a demonstrative and consistent commitment to compliance is not prioritized, it is also unlikely to be adequately funded. This year, NAVEX Global asked in-depth questions regarding the funding and maturity of risk and compliance funding. Given the complexity of business operations over the past 18 months, it’s unsurprising that only 44% indicated their program funding as sufficient. Among concerns about those programs, staffing and access to data were also noted.
On the bright side, the majority of respondents indicated that, while staffing levels are generally under resourced, the risk and compliance team present do have appropriate experience and qualifications.
A common theme emerges when looking at the data from over one thousand survey respondents: a mature risk and compliance program has more funding and staffing, and in turn, more program satisfaction. Programs where compliance functions report directly to the CEO and board are more likely to have adequate resources. Another factor driving robust risk and compliance programs is organization revenue; unsurprisingly, larger organizations are more likely to have more resources allocated.
The bottom line: according to the NAVEX Global 2021 risk and compliance survey, only 34% of respondents indicated their programs were both well-funded and properly staffed.
Dedication to Compliance: More Than a Checklist
As regulations evolve and grow more complex, dedicated resources, funding and staffing are vital to a program’s success. However, many organizations lack independent compliance functions, with 47% of compliance professionals reporting they also have non-compliance responsibilities.
Failure to comply with DOJ compliance guidelines and resulting investigations can be detrimental to the organizations. When investigations occur, hard-hitting questions serve to uncover every possible source of a compliance violation. Such questions include:
- Do compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions?
- Do any impediments exist that limit access to relevant sources of data and, if so, what is the company doing to address the impediments?
- Have there been times when requests for resources by compliance and control functions have been denied, and if so, on what grounds?
If an organization is proven to be negligent in these areas of providing resources to maintain compliance, the results can be catastrophic. Compliance professionals may need to advocate for proper resources, whether it is funding, staffing or technology. They key here is “need to advocate for resources;” most compliance professionals would agree that resources are unlikely to be doled out with a heavy hand. But if requested and then denied requested resources, and if facing scrutiny from the DOJ, consequences will likely be more severe.
Beyond being the “right thing to do,” properly resourcing risk and compliance programs helps ensure the business doesn’t face criminal charges or steep fines. Building the case for and securing necessary staffing and funding often requires more work than it should. But armed with information on consequences of non-compliance, and benefits of a fully resourced program, compliance leaders are able to advocate for their unique business needs.
Download the 2021 Definitive Risk & Compliance Benchmark Report