How mature is your compliance program? A question that is a headache to consider for many, is one that we ask each year for the NAVEX State of Risk & Compliance Report (formerly known as the Definitive Corporate Compliance Benchmark Report).
This year, NAVEX surveyed over 1,300 Risk and Compliance (R&C) leaders across the globe to delve into compliance program maturity, priorities, struggles, and more. While all of the key findings are illuminating, this post is dedicated to the first key finding: R&C programs are reporting greater maturity than in previous years.
Setting the stage – how is compliance program maturity defined?
For this survey, our respondents self-reported their maturity level aligning to the High-Quality Ethics & Compliance Program (HQP) Assessment from the Ethics & Compliance Initiative (ECI). This five-point scale starts with underdeveloped as the least mature, and builds in maturity from defining, adapting, managing, and at the most mature end of the spectrum, optimizing.
For clarity’s sake, mature programs are those that are classified as managing or optimizing, and early-stage programs are defined as underdeveloped or defining.
Show me the numbers – what does 2023 data say about compliance program maturity?
So glad you asked. This year, results from the survey indicate compliance program maturity is moving in a positive direction, with 53% of respondents indicating their organization is on the mature side of the spectrum – a marked increase from the 38% who responded as such in 2022. On the other side of the scale, 20% of respondents reported their program was in the early stage, compared to 27% in the previous year.
This movement towards maturity is a positive step. Today’s heightened regulatory enforcement and frequently expanding compliance-related legislation around the world demands mature compliance programs to keep up. Paired with societal expectations of greater transparency, organizations must prepare for what will only become a more complex and demanding regulatory environment.
Compliance program maturity and board involvement
Perhaps one of the most illustrative data points we have about program maturity comes from the deeper analysis of board-level involvement. Looking at roughly half of the survey responses from leaders whose programs are classified as mature, the following results indicate more maturity correlates with better board involvement and buy-in:
- 67% deliver periodic reports to the board of directors
- 55% have compliance experience or expertise represented on their board
- 52% participate in private sessions with a board-level committee
- 25% indicate that Compliance is an independent function reporting directly to the CEO or board
While determining causation is beyond the scope of our research, the survey results do seem to indicate that greater maturity means more board involvement – which at the end of the day is a key factor in gaining buy-in, resources and head count.
Ready to learn more?
Ready to learn more about the State of Risk & Compliance? Great – we have you covered with the complete report, full of other findings and data points to shed light on all aspects of compliance program performance. For the full report: