For organizations managing through a crisis, trust is paramount. Employees and customers need to know that leaders are able to guide them through uncertainty and make the best decisions possible, and leaders need to know that the people executing their decisions are doing so in earnest, to the letter of the law. Of course, organizations must also look ahead to the post-crisis world, in which trust remains critical, but they’ll also need to identify efficiencies to support recovery.
The good news is that there is a part of the organizational structure that can help build trust and drive efficiency: compliance. The importance of compliance itself isn’t news. In a trust-based world, the brands, products, and services perceived as trustworthy are highly effective at attracting and retaining customers. Many leaders have also learned that one key breach can be very costly, to both their organization’s profits and its reputation. And they are keenly aware of the complex regulatory landscape they face. In PwC’s 23rd Annual Global CEO Survey, 36 percent of chief executives in a range of industries reported being extremely concerned about overregulation, ranking it the top threat to their organization’s growth prospects. (The survey was conducted in the fall of 2019, before the coronavirus pandemic took hold.)
Still, these same leaders may have yet to connect the dots. There is a widespread tendency to react defensively and meet the minimum legal requirements — to accept the traditional view of compliance as a cost of doing business. But elevating compliance to a position of strategic value can be a game changer in today’s world. It can increase not only the top line by attracting customers through trust, but also the bottom line. In fact, some organizations have gained significant competitive and cost advantage by embracing new technologies and approaches in every area in which they need to follow laws and regulations.
During uncertain times, when trust is of even higher value to customers, regulators, and staff alike, organizations that build trust into their brand, products, and services will generate loyalty. They will enhance their reputation and resilience and meet broader obligations to society at large.
Complexity and uncertainty
Taking a deeper look at PwC’s Global CEO Survey data, we see that of the CEOs in this year’s survey who were extremely concerned about overregulation, 58 percent said industry-specific regulation was top of mind, followed by compliance rules for data privacy and cybersecurity, labor and workplace safety, environment and climate change legislation, and tax compliance.
With respect to climate change, 30 percent of CEOs strongly agreed that their organization’s response would bring them reputational advantage. But only 17 percent strongly agreed that their organization had assessed the potential risks, such as carbon regulation. CEOs were also conflicted when it came to the Internet; 51 percent believed that it will bring people together, but 71 percent anticipated increased regulation of content.
To be sure, the demands placed on organizations by laws and regulations are increasing. Most organizations spend more on compliance than they do on high-profile risks such as cyber-attack. According to the Thomson Reuters 2019 Cost of Compliance survey, companies’ compliance budgets are expected to increase, and 65 percent of respondents expected that the cost of senior compliance staff would also rise.
Moreover, these costs are spread throughout an organization, including customer-facing departments such as sales, back-office functions, and IT. And it’s not just expenses that are widely distributed. The teams that manage the many compliance obligations don’t sit in one place within the organizational structure, and seldom is there a single “owner” with a holistic view of the organization’s compliance activities. As a result, it’s been difficult to minimize the impact of compliance on customer experience, culture, and cost.
When taken together, these factors often mean that organizations are regularly experiencing compliance failures. These may come in the form of major incidents, in which compliance failures significantly affect an organization’s reputation, or in the form of highly burdensome and often manual compliance processes that constrain the customer experience, increase the costs of compliance, and damage the internal culture, for example, by serving as an obstacle to innovation.
The new compliance
As CEOs take in this complex regulatory landscape, contemplating how to prepare their organizations, the time has come for a major attitude adjustment toward compliance. Those saddled with diffuse, costly, and ineffective approaches should begin by adopting five key design attributes that some leading organizations are implementing. These attributes will not only drive down the cost of compliance, but also increase its effectiveness — and, in so doing, enhance the organization’s resilience, decrease the likelihood of a crisis, build trust among customers (ultimately contributing to growth), and free its people to take smart risks and innovate within appropriate risk parameters.
Five attributes to transform your compliance strategy
Organizations that shift compliance from a cost of doing business to a position of strategic value can generate significant competitive and cost advantage, and build trust..
Compliance is aligned with strategy, purpose, and values. Start by understanding the “why.” Staff, customers, and stakeholders across the entire value chain who understand the purpose of the compliance activity and why it is important to them are more likely to engage effectively with processes, and less likely to breach the rules. The “how” is also important. To deliver greater value, compliance needs to be conducted in a way that not only meets regulatory or legislative requirements, but also aligns with the organization’s overall purpose and values. Staff and customers look to see what the organization values and how it behaves, both in times of success and when under duress.
Consider Preem, Sweden’s largest fuel company. It expanded its operations in Norway, which had recently adopted legislation offering excise duty savings to organizations with sustainable biofuel usage that met European Union targets. The challenge for energy organizations operating in Norway is that sustainability regulations and excise duty regimes are administered by separate government agencies, and these two sets of regulations are complex and continually evolving. Preem’s existing compliance processes were time-consuming and largely manual. Using a new digital platform to track and measure its contribution to the E.U.-mandated goals, Preem was able to report its biofuel volumes to the Norwegian Environment Agency with 100 percent accuracy. The platform also improves Preem’s visibility into its operations and enables greater control of its information flow. This has enabled Preem to ensure the optimal economic value of sustainable biofuels while reducing greenhouse gas emissions by more than 60,000 metric tons of carbon dioxide equivalent in three years, which aligns with the company’s core values.
Compliance processes are designed with the customer in mind. Trust is key for organizations that want to compete effectively, and trust is strengthened through reliable compliance (and damaged badly by breaches). Moreover, customers are often engaged with an organization’s compliance processes while doing business with that organization. To get the best result for customers when making choices regarding how to comply with laws and regulations, leaders need a clear understanding of how these decisions will affect their customers and their overall experience of engaging with the organization. In this way, they can provide both high levels of trust and a differentiated customer experience. This has become increasingly important in the platform economy.
Automotive OEMs and retailers have made huge investments in products, promotions, and customer care, but the effectiveness of such efforts doesn’t often meet the organizations’ expectations because so much depends on retailer performance. At Jaguar Land Rover (JLR) China, which operates in a joint venture with Chinese automaker Chery, the use of a cloud-based digital retailer evaluation system has enabled the company to quantify retail marketing performance and control potential risks that emerge in implementation. JLR has focused on validating and analyzing retailers’ behaviors and data to ensure they are complying not just with laws and regulations, but also with the parent company’s market and sales strategy. For example, a marketing management and communication platform now supports data sharing across different management levels, and intelligent and automatic tools have increased efficiency. Armed with these tools, JLR has been able to strengthen its brand, empower its network of retailers, and meet localized customer needs.
Compliance processes are enabled by technology and data. Technology-powered compliance increases the bottom line in two ways: through reducing expensive compliance failures and through keeping down the cost of compliance processes. Using technology to drive compliance processes also enables the use of rich data sets (internal and external) that can raise the levels of reliability and efficiency in compliance. Whether in next-generation governance, risk, and compliance systems, or natural language recognition, or advanced analytics, organizations are deploying a wide range of technologies to enhance and automate their compliance processes, making them more cost-effective.
Consider, for example, an organization that has long struggled with the effort needed to comply with various tax obligations and compliance filings. Many of its tax processes, in particular its data gathering and reconciliations, were traditionally manual efforts using spreadsheets. But a tech-enabled transformation could make its tax data fit for purpose. In this new system, data would be extracted from an ERP system, stored in a centralized location, tax sensitized, and then fed into compliance applications to help comply with corporate income tax, withholding tax, and value-added and indirect tax filings. Along the way, the organization could also standardize and automate processes, resulting in time and cost savings, reliable data, accurate filings, and an overall reduction in risk. Moreover, the effort would provide data that leaders could use to develop insights and analytics to further reduce risk and exposure.
Compliance processes are built using human-centered design principles. Compliance design, like many other aspects of business, can be positively influenced by leveraging a strong understanding of human behaviors when designing processes. This understanding can be applied to the process itself, to reduce or remove the risk of inadvertent noncompliance, but also to align the desires of individual personnel with those of the organization. Techniques drawn from behavioral economics can also help leaders fine-tune the effectiveness of compliance processes.
The supermarket chain Coles, for example, which has about 30 percent of Australia’s grocery market, focuses on human behavior when it conducts compliance audits in the area of food safety. The audit team observes employees’ behavior rather than simply checking the outcome; for example, the auditor assesses team members’ behavior during food preparation to confirm that they follow food temperature and safety monitoring processes throughout. If the auditor simply checked the food’s temperature before sale, this would give only a point-in-time view of the outcome. The data from these and other observations regarding customer and staff safety is captured in Coles’s auditing app. Each month, the audit team meets to discuss the dashboard analytics and determine which stores and locations tend to have more problems. The goal is to look for trends in the data, identifying which areas the teams most struggle with; these areas might indicate an underlying breakdown in process or an opportunity for improvement. The depth of data collected allows the audit team to draw insights and recognize connections among trending issues. The team can then provide these insights to Coles’s internal assurance team in a way that can be communicated to operational stakeholders in order to drive change in behaviors and outcomes.
Compliance activities are predictive, preventive, and proactive. Trust takes years to earn but can be lost quickly, so preventing compliance failures is vital. One of the more common ways compliance failures occur is through a lack of readiness for emerging regulatory developments. In complex multinationals, achieving system-wide preparedness can be particularly challenging, but a number of organizations are starting to use regulatory horizon-scanning tools, leveraging third-party databases that track regulations and proposed changes to them, to provide advance notice of new compliance requirements.
Overall, the availability of data and use of technology across all aspects of an organization are making the prevention, or real-time detection and correction, of compliance breaches a more realistic proposition. Organizations that have access to rich data sets can leverage the predictive capabilities that data provides to understand where compliance pressures and risks may be increasing. Process animation tools and advanced analytics are also creating opportunities to observe patterns of behavior and potential emerging challenges in processes and detect where the organization is approaching compliance thresholds.
The availability of data and use of technology across all aspects of an organization are making the real-time detection and correction of compliance breaches a more realistic proposition.
Large organizations that operate in multiple territories and businesses, in particular, face a constant challenge in meeting complex regulatory requirements — which can lead to a more reactive approach. Their legal teams spend a considerable amount of time deciphering these requirements and helping the business teams understand and comply with them. Emerging economies’ constantly changing compliance regimes are an additional challenge. One organization confronting these issues implemented a technology-enabled solution to enhance its compliance monitoring capabilities in India. The company is now able to clearly list compliance obligations, track updates, define the roles and responsibilities of the stakeholders involved in ensuring compliance, and identify challenges in a timely manner. The program has proved to be so successful that company leaders are now expanding it to other businesses within the Asia-Pacific region.
When defined by the five design attributes above, compliance is no longer something abstract, burdensome, or stifling. Just the contrary: By approaching compliance in a more risk-focused and tech- and data-enabled way, supported by human-centered design, organizations can grow and become more innovative, confident in their ability to provide the protection that their people, customers, stakeholders, and society need. This transformation is perhaps more critical than ever. Because today, the only truly solid currency is trust.
- Andrew McPherson is PwC’s global governance risk compliance and internal audit leader. Based in Sydney, he is a partner with PwC Australia.
- Bob Pethick is PwC’s global advisory clients and markets leader. Based in Southern California, he is a principal with PwC US.
- Chris Kong advises clients on tax reporting matters and is PwC’s global tax reporting and strategy leader. Based in Toronto, he is a partner with PwC Canada.