Expect big developments for the compliance profession in 2022 to continue to take center stage in the year ahead.
Chief compliance officer certifications at the Department of Justice (DOJ), an unrelenting rulemaking agenda at the Securities and Exchange Commission (SEC), seismic shifts in the global sanctions and supply chain landscape—each of these top-of-mind matters figure to remain in focus in 2023. New changes are also on the horizon in areas including data privacy and anti-money laundering, leaving practitioners little time to rest on their laurels.
While I won’t make any predictions regarding what the new year will hold, here are 10 things I’d like to see:
Continued guidance from DOJ on new policies: While DOJ officials insist the agency’s new CCO certification requirements are a positive for the profession, 41 percent of respondents to our fourth annual “Inside the Mind of the CCO” survey conducted in the fall said they believe otherwise. That’s a disconnect that begs for resolution.
If words won’t cut it to convince compliance officers their liability risks won’t increase because of the changes, the DOJ needs to seek an alternate method of reassurance. Otherwise, the agency might find “good compliance people will not want to be CCOs,” as one respondent to our survey opined.
Serious progress on U.S. privacy law: We finally saw momentum on the federal privacy law front in 2022 with the introduction of the American Data Privacy and Protection Act in June. But it’s been crickets on the bipartisan bill since July.
With five new U.S. state privacy laws taking effect in 2023 and more likely to be passed, the need for a federal law to avoid businesses being forced to comply with a patchwork quilt of legislation across the country is increasing in urgency. Unfortunately, the matter does not seem to be viewed as a priority by Congress. I’d sure like to be proven wrong in that assessment.
More consistency under GDPR: While the United States continues to spin its tires on the data privacy front, the European Union is finding its landmark legislation still has kinks to be worked out.
The General Data Protection Regulation (GDPR) will celebrate its fifth year of being in effect this May, yet commentary around the law has grown increasingly negative amid a spotty enforcement track record.
“Way too often, the GDPR puts its constraints on small entities but spares the big ones,” European Data Protection Supervisor Wojciech Wiewiórowski said at a conference in June. “In a way, instead of achieving level playing field, we observe how big companies, thanks to their resources, can benefit from the lack of strong enforcement and further expand their advantage over small competitors.”
Potential changes to the GDPR aren’t expected until a new European Commission comes into place in 2025, but EU data protection authorities could stand to improve on cooperation in the meantime.
Compliance efforts weathering economic uncertainty: Another area addressed in our latest “Inside the Mind” survey was preparation efforts for a potential recession. More than half of respondents (53 percent) indicated their businesses are already reducing compliance budgets, while 43 percent noted delayed new initiatives and hiring freezes.
Such cuts, juxtaposed against an expanding remit for compliance departments, could force compliance officers already stretched thin into more dire situations. With that comes increased risk of fraud and unethical behavior, underscoring the imperative for companies to realize compliance is more than a cost center.
A trend reversal in our ‘Inside the Mind’ survey: Another concerning statistic from our survey that echoes the point above: For the fourth consecutive year, respondents indicated “lack of support/resources” as the No. 1 part of their job keeping them up at night (20 percent), ahead of remaining on top of regulatory policies (17 percent) and managing people and deadlines (12 percent).
“This needs to be a CHOOSE ALL THAT APPLY response,” said one respondent of the survey question’s 10 different answer options—an apt summary of how much compliance officers contend with despite working within resource constraints.
A CCO liability framework at SEC: I’ll repeat this one from last year’s list after seeing 74 percent of respondents to our survey want a liability framework from the SEC.
It’s been two years since SEC Commissioner Hester Peirce floated developing a draft framework to share with her fellow commissioners that would aim to clarify when the agency might seek personal liability in compliance cases. Peirce continued the conversation in 2022 by weighing the New York City Bar Association’s proposed liability framework against a case the agency settled with the CCO of a formerly registered investment adviser, but the mixed reaction to her doing so proves more clarity is needed on this front.
“Transparency is important,” noted multiple survey respondents.
An expanded safe harbor around GHG emission reporting requirements: The SEC’s climate-related disclosure rule proposal put forward in March is perhaps the most ambitious of the agency’s projects extending into the new year. It is also the most controversial.
The agency received thousands of comments on the proposal, many expressing concerns regarding requirements for certain filers to disclose Scope 3 greenhouse gas (GHG) emissions by vendors, suppliers, and customers. The SEC acknowledged this in its proposal with the inclusion of a safe harbor for Scope 3 disclosures.
With all the focus Scope 3 disclosures are receiving, difficulties around confronting Scope 1 (operations) and Scope 2 (energy consumption) disclosures for the first time are being overlooked. Conversations I’ve had with experts suggest businesses new to the process are struggling to gather accurate data in each area.
I’d recommend the SEC consider these companies trying to confront all scopes of GHG emissions for the first time in good faith before putting forward its final rule. It could help the agency stave off legal challenges that appear likely to come in response to the rule, though the newly Republican-led House will also have its say in the matter.
Bucking of negative bribery trends: Despite seeing its overall standing improve in TRACE’s 2022 Bribery Risk Matrix, the United States’ anti-bribery enforcement efforts remain problematic, according to the nonprofit organization. This is reflective of the overall findings of a separate 2022 report by Transparency International, which determined global anti-bribery enforcement is at its lowest level since 2009.
Bribery concerns have only been elevated by recent events, including the Covid-19 pandemic. Along with businesses, regulators must do their part to ensure the competitive landscape remains fair and free of corrupt activity. The trends suggest room for improvement.
Better effort regarding UFLPA: “Some aspects of the law literally no one knows the answers, including government officials,” said an expert last month regarding the Uyghur Forced Labor Prevention Act (UFLPA) that took effect in June.
The UFLPA is noble in its ambition to restrict the sourcing of goods made with the forced labor of Uyghurs—no company wants that in its supply chain. But the fact many businesses are still struggling to confront compliance with the law is telling. The U.S. government could stand to do more to ensure the intent of the law is being carried out.
A report released in December found most major car makers are “unwittingly sourcing metals from the Uyghur region,” prompting lawmakers to seek information from auto manufacturers regarding their supply chains. The findings could prompt seismic shifts to the industry’s sourcing practices, setting a standard for other sectors to follow.
FTX collapse fallout: I won’t wade too far into the cryptocurrency waters, but the disastrous collapse of FTX in November should be the last straw to prove something needs to be done about regulation of the space.
Observers expect the conversation to continue in 2023, but action is what is needed.
- American Data Privacy and Protection Act
- CCO certifications
- CCO Liability Framework
- Data Privacy
- Department of Justice
- ESG/Social Responsibility
- General Data Protection Regulation
- Inside the Mind of the CCO
- Regulatory Enforcement
- Regulatory Policy
- Risk Management
- Scope 3 emissions
- Securities and Exchange Commission
- Supply Chain
- Surveys & Benchmarking
- Third Party Risk
- United States
- Uyghur Forced Labor Prevention Act
Ten things I’d like to see happen in 2023 (2022 in review)
- Currently reading
Ten things I’d like to see happen in 2023