Although corporate compliance officers are receiving greater support for their programs, concerns about personal liability increased over the past year, according to a new survey conducted by global law firm DLA Piper.

The bottom line: 75 percent of CCO respondents were at least “somewhat concerned” about personal liability, up from 66 percent in 2017 (but still lower than the inaugural report two years ago, which found 81 percent of respondents were concerned).

“Amid a period of strong economic growth, most compliance professionals say their resources and access to their organization’s governing board are sufficient,” a report on the survey results says. “So, why has their concern over their own and their CEO’s liability increased over the past year?”

Regulators, chief among them the Securities and Exchange Commission, have stressed that compliance officers are not targeted and that those who faced charges and enforcement actions willfully shirked their duties. Those assurances, however, have done little to ease fears of personal liability amid a growing list of notable enforcement actions.

Back in 2015, for example, the then-CCO of SFX Financial Advisory was accused of failing to review cash flows in client accounts and not performing an annual compliance review. He ultimately agreed to pay penalties of $25,000. That same year, the former CCO of Blackrock Advisors was blamed for the failure to report another executive’s violation of the firm’s private investment policy. The firm itself paid $12 million to settle the charges, while the CCO was fined $60,000.

The 2016 survey, which saw a spike in liability fears, came in the wake of the Yates Memo, a Justice Department document that declared its intention to prosecute corporate executives for compliance failures. “It was a big moment in the compliance world, but one that has resulted in little prosecution,” the current survey says.

In June 2017, an enforcement action by the Department of Treasury’s Financial Crimes Enforcement Network further fueled personal liability fears. Moneygram’s CCO, during a period of alleged money laundering violations by the company, was individually prosecuted. It was the first anti-money laundering enforcement action for the failure to implement a compliance program. The CCO agreed to a fine of $250,000 and a three-year industry ban.

Past enforcement actions may be only part of the story. “There are many reasons why CCOs are more cognizant of personal liability, but the surge in deal-making is likely a leading cause,” says Brett Ingerman, co-chair of DLA Piper’s Global Governance and Compliance practice. “A heavy amount of commercial activity always puts pressure on CCOs to vet national and international transactions, from due diligence to operational integration, and this year was extraordinary in terms of such activity and economic growth.”

Despite liability concerns, CCOs were more optimistic about their programs. Eighty-nine percent, the highest in the three-year history of the survey, said they have sufficient resources, organizational clout, and board access. Fifty-five percent said they have sufficient budgets to support adequate compliance programs–16 percentage points better than in 2017, perhaps a result of companies providing more resources amid a strong economy.

“CCO overall satisfaction appears driven by their relationships with their boards and reporting regularity. After a slight decrease in 2017, 63 percent of respondents say they provide compliance metrics to their boards of directors and/or audit committees,” the report says. “More notably, quarterly reporting now appears to be the norm, with 68 percent of respondents saying they report on that cadence, up 14 percentage points from 2017 and 24 percentage points from 2016.”

The caveat: Aside from training, most companies are not using technology to deploy their compliance initiatives. Only about one-in-five use technology or automated tools to measure compliance training participation among employees. Only about 40 percent of respondents use internal or external data to help forecast future compliance risks or measure the trajectory of future compliance risks. A mere 26 percent of respondents said they use technological solutions for M&A due diligence and integration, notwithstanding the spate of M&A activity in recent years.

“Tracking employee compliance with training requirements is commonplace, and this data could be used to reward managers whose teams are participating and penalize employees who aren’t,” Ingerman says. “These same organizations, however, generally aren’t using technology to enhance other elements of their compliance programs. Whether this is the result of a dearth of effective and affordable technology or organizational reluctance, it seems there is room for more innovation in compliance.”

To compile the report, DLA Piper distributed surveys in the second quarter of 2018 and received responses from 62 corporate in-house counsel, compliance professionals, and members of boards of directors.