Most risk and compliance (R&C) professionals feel their senior leaders and managers demonstrate a commitment to their programs overall, but only on a conditional basis, according to NAVEX Global’s “2021 Definitive Risk & Compliance Benchmark Report.”
The report pulled from 1,000 survey respondents globally who influence or manage their organization’s R&C programs. It builds off a key takeaway from NAVEX Global’s 2020 benchmark report, which found nearly 1 in 5 R&C programs (18 percent) have “soft” leadership support.
These programs “have some leadership buy-in, but without understanding the program’s real value. Soft support leaves programs vulnerable when budget cuts and other priorities capture organizational focus,” NAVEX Global stated.
This year’s report asked a new series of questions to further explore the depth and nature of senior leadership (e.g., senior directors, executives, vice presidents, and above) and management support.
“Whether they realize it or not, leaders have a lot of power over their employees. People will follow express or implied messages to bend the rules … if they feel pressured by someone in authority. Leaders really need to understand what kind of messages they are sending.”
Mary Bennett, President, Right Compliance Consulting
At first glance, the results appear to reinforce the confidence respondents traditionally have had in their support, with 77 percent saying their senior leaders encourage compliance within their organizations. Additionally, 71 percent said senior leadership demonstrates commitment to compliance, while 75 percent said their managers demonstrate this same commitment.
On the flip side, just over half of respondents (56 percent) said their senior leadership models proper behavior. Further, 27 percent said their managers tolerated risk to pursue new business/greater revenues; 12 percent said their managers encouraged unethical behavior to achieve objectives; and 11 percent reported their managers impeded compliance.
“Perhaps most telling is the difference between leaders’ willingness to demonstrate a commitment to compliance versus their persistence in the face of competing factors,” NAVEX Global stated.
When asked if their senior leaders’ and managers’ commitment to the R&C program persisted in the face of competing interests or business objectives, “respondents said support fell off a proverbial cliff,” said Andrew Burt, content manager and research analyst at NAVEX Global, during a July 27 Webinar discussing the results. “That was especially true of management.”
Just 46 percent said commitment persisted with senior leaders, and 38 percent said the same about their managers. “In all, only 28 percent of respondents said their managers and senior leaders demonstrated, and persisted in, their commitment to compliance,” Burt said.
To add further insight around this question, attendees of NAVEX Global’s Webinar were asked why they think leadership commitment to compliance erodes in the face of competing priorities. Out of nearly 1,000 responses, the top answers given were “little to no benefit for choosing ethics and compliance over other priorities” and “fear of retaliation for missing business objectives.”
As much as leaders feel pressured when faced with competing priorities, managers feel even more squeezed, said Mary Bennett, president of Right Compliance Consulting. That pressure then cascades throughout the organization, “and that’s when bad things happen,” she said.
“Whether they realize it or not, leaders have a lot of power over their employees,” Bennett added. “People will follow express or implied messages to bend the rules … if they feel pressured by someone in authority. Leaders really need to understand what kind of messages they are sending.”
Resources and empowerment
Closely connected to the issue of leadership and management support is program resources and empowerment, which also revealed areas in need of improvement. The related questions NAVEX Global posed in the report were based on the Department of Justice’s “Evaluation of Corporate Compliance Programs” guidance, which directs prosecutors to ask companies whether the compliance program is “adequately resourced and empowered to function.”
Just 34 percent of respondents rated their access to resources and empowerment as good or very good. Additionally, when asked to rate the level of funding they receive, 44 percent said sufficient or very sufficient, indicating about half of compliance functions suffer from insufficient financial support.
“That’s troubling, especially when you consider one of the key questions investigators will ask in the event of a compliance failure is, ‘Has there been sufficient staffing and funding for compliance personnel to effectively audit, document, analyze, and act on the results of compliance efforts?’” Burt said. “If risk and compliance programs make requests for compliance resources and those resources are denied, prosecutors are instructed to determine on what specific grounds those denials were made. That’s how serious they treat this issue.”
According to the report, “funding and staffing levels increase with program maturity and organization revenue.” Also, according to the findings, independent compliance functions reporting directly to the CEO and board were better resourced and experienced stronger leadership support.
“It’s unclear which is the chicken or which is the egg here; if program independence leads to more resources and empowerment or if those things result in independent reporting structure,” Burt said.
On a positive note, 69 percent of respondents said their R&C team members have appropriate experience and qualifications for their positions. However, the survey revealed dissatisfaction with the level of personnel, with just 41 percent of respondents saying their R&C programs had sufficient or very sufficient staffing.
In summarizing its findings, NAVEX Global reiterated the importance of making culture a must-have, not a nice-to-have. “That means elevating the importance of improving organizational culture in your decision-making processes and holding all employees accountable for their actions. [R&C professionals] must also make securing funds and staff a top priority, and jealously pursue leadership support even in the face of competing priorities,” the report states. “They must learn to effectively use the data available to them and integrate their risk management practices throughout the enterprise. Above all, they must seize the opportunity of this moment, uncertainty and all, or risk getting left behind.”