Top 10 Global Compliance Trends to Watch in 2013

With the Dodd-Frank Act rulemaking nearly complete, 2013 might be a slightly quieter year for regulatory change in the United States. Not so for Europe and other global regions.

Global regulators, accounting standard setters, and foreign enforcement agencies have a full pipeline of new initiatives, many of which will affect U.S. businesses. Here are 10 developments to watch on the global compliance front in the coming year.

1. Time for a Bribery Act prosecution? It didn't happen in 2012, so will 2013 be the year that the U.K.'s Serious Fraud Office decides to prosecute a company under its two-year-old Bribery Act? The odds on that happening increased in October when the prosecutor withdrew guidance aimed at helping companies to stay on the right side of the law and said (again) it was taking the gloves off. Yet the reality is that the SFO remains starved of resources and is heavily reliant on companies “self-reporting” their wrongdoing—something its policy changes could discourage. But 2013 is the year that U.K. prosecutors will add a powerful new weapon to their armory …

2. Britain gets deferred prosecutions. Yes, British law enforcement offers should be able to reach U.S.-style Deferred Prosecution Agreements (DPAs) with offenders starting 2013. The government and judiciary gave DPAs the green light in October; the legislation needed to pave the way for them should take effect in April 2013. Under the agreements, which would only apply to financial crime, companies can be forced to make amends to their victims, pay substantial penalties, and reform their practices. A DPA would run for a fixed period, be agreed on in open court, and be overseen by a judge.  “Deferred Prosecution Agreements will give prosecutors an effective new tool to tackle what has become an increasingly complex issue,” said Justice Minister Damian Green when the new policy was announced. “This will ensure that more unacceptable corporate behavior is dealt with.” We shall see.

3. Major governance changes in Europe. The European Commission's policymakers on corporate governance and company law are going to be busy through 2013. After years of consultation about how to fix Europe's boardrooms after the financial crisis, it's time for action. A plan published in December 2012 set out a series of reforms for introduction through the year. Highlights—or lowlights, depending on your perspective—include greater disclosures on risk management, board diversity, corporate governance reporting, and executive pay. Meanwhile, institutional investors will have to disclose their voting records and proxy advisers will need to be more transparent about conflicts of interest. The accounting and audit industry is yet to learn its fate.

4. Business IT will officially go mobile. It's seemed inevitable for a while, but 2013 will be the year when mobile phones overtake PCs as the most common Web access device worldwide. And with sales of tablet computers like the iPad rapidly approaching 50 percent of laptop purchases, the world of IT “consumerization” will become a firm reality. Companies will have to allow staff to bring their own devices to the workplace, thereby losing control of their IT infrastructure.  “The truth is people are using their devices whether the organization wants them to or not,” says Ramsés Gallego, international vice president of ISACA (formerly the Information Systems Audit and Control Association). The result: compliance nightmare—at least if you believe those pedaling solutions to the problem.

“As the financial services industry stabilizes, we are seeing strong evidence of investment catch-up. Regulatory pressures continue to drive compliance budgets.”

—George Robbins,

U.K. General Manager,

Detica NetReveal.

5. Global IT attacks intensify. The number of sleepless nights caused by cyber criminals is unlikely to diminish in 2013. Attacks on corporate IT systems will become increasingly sophisticated, predict security experts Sophos. Two trends stood out in 2012, they say. First, hackers stole large volumes of user names and passwords—credentials they will put to use in 2013. Second, they invested in better “ransomware,” which encrypts an organization's data and holds it for ransom. Controls need a clearer focus on user behavior, Sophos suggests.

6. Emission plans go up in smoke. The European Union's Emissions Trading Scheme (ETS) is a bold effort to cut carbon gasses by trading permits-to-pollute. But the market ended 2012 on its knees. Economic slowdown has created a glut of emission permits, killing their price and taking away the incentive for companies to cut their carbon output. The market enters a new seven-year trading phase in 2013, and it needs structural reform. But that would take years as all EU member states must agree on any changes. Instead, expect tinkering around the edges, rule bodges to prop-up the market and, consequently, a more complex compliance challenge. “The ETS is not driving energy efficiency and green technologies strongly enough,” said Connie Hedegaard, European commissioner for Climate Action. "”This is bad for Europe's innovation and competitiveness.”

7. A European patent, at last. After 30 years of debate, inventive companies might finally be able to apply for an EU-wide patent in 2013. Currently, they have to apply for patent protection in each EU member state. That is expensive and slow, but nationalistic rows about which European languages could be used in an EU-wide system have blocked harmonization. The fix seems rather simple in the end: You can apply in English, German, or French—or in any other language, so long as you append a translation. Even so, Spain and Italy have refused to join the scheme—for now. A patent under the new system will cost about €4,725 ($6,226), compared to an average of €36,000 ($47,440) today, says the European Commission. “The path toward the introduction of the EU patent was long and troubled, but ultimately it has been worth the effort,” said Bernhard Rapkay, the politician who steered the necessary legislation through the European Parliament.

   >> Subscribe | Try a risk-free 10-day trial subscription to Compliance Week and enjoy a host of benefits.

MANAGING THE RISK

The following chart from Ernst & Young ranked organizations' responses to regulation and compliance risk:

Source: Ernst & Young.

8. Shareholder Spring 2.0. Stung by criticism that they sat on the sidelines before the financial crisis, European shareholders started to throw their weight around in 2012. The so-called “Shareholder Spring” left several companies embarrassed as their executive pay plans were voted down. Focus this year could turn to how much tax companies pay. The U.K. Parliament accused Amazon, Google, and Starbucks of an “immoral” use of secretive jurisdictions, royalties, and complex company structures to avoid paying tax on British profits. Shareholders don't have a vote on tax policy, but 2013 could be the year that clever tax planning becomes a reputation-risk time bomb.

9. Bigger compliance budgets. The economic gloom is not forcing financial firms to cut their compliance spending in 2013—far from it. Budgets to manage financial crime and compliance are a high priority, with a significant uptick planned, according to a survey from Detica NetReveal. Fraud management is a hot growth area, with 86 percent of firms forecasting budget growth in 2013—that's almost twice as many as in 2012. Money laundering controls are another area targeted for big investment. “As the financial services industry stabilizes, we are seeing strong evidence of investment catch-up,” says George Robbins, U.K. general manager at Detica NetReveal. “Regulatory pressures continue to drive compliance budgets.” Other surveys show pay deals for compliance professionals will continue to climb next year—and no wonder.

10. Compliance remains the number one risk. Companies around the world say regulation and compliance risk will be their number-one threat through 2013, according to a survey from Ernst & Young. There's nothing new there: This risk has topped the E&Y study in four of the last five years. But it's notable only 60 percent of the firms surveyed said they had implemented measures to address the threat. What have the rest being doing, one might ask? And will 2013 be the year they wake up?