《波士頓咨詢：2022全球ESG、合規與風險報告（英文版）（13頁）.pdf》由會員分享，可在線閱讀，更多相關《波士頓咨詢：2022全球ESG、合規與風險報告（英文版）（13頁）.pdf（13頁珍藏版）》請在三個皮匠報告上搜索。

1、2022 GLOBAL ESG,COMPLIANCE&RISK REPORT Value creation amid rising global uncertaintyJEANNE KWONG BICKFORDMANAGING DIRECTOR AND SENIOR PARTNERBICKFORD.JEANNEBCG.COMDR.KATHARINA HEFTERMANAGING DIRECTOR AND PARTNERHEFTER.KATHARINABCG.COMPIERRE ROUSSELMANAGING DIRECTOR AND PARTNERROUSSEL.PIERREBCG.COMMA

2、TTEO COPPOLAMANAGING DIRECTOR AND SENIOR PARTNERCOPPOLA.MATTEOBCG.COMPAUL OROURKEMANAGING DIRECTOR AND PARTNEROROURKE.PAULBCG.COMJULIANE BUTTERSPROJECTLEADERBUTTERS.JULIANEBCG.COMKEN CARLSTEDTASSOCIATE DIRECTOR,GLOBAL TRADE&INVESTMENTCARLSTEDT.KENBCG.COMELISABETH BENAZIR LIPPERTSENIOR KNOWLEDGE ANAL

3、YST LIPPERT.ELISABETHBCG.COMNICOLA NICOLMANAGING DIRECTOR AND PARTNER NICOL.NICOLABCG.COMLORENZO FANTINIMANAGING DIRECTOR AND PARTNER FANTINI.LORENZOBCG.COMHANJO SEIBERTMANAGING DIRECTOR AND PARTNER SEIBERT.HANJOBCG.COMDR.BERNHARD GEHRAMANAGING DIRECTOR AND SENIOR PARTNERGEHRA.BERNHARDBCG.COMDR.JULI

4、A GEBHARDT MANAGING DIRECTOR AND PARTNERGEBHARDT.JULIABCG.COMREI TANAKAMANAGING DIRECTOR AND PARTNERTANAKA.REIBCG.COMTAD ROSELUNDMANAGING DIRECTOR AND SENIOR PARTNER ROSELUND.TADBCG.COMJANNIK LEIENDECKERPARTNER AND ASSOCIATE DIRECTORLEIENDECKER.JANNIKBCG.COM0302THE AUTHORSThe global regulatory envir

5、onment has grown increasingly complex,and now spans a far broader range of issues than in the past.Compliance functions have been heavily affected as a consequence.They must deal with multiple growing challenges,such as sanctions and trade compliance and supply chain risks,as well as a general rise

6、in regulation and regulatory enforcement,especially in the environmental,social and governance(ESG)area.To compound matters further,the pace of change will only accelerate in a highly networked and digitized world.However,this new world should not only be seen as a challenge to overcome,but also as

7、an opportunity to create value for the company and forge ahead of rivals.As regulators raise the bar for all kinds of risks,the compliance function is set to play a pivotal role in managing these regulatory developments successfully and steering organizations through crises.For example,the prolifera

8、tion of sanctions over the past year has shone a new light on the crucial role of compliance departments in all industries.Similarly,headlines exposing greenwashing clearly demonstrate how important compliance departments are in guiding implementation of the relevant requirements.In these demanding

9、conditions,companies need to define the terms of their compliance mandate for their relevant risks,determine the role of their compliance function for these risks,and then optimize the function so that it lives up to the mandate.To create value,the compliance function needs to fulfill different role

10、s,according to the particular topic and specific risk.Companies that succeed in this endeavor will gain sustainable competitive advantage,boost customer loyalty and trust,attract and retain talent,and enhance their reputation for acting responsibly in a testing business environment.But exactly how a

11、re companies reacting to the changing compliance landscape in order to gain an advantage and get closer to their Target Operating Model(TOM)?Following our first RISK AND COMPLIANCE SURVEY FROM 2021,we repeated the exercise in May and June 2022,this time with the goal of identifying and then analyzin

12、g the core issues relating to risk and compliance.We interviewed 250 compliance professionals from companies across various industries around the world,and asked them to name the foremost issues and challenges faced by compliance organizations,and how are they fulfilling their compliance mandates.In

13、 asking these questions,we wanted to build a complete picture of the risk and compliance function,and how companies in general are coping with various types of risk and the myriad growing uncertainties in the global landscape.In a more complex world,simply writing policy guidelines and instructing e

14、mployees to follow the rules will not be enough to stay ahead of the game.Every company needs a strategy not just to manage current risks but also to adapt quickly as circumstances,rules,regulations,and expectations develop.The goal of this study is to provide companies with the perspective and tool

15、s they need to develop their compliance strategy,and then implement it successfully in the face of diverse and evolving compliance risks.COMPLIANCE MANDATEThe clearer the mandate of the compliance function,the more it can create value for the company.GEOPOLITICSIf a company is equipped with crisis r

16、esponse plans,and with procedures for swift action in response to volatile developments in supply chains and sanctions,the company will prove more resilient during times of geopolitical tension.ESG COMPLIANCETaking concerted action to mitigate risk of ESG regulation enforcement only works if the gap

17、s between ESG expectations and the reality are significantly narrowed.DIGITIZATIONAdequate operating models enable companies to meet future challenges and seize the opportunity to reduce the cost of compliance.CYBERSECURITYInsufficient investment in cybersecurity,resilience and testing,resulting in

18、a failure to keep pace with digitization or respond to escalating cyber threats,could have a significant impact on business performance and lead to an erosion of customer trust.BUSINESS ETHICSConsequent implementation of a defined ethical culture is the crucial step to establish a sustainable compli

19、ance awareness across the organization.WORKFORCEA strong workforce strategy,involving carefully considered recruitment,training,and retention,is essential in unleashing the potential for compliance as a competitive advantage.04INTRODUCTION05Our analysis revealed the following seven core topics and c

20、onclusions:1.2.3.4.5.6.7.Against a background of diverse and evolving compliance risks and rising uncertainties,setting out the compliance mandate and the role of the compliance function for different types of risk is critical.The survey reveals that compliance organizations are already dealing with

21、 a wide range of risk categories:fraud and financial crime risk,competition risk,information security/information technology risk,corporate and capital market risk,and employee risk.Interestingly,our analysis reveals that key ESG-related topics,such as sustainability,environmental law and human righ

22、ts,are on average only included in the compliance mandates of around half to two thirds of organizations.FIGURE 1:OUR FINDINGS ARE BASED ON FEEDBACK FROM 250 COMPANIES INDUSTRIESCOMPANY SIZE(#FTE)PARTICIPANTSCOMPANY REVENUE32%5%13%33%17%REGIONSFIGURE 2:KEY RISKS UNDER COMPLIANCE MANDATE(IN%)This poi

23、nt highlights a crucial theme when it comes to the value creation ambitions of a compliance function-the importance of cross-collaboration in ESG,risk and compliance management.The management of risk is not the sole preserve of the compliance and risk functions.Individual departments have in the pas

24、t often used their own piecemeal risk management methods to keep up with regulations.One frequent example is the procurement department.This siloed response fails to protect the business from financial penalties and negative public opinion.As many risks affect a variety of departments and processes

25、within an organization,effective collaboration is vital.The key to creating true value from these cross-functional collaborations is a clear delineation of roles,setting out which function has overall ownership of a particular area,and which is responsible for each part of the process.The role of th

26、e compliance function can range from advisor to central oversight.One real-world example would involve compliance departments collaborating closely with their colleagues in software and product development during agile development phases,making sure that they are involved early in the process and ac

27、hieving speed to output.DATA PROTECTION LAWMONEY LAUNDERING/TERRORIST FINANCING CYBER SECURITY REGULATIONSINTERNAL THEFT AND FRAUDTRADE LAW(IMPORT/EXPORT)SUSTAINABILITYOTHER COMMERCIAL CRIMINAL LAWHUMAN RIGHTSCORPORATE GOVERNANCE RULESDIVERSITY&DISCRIMINATION STANDARDSEXTERNAL THEFT AND FRAUDBRIBERY

28、/CORRUPTIONANTITRUST LAWENVIRONMENTAL LAWEMBEZZLEMENT1 Compliance Mandate/2 Geopolitics/3 ESG Compliance/4 Digitization/5 Cybersecurity/6 Business Ethics/7 Workforce94%93%89%87%79%75%74%66%65%64%62%56%54%52%49%06COMPLIANCE MANDATE:Emphasizing value creation1.07SURVEY PARTICIPANTSMuch of the everyday

29、 work of compliance functions is currently taken up with responding to the requirements of economic and trade sanctions during geopolitical tensions,and with the handling of global crises such as the pandemic.As the sanctions landscape becomes more complex and dynamic,sanctions compliance systems mu

30、st become more sophisticated in response,and must interface seamlessly with broader trade compliance capabilities.Resolute consensus among governments is forcing companies to take a political stance,willingly or not.This has become particularly true with economic flows being increasingly used as a s

31、trategic weapon in foreign and security policy.Companies need to be careful not to circumvent the growing number of financial and trade sanctions,including the recent wave of export controls related to high-end semiconductors.They need to develop a comprehensive organizational strategy that allows t

32、hem to monitor the details of an avalanche of newly introduced sanctions and respond accordingly in a timely manner.The limited ambition simply to follow rules will not be sufficient in a world that is moving so quickly.This years survey shows that sanctions and trade compliance have become even mor

33、e important to compliance organizations,and now ranks among the top five key topics.This is a jump of 15 places from our previous survey in 2021.Even without changes in regulatory or governmental requirements,any kind of upheaval can destabilize the environment in which the companies are operating.T

34、he global pandemic is such an example,and it shows how disruptions in supply chains can pose a major threat to multinational companies.Decisions had to be taken in a shorter time span,while new business partners had to be onboarded or new trade routes identified.Regular processes had to be expedited

35、 and different processes implemented.All these changes increased the risk of insufficient due diligence or of overlooking requirements.Reaction to these global crises in many companies has often been too slow.A companys previous work to establish transparency on these risks as well as its preventive

36、 measures were both crucial during these times and have certainly paid off.There is clearly a need for crisis response plans which facilitate swift decision making in relation to volatile developments in supply chains and government sanctions,as numerous jurisdictions continue to implement and enfor

37、ce local regulations.Unsurprisingly,given developments in Europe over recent months,survey participants for the first time rank geopolitical tensions as a key topic for compliance organizations(it is ranked at number 11).This correlates to the upward jump in sanctions and trade compliance,as geopoli

38、tical tensions lead to expanded trade regulations and retaliations.A robust compliance operating model ensures resilience against external shocks and uncertainties and strengthens crisis management.The major challenge in crisis management is simultaneously handling a multitude of issues that demand

39、a broad range of skills and capabilities.FIGURE 3:KEY TOPICS FOR COMPLIANCE ORGANIZATIONS1 Compliance Mandate/2 Geopolitics/3 ESG Compliance/4 Digitization/5 Cybersecurity/6 Business Ethics/7 Workforce08GEOPOLITICS:Responding to global events2.09CYBER SECURITY(incl.Data security)62%BUSINESS ETHICS 5

40、2%DIGITIZATION&DATA ANALYTICS 42%ESG(Environmental,social and governance)42%SANCTIONS/TRADE COMPLIANCE 36%DIVERSITY&RACIAL EQUITY 34%M&A(incl.due diligence of targets business partners)30%New business models 26%Global harmonization of standards/regulation 23%EU Directive on Corporate Sustainability

41、Due Diligence,German Supply Chain Due Diligence Act22%Need for efficiency gains20%GEOPOLITICAL TENSIONS 17%Digital Markets Act(DMA)16%EU Whistleblower Protection Directive(2019/1937)15%EU Digital Services Act(DSA)14%EU AML Action Plan 14%EU Taxonomy for sustainable activities(Green taxonomy)13%Adver

42、se media coverage(e.g.Influencer Marketing)12%EU Artificial Intelligence Act(Draft)10%Environmental,social and governance(ESG)issues have become a critical component of modern business practices.The reasons are clear rising regulatory expectations,an increasing awareness of the threat of global warm

43、ing,and more concern about the impact of company operations on the world around them.Since 2018,authorities worldwide have issued more than 170 new or amended ESG regulations.Guidelines such as the EU Corporate Sustainability Reporting Directive(CSRD)are set to be further codified by clear standards

44、 currently being developed by the European Financial Reporting Advisory Group(EFRAG)(see the recently published BCG paper “ESG COMPLIANCE IN AN ERA OF TIGHTER REGULATIONS”).Companies must handle changing ESG regulations on topics such as climate change,human rights,and diversity.Given the major gap

45、between expectations and current reality,ESG compliance has placed companies under considerable pressure.While cross-divisional collaboration can help to accelerate action and mitigate the risk of regulatory enforcement or losing investors and clients,breaches of so-called social compliance lead to

46、significant reputational risks.The increasing importance of ESG is clearly reflected in our survey results,irrespective of the particular companys region,industry or size.A significant proportion(43%)of respondents selected ESG as one of the top five trends or topics that are most relevant for their

47、 compliance organization.Moreover,a large majority(79%)reported that their commitment to ESG has intensified over the past two years.This is in part because they see a notable increase in the amount of ESG regulation,and greater enforcement of these regulations for companies which engage in greenwas

48、hing or have not implemented the required changes to their products,services,reporting mechanisms or organizational structure.Indeed,approximately 60%of respondents say that regulators are having the greatest impact on their ESG efforts.After regulators in the ranking come customers(48%),and employe

49、es(47%).Respondents are fully aware that increasing regulatory demands threaten a companys survival.If its pursuit of ESG is less than comprehensive,it will buckle under the weight of sanctions and a worsening reputation.DEEP DIVE:THE NEED FOR AN HOLISTIC APPROACHIn February 2022,the EU Commission a

50、dopted a proposal for a directive on corporate sustainability due diligence.The aim of this directive is to foster sustainable and responsible corporate behavior,and to anchor human rights and environmental considerations in companies operations and corporate governance.The draft regulation requires

51、 large EU companies,and some non-European companies with significant business operations in Europe,to assess their actual and potential human rights and environmental impact throughout their operations and their supply chains,and to take action to prevent,mitigate,and remedy the harms to human right

52、s and the environment that have been identified.Similarly,the soon-to-be-implemented German Supply Chain Due Diligence Act is designed to protect human rights and the environment in supply chain operations.Companies need to respond with a holistic rather than a siloed approach.Indeed,a governance tr

53、iangle should be formed:the procurement function should examine vendors in detail;the human resources function should look at how employees are treated in the supply chain;and a human rights department can be introduced to consolidate the companys overall approach and manage reporting(see recently p

54、ublished BCG paper“MANAGING SUPPLY CHAIN RISK AN UPDATE ON LEGAL AND STRATEGIC REQUIREMENTS”).Some jurisdictions,such as Australia,actually have a regulatory requirement to nominate a human rights officer.A holistic process is also necessary for ESG measurement,steering and reporting,where similar m

55、ethodologies should be used throughout the organization.The survey reveals that the role of the compliance function differs from company to company.It can range from oversight over all ESG topics to responsibility for certain selected areas.The role of the compliance function for ESG in each company

56、 should be appropriate for the relevant business,operating model and ESG factors.However,given that ESG spans several existing risk categories that typically fall within the compliance mandate,the compliance function usually plays an important role in ESG management.In particular,its experience of r

57、isk management systems should be sought when setting up governance,standards and reporting lines so that the compliance function can create the greatest possible value in a given area.1 Compliance Mandate/2 Geopolitics/3 ESG Compliance/4 Digitization/5 Cybersecurity/6 Business Ethics/7 WorkforceFIGU

58、RE 4:MAIN DRIVERS FOR ESG EFFORTS020406022%26%47%48%58%10ENVIRONMENTAL,SOCIAL AND GOVERNANCE(ESG):Meeting stakeholder expectations3.11Dealing with burgeoning regulation can easily lead to spiraling costs.So how then do companies and their compliance functions manage to inject efficiency into this pr

59、ocess while still operating in the most effective way possible?Digitization is the most common answer to this question.However,it is important to have a clear definition of what this entails.Companies need to understand what their problems are,what needs to be done and how digitization can help to r

60、each these objectives.Upgrading the front end while the back-end processes are still manual and inefficient does not add up to genuine digitization.Cross-divisional collaboration for rethinking the end-to end client journeys is necessary,focusing at all times on what benefits the client experience.I

61、n that regard,digitization can certainly contribute greatly to raising efficiency,for example by streamlining labor-intensive processes such as Know Your Customer(KYC),transaction monitoring,screening and risk assessments,making controls more automated and data-driven,and reporting.Automated documen

62、t capture and read-out of relevant data such as“use of goods”can reduce the cost of compliance and error rates(see,for example,the BCG LinkedIn article“FUTURE PROOFING COMPLIANCE WITH TECHNOLOGY&DIGITAL”).Despite digitizations potential,many companies are not properly preparing their operating model

63、 to meet future challenges,and are missing the opportunity to reduce the cost of compliance.Indeed,a TOM and an integrated architecture(processes,data,applications,and tools)are often lacking,despite the fact that digitization requires an overarching strategy and clear objectives.For example,univers

64、al banks have often invested in tools which come from various sources and are disconnected from each other.As a result,businesses often lack support when it comes to data,artificial intelligence,anti-financial crime and fraud efforts,and getting ahead in the war for talent.Respondents to our survey

65、certainly see the importance of digitization.They cited digitization and data analytics as one of the top five trends in compliance,and one third of respondents pointed to it as a key challenge for their compliance organization.Moreover,the integration of business and digital goals is seen as a majo

66、r challenge among the participants.More than half(54%)claim they are well or very well positioned to adapt to the digitization trend.However,more detailed questions on digitization maturity show there is much work still to be done.Although the majority say they are well or very well positioned to ad

67、apt to the digitization trend,more than half of respondents(52%)state that they have not advanced very far along this road.They are only just starting to air ideas and introduce pilots for one-off digital initiatives within selected parts of their compliance organization,but are not fully aware of t

68、he digital use cases that exist.Companies with a more advanced Compliance TOM appear to have started the digitization journey earlier.They are more aware of the role digital can play,and understand data strategy.Those who say they have made considerable progress attribute their success to making dig

69、ital compliance their top priority and an integral part of the CEO agenda.This finding reaffirms the hypotheses reached in the BCG ESG,COMPLIANCE AND RISK REPORT 2021.At the other end of the scale,24%of respondents admitted they are dealing with the development of digital compliance strategy either

70、poorly or very poorly.Indeed,respondents at every level of compliance maturity said they are still working on the development of a fully digitized compliance function.FIGURE 5:DIGITIZATION READINESSFIGURE 6:DIGITIZATION READINESS1 Compliance Mandate/2 Geopolitics/3 ESG Compliance/4 Digitization/5 Cy

71、bersecurity/6 Business Ethics/7 Workforce6%35%31%10%0204018%020406012DIGITIZATION:Making up for lost time4.13The effective application of technology in compliance requires excellent planning and careful orchestration of many different elements.Companies need to be able to analyze the vendor landscap

72、e,and ensure that the selected compliance technology fits neatly with operational needs.This in turn requires deep knowledge of data protection regulation in different jurisdictions,and an innovative,digitally oriented mindset.As with cybersecurity,the compliance workforce must comprise a diverse ra

73、nge of subject matter experts if it is to implement a successful digital compliance strategy.There is a growing demand for cyber risk professionals,who can bring risk domain expertise to address the increasing risks of cyberattacks and compromise.Indeed,the slow pace of digitization within the compl

74、iance function can be mainly put down to a lack of sufficient know-how and tools.Many companies are keen to tackle the know-how gap by developing a comprehensive people strategy to attract talent with the required expertise to exploit the potential of digital across the compliance unit.A good exampl

75、e of such upskilling efforts would involve building up a hub team,staffed with data scientists and engineers,as well as a spoke team,comprising data scientists and engineers who only work with compliance-related projects and hence build subject matter expertise.As companies deploy transformative Art

76、ificial Intelligence(AI)tools,they must ensure that they introduce these solutions in a responsible way,mitigating any potential risks to their business and protecting consumers.With the imminent arrival of the European Unions AI Act,one of the first broad-ranging regulatory frameworks on AI,the fai

77、lure to implement Responsible AI successfully will lead to serious implications(see BCG paper“RESPONSIBLE AI FOR AN ERA OF TIGHTER REGULATIONS”).To have people who are carefully and diligently working on and learning from these technologies is of critical importance for organizations and for the peo

78、ple who will suffer the consequences of AI systems that are not equipped with ethical guardrails.Increasing impacts from cyber and privacy attacks continue to escalate in prominence and frequency.As companies operate in an increasingly digitized way,the more they will need to assess and enhance thei

79、r cyber-resilience.When asked which topic was most relevant for their compliance organizations,the clear winner was cybersecurity.Indeed,the topic was cited by 62%of respondents,10 percentage points more than business ethics,the next most cited topic.This comes as no surprise,given the considerable

80、risksto the business,customers,and reputationin neglecting cybersecurity.Cyber threat actors are becoming more aggressive,more sophisticated,more persistent and more successful.Companies have therefore been strengthening their commitment to cybersecurity,especially amid heightened geopolitical tensi

81、ons.Many companies do not yet have adequate cybersecurity capabilities,management and governance processes,with insufficient investment in security,resilience and testing.They currently lack the right monitoring,controls and warning indicators to both prevent,respond to and recover from cyber threat

82、s.Lack of security investment,resulting in a failure to keep pace with digital investment,can exact a high price at an unknown later date.Regulation is tightening in this sphere too,for example with the Cyber Incident Reporting for Critical Infrastructure Act,signed into law in the United States in

83、2022.The law sought to ensure that critical private sector entities report cyber incidents and ransomware payments to the US government.It is therefore encouraging that 73%of respondents say they are already well or very well positioned to improve performance in this regard,thanks largely to the fac

84、t that their compliance mandates include cybersecurity regulations and data protection laws.FIGURE 7:CYBERSECURITY READINESS1 Compliance Mandate/2 Geopolitics/3 ESG Compliance/4 Digitization/5 Cybersecurity/6 Business Ethics/7 Workforce1%3%23%43%30%02040601415CYBERSECURITY:Addressing critical gaps5.

85、Strong cybersecurity also requires good IT infrastructure management.However,more than a third(38%)of respondents say that adequate IT infrastructure remains one of their three biggest challenges,and 27%say they are not well equipped to deal with it.To overcome these challenges and rapidly improve c

86、ybersecurity,a committed senior management must implement a top-down strategy with a persistent emphasis on identifying and protecting their highest risk assets,while the compliance departments should always be closely involved to ensure that key regulatory developments are managed and governed effe

87、ctively.Companies will need to introduce a range of cross-functional initiatives,designed to encourage collaboration,and spread diverse subject matter expertise among business units and corporate functions.Such collaboration is critical,with the goal of establishing resilient cybersecurity processes

88、 comprising various elements,such as IT,operational risk,business continuity,anti-fraud and data protection.A critical element of cybersecurity is effective staff education and awareness of the required cyber practices.Stolen credentials are responsible for more than half of ransomware attacks,not l

89、east because passwords such as“123456”or“qwerty”are still very commonly used.Enforcing password requirements,multi-factor authentication and applying security patches are important contributory factors to the effective prevention of attacks.Threats and risks will still flourish if companies continue

90、 to overlook the human element of cybersecurity,no matter how substantial the investment in security tools and network defense.The first,and in this context the last,line of defense against cyberattacks needs to be enabled in order to ensure secure operations.Organizations should provide employees w

91、ith time,education,and resources to learn more about cybersecurity,and take a human-centric approach to designing training,cyber practices and incident responses in the event of attacks.Above all,companies need to know what cyber-risk profile they are aiming to achieve,and where the most important g

92、aps remain.Scenario-driven exercises that simulate cyberattacks assist teams to build and develop the critical skills and experience needed for effective incident response.A comprehensive cybersecurity strategy is necessary.It should be supported by management and receive the required level of inves

93、tment to maintain the organizations cyber-risk profile within its risk appetite.An innovative approach would be to bring customers and other stakeholders on board in striving to boost cybersecurity.A trend exists at the moment to offer hackers a bonus(bug bounties)if they manage to enter the relevan

94、t companys system and then log and report their activity.Moreover,there is an increasing focus on collaboration and information sharing between organizations,industry sectors,governments and consumers.Cyber is a collective problem,requiring a collective response.A culture of integrity,where employee

95、s actually practice what the company preaches on ethical business behavior,nurtures prudent decision making in difficult situations and elevates compliance departments to the position of influential and sought-after advisor.The importance of this topic was clearly reflected in our survey.More than h

96、alf of all respondents-regardless of industry and region or maturity stage-included business ethics among the top five topics most relevant to their compliance organizations.All respondents said that business ethics is a key component of proper governance.Given the significance attached to this area

97、,companies are keen to promote ethical behavior in their business practices.A high percentage(79%)rank themselves as either well or very well positioned in this regard,while just 4%say they are poorly or very poorly prepared.Respondents generally agree that their written codes of conduct are now wel

98、l established,and have been clearly communicated to all employees(70%).Moreover,a majority report that their compliance mandates include specific risks related to business ethics.FIGURE 8:TREND ADAPTION BUSINESS ETHICSHowever,our survey suggests that many companies still struggle to create effective

99、 whistleblowing systems that promote a culture of speaking out in response to non-compliant behavior.1 Compliance Mandate/2 Geopolitics/3 ESG Compliance/4 Digitization/5 Cybersecurity/6 Business Ethics/7 Workforce161%3%18%31%48%17BUSINESS ETHICS:Establishing a culture of integrity6.0204060Given its

100、importance in the effectiveness of whistleblowing,it is perhaps not surprising that a significant number of participants(30%)state that culture is one of their top five overall compliance challenges.A sustainable ethical culture with robust compliance and a strong sense of integrity leads to three m

101、ajor commercial benefits:it creates economic advantage for companies,prevents substantial fines and reputational damage,and helps to attract and retain key talent.But what are the necessary elements that combine to create such a sustainable compliance culture?One important success factor,widely acce

102、pted in the compliance community,is clear leadership behavior.The success of an ethical culture greatly depends on executives setting the tone from the top,acting as role models in living up to cultural standards.One quarter of our respondents say that establishing a“sense of urgency from senior man

103、agement”is among the top five challenges for their compliance organization.Every employee should be fully aware that compliant behavior is vitally important for the whole organization and that senior management will be held accountable for any misconduct.Companies can find it difficult to establish

104、a compliance culture that incentivizes employees to live a culture of integrity and indulge in the right behaviors.Making guidelines simpler for employees would certainly help.An unwieldy number of rules that are difficult to put into practice hinders effective and successful compliance.Making the p

105、rocesses user-friendly,on the other hand,will boost compliance with standards and foster an ethical culture.The target culture should be articulated clearly,providing enough use cases to demonstrate the connection between concept and business practice,so that employees all immediately recognize what

106、 correct behavior looks like and can report things they believe are not right.Certain factors that are vital in building the right culture-the tone from the top,accountability,incentives and communication-can be measured and controlled.Indeed,data and technology can be put to good use here.Digitizat

107、ion can certainly also make it more straightforward for employees to be compliant due to the greater ease of communicating and following due process.See also the BCG publication PERSPECTIVES ON MONITORSHIPS AND SUCCESSFUL COMPLIANCE TRANSFORMATION A BCG COMPLIANCE MAGAZINE SPECIAL ISSUE.DEEP-DIVE:WH

108、ISTLEBLOWING Recent regulatory action has made whistleblowing a clear priority for all compliance departments.In 2019,for example,the European Union(EU)passed their Whistleblower Directive,aimed at protecting whistleblowers.By 2023,companies with more than 250 employees in scope of the German Supply

109、 Chain Due Diligence Act must implement a system in which employees and external third parties can report potential misbehavior.In 2019,the EU passed the EU Whistleblower Directive,aimed at the protection of whistleblowers.From December 2021,companies with more than 250 employees have needed to impl

110、ement a system where employees and third parties can report potential misbehavior These organizations therefore need to put in place a complaints mechanism where all people,regardless of their connection to the company,can report incidents relating to violation of human rights and certain environmen

111、tal protection laws.Whistleblowers can choose to report their concerns either internally or to external authorities.In specific circumstances,they can even report their concerns publicly,through social media for example,leading to reputational damage.The identity of whistleblowers and any third part

112、ies mentioned must always remain confidential.Because ESG,risk and compliance have become more complex,and the demands of agile,customizable collaboration models have grown,the compliance team needs to incorporate a more diverse skillset,involving a range of technical know-how,subject matter experts

113、 and take on various roles.This increase in demands for compliance workforce coincides with a tense labor market where finding candidates is a challenge already.Qualified employees have more demands and expectations towards ethics and ESG.More than anything else,it is now the quality of the workforc

114、e that determines the success of a companys compliance management.A strong workforce strategy involving recruiting new people and upskilling current employees-is therefore essential in unlocking the potential for compliance as a competitive advantage.A human resources department that effectively man

115、ages this strategy and mitigates risks will raise a companys standing in the market.Attracting new talent,devising hiring strategy,ensuring the availability and capacity of training,and retaining employees in the midst of the Era of Great Resignation,are all issues faced by companies across all indu

116、stries in our survey.When asked about the challenges they foresaw for their compliance organization,almost 70%of respondents pointed to“attracting talent,”a far higher proportion than for any other option.Moreover,the survey reveals that all companies regardless of industry have yet to find the idea

117、l strategy in response,saying that they are merely adequately,or even poorly,positioned for this challenge.Moreover,attracting talent is unlikely to get any easier,given that 68%of respondents say the required range of qualifications for roles in their compliance organizations-comprising skillsets,e

118、xpertise,and technical qualifications-is only likely to expand,and a further 18%say it will expand significantly.The growing importance of cybersecurity and the digitization of compliance activities are a major concern among respondents when considering the future of the workforce.Subject matter exp

119、ertise,cross-functional collaboration,and an awareness of the ever-growing inventiveness of hackers and cybercriminals will be essential.The workforce of the future will need to stay up to date technologically and adapt quickly to changing risks and regulations.As was reflected in respondents concer

120、ns,the requirements for the future workforce extend well beyond technical know-how.As the risk and compliance environment grows increasingly complex,the emphasis on strong business ethics will only increase,encouraging employees to make their own ethical assessments of what is right and wrong.Simply

121、 ticking boxes indicating compliance with various regulations will no longer suffice.The growing emphasis on ESG and other topics obliges the compliance workforce to keep abreast of developments,see the bigger picture,apply their expertise to new areas and think along more global lines,while keeping

122、 pace with the required new collaboration model to manage risk cross-departments.As the social component of ESG grows in importance,companies will need to be sensitive to the human rights risks that flow from working with multiple suppliers and global sources.1 Compliance Mandate/2 Geopolitics/3 ESG

123、 Compliance/4 Digitization/5 Cybersecurity/6 Business Ethics/7 Workforce1819WORKFORCE:Securing the right skills7.FIGURE 9:CORE CHALLENGES FOR COMPLIANCE ORGANIZATIONS IN THE FUTUREPolitical issues are encroaching more than ever on the global economy.Compliance professionals must therefore be able to

124、 identify and analyze complex scenarios,and consider both political and economic factors.This will help to ensure that their companys compliance strategies,and how they are implemented,are flexible enough not just to react to events but to anticipate them and prepare accordingly.The attitudes of emp

125、loyees are also changing,and companies must adapt accordingly to attract them and keep them on board.Members of Generation Z in particularthose born between 1995 and 2010say they want their work to add value to society,and care more about ESG when choosing their employer.Moreover,new employees expec

126、t companies to allow for remote working and offer state-of-the-art digital technologies and work processes.As the talent war intensifies,companies therefore need to manage their ESG-related reputations with care,and think differently about their working practices and their impact on risk and complia

127、nce.In some sectors in particular,companies are heavily burdened by the effort required to prevent ESG violations and implement social compliance throughout their supply chains,and by the constant threat of regulatory retaliation and reputational damage.This is particularly true for industrial goods

128、 and healthcare companies.The implementation of due diligence in 3TG(tin,tungsten,tantalum and gold)supply chains enables responsible sourcing of 3TG from countries like Nigeria.New regulations and campaigns against bribery and corruption in many countries have raised the bar for supply chain compli

129、ance risk management in all industries.The general population sets higher standards for public or private sector entities in healthcare in particular.Many of these organizations need to make significant enhancements to the current relevant supply chain and business partner due diligence processes,e.

130、g.by raising the level of automation.In this way,they can avoid regulatory scrutiny,negative headlines and loss of face with their own workforce.Simply advertising for a position will not achieve the requisite results.Companies need to be more imaginative in their talent strategies,more aware of div

131、ersity and inclusion,and ready to respond to the demand for a more flexible workplace.They also need to be careful that the rapid expansion of compliance organizations-57%expect them to increase in size does not damage efforts to establish the right culture,given the difficulty of transmitting compa

132、ny values to many new joiners at the same time.Recruiting new people alone will not be sufficient in building the right workforce.As technology advances and workplace strategies evolve,existing employees will need to be trained in relevant new knowledge and skills.Training capacity,including substan

133、tial ramping up of relevant IT capabilities,should therefore be greatly expanded.Indeed,companies need to develop a clear and comprehensive workforce strategy that does not leave the company vulnerable to skills deficiencies at any given time.Our survey makes clear that compliance organizations shou

134、ld be equipped with a diverse skillset that can deal with all relevant types and areas of risk,and can fulfill the various roles required within flexible collaboration models.In a more competitive world,companies should pinpoint exactly what skills they most need,where they can be found and how they

135、 can be developed.It is not feasible to fight for talent on all fronts,and companies must therefore focus on their priority areas.20ATTRACTING TALENT68%ORGANIZATIONAL COMPLEXITY(e.g.between business units)43%Sufficient IT-infrastructure38%Overall rising costs for compliance37%Rising regulatory scrut

136、iny36%Sufficient workforce capacity for implementation33%Development of a digital compliance strategy32%Supportive overall culture32%Sufficient budget for implementation32%Cost cutting30%Leveraging internal knowledge28%Integrating business goals and digitization goals26%Sense of urgency from senior

137、management25%Improving efficiency of first line of defense25%Leveraging external knowledge15%21Boston Consulting Group(BCG)partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities.BCG was the pioneer in business strategy when it

138、 was founded in 1963.Today,we work closely with clients to embrace a transformational approach aimed at benefiting all stakeholdersempowering organizations to grow,build sustainable competitive advantage,and drive positive societal impact.Our diverse,global teams are passionate about unlocking poten

139、tial and making change happen,delivering integrated solutions through leading-edge management consulting,technology and design,and corporate and digital ventures.Whether you want to advance an idea,a capability,or the world at large,BCG is with you every step of the way.We excel in the business of h

140、uman potential,and believe in its power to shape strategic,organizational,economic,and societal change.Companies need to take action in various areas in order maximize the value creation of their compliance organizations.They need to define the precise mandate of the compliance function for each typ

141、e of risk,define an adequate approach of its role to address the different demands,and clearly allocate other relevant responsibilities across different departments.Plans for swifter and nimbler crisis response can minimize the impact of major geopolitical events that have bedeviled businesses in re

142、cent years.On environmental,social and governance issues,they have to bridge the gap between their communicated ambition and the often much more modest reality.Many companies have fallen dangerously behind in the digitization journey.As they hurry to rectify this situation,they need to maintain thei

143、r focus on what the clients want and what their business needs.On cybersecurity too,they often have much ground to make up,and senior management should urgently implement a comprehensive value-for-money strategy and a range of cross-functional initiatives.To foster ethical behavior,companies must ta

144、ke the necessary steps to change the culture,and make it simpler for employees to voice any concerns.Regulators,investors,customers and employees are probing this gap with increasing energy and concern.But of all the factors that make for a successful compliance organization,the right workforce is e

145、ssential.No such organization can prosper,therefore,without a prudent workforce strategy that considers how best to attract,retain,motivate,and train their people.Given the clear need for a more diverse skillset addressing the functional demand as well as the role flexibility,the definition of an ap

146、propriate people strategy is key.FOR FURTHER CONTACT If you would like to discuss this report,please contact one of the authors.For information or permission to reprint,please contact BCG at .See for BCGs latest content.There,you can also register to receive e-alerts about this or other topics.Follo

147、w Boston Consulting Group on Facebook and Twitter.Boston Consulting Group 2021.All rights reserved.11/2022CONCLUSION ABOUT BCGBoston Consulting Group(BCG)partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities.BCG was the pione

148、er in business strategy when it was founded in 1963.Today,we work closely with clients to embrace a transformational approach aimed at benefiting all stakeholdersempowering organizations to grow,build sustainable competitive advantage,and drive positive societal impact.Our diverse,global teams are p

149、assionate about unlocking potential and making change happen,delivering integrated solutions through leading-edge management consulting,technology and design,and corporate and digital ventures.Whether you want to advance an idea,a capability,or the world at large,BCG is with you every step of the way.We excel in the business of human potential,and believe in its power to shape strategic,organizational,economic,and societal change.ABOUT BCG