DLA Piper's "2018 Compliance & Risk Report" on the results of its third annual survey of 65 public and private company (approximately 50%/50% split) in-house counsel, corporate compliance officers (CCOs), and board members reportedly reveals increased concern among compliance officers about their and their CEO's personal liability compared to last year's report, deemed by the firm to be potentially attributable to the increased number and complexity of M&A deals and associated regulatory and contractual obligations, and challenges associated with technology - both the dearth in the use of technology by the Compliance function relative to the rest of the business, and the risks associated with misuse or inadvertent disclosure of the technologically-generated data for those that have embraced and leverage it.
Among the key findings:
- 75% of CCOs reported being at least somewhat concerned about their personal liability as a CCO or that of their CEO, compared to 66% last year (however, note the different respondent demographics last year: 40% public co./60% private co.)
- The Compliance function most commonly reports to the GC or CLO - at 51% of respondent companies, up from 34% in 2017 and 44% in 2016. Reporting to the CEO ranked second at about 36%.
- 63% of companies report metrics to their board and/or the audit committee, and reporting is typically quarterly (68%).
- Audits, training data, and outside assessments/benchmarking (in that order) are the most commonly-used tools to evaluate the effectiveness of respondents' compliance programs, and in-house counsel is the most commonly-leveraged compliance program resource.
- Respondents identified data breaches/data privacy and cybersecurity as the compliance risks that consume the most resources, followed by general increased regulatory risk.
- Encouragingly, 89% of compliance executives said they had sufficient resources, clout and board access to some or a great extent to support their ability to effectively perform their job.
In addition to other noteworthy benchmarking information, the report includes basic principles and best practices for compliance programs and board reporting, training, and expertise, and practical guidance throughout.