With the introduction of General Data Protection Regulation (GDPR), chief compliance officers need your attention in 2018 more than ever. Often perceived as "those people" who force a bunch of bureaucratic policies and procedures on you, it's time for employees to appreciate what's behind all the data rules and unexpected audits from compliance officers. Here's how you can show them some understanding this year.
Remember, your chief compliance officer (CCO) is not auditing your group or office for their own jollies. Their governance audits and monitoring activities give the board and management team the data they need to meet organisational responsibilities. With their compliance oversight, board directors frequently task the CCO with an internal audit in an area of concern or ask when the last FCA-compliance audit was completed.
The compliance buck stops with your management — if there's a regulatory violation that hurts the stock price or consumer perceptions of the brand, their job could be on the line. Your compliance officer backs up your leadership every day, and so should you. When you need to do an audit, just get it done with as little drama as possible. You'll make your CCO's day.
CCOs have been trying to improve employee understanding of compliance in 2018. Make a point to attend webinars or office meetings where a compliance officer talks about the "culture of compliance" they are trying to build within your organisation. Absorb why it's needed. Take the principles to heart and act on them. Try using the whistleblower channel when you see unethical or abusive behaviour. If you don't report it, who will?
Endeavor to learn enough about GDPR, so you think — or at least ask questions — before you grab data from a European office or customer database and save it on an overseas server. The GDPR penalties that kicked in in May can be staggeringly expensive.
Don't Ignore Those Training Reminders
Do you ever put off those sessions on online ethics, sexual harassment or Data Security and Protection Toolkit (DSP Toolkit) training? Yes, you see the email reminder, but you may brush it off because you are busy with your "real" job. You might even find these reminders annoying. Yet, the compliance officer must cross off these significant compliance checklist items, or face regulatory scrutiny and board ire.
In 2018, show some love to your CCO by getting these trainings done within a few days. Schedule it into your day, and don't dismiss the reminder. Do it. These trainings are regulatory requirements or settlement stipulations for high-risk items. Rip through them to avoid a nastygram from your boss or being singled out in a management meeting for team non-compliance.
Use Compliance Technology
KPMG reports that 69% of CCOs say their organisation leverages technology for compliance initiatives. Do you use them? You might be able to privately and confidentially report regulatory or ethical risks you observe but are not comfortable reporting to HR or your boss. New technology is available to help you figure out if an activity you are considering doing overseas might get you in trouble with GDPR or other regulatory standards, such as the Bribery Act.
Try to use the technology your CCO makes available this year. Not only will you possibly eliminate a huge company risk, but you can also help grow data pools to power the compliance analytics that chief compliance officers desperately need.
Be Patient with Partner Diligence and Audits
You might groan about the long due-diligence checklist you must complete before you can sign with that great new partner you found. Associate contract stuff might drive you crazy when it holds up the signing of a new deal.
Just realise that third-party risks for stolen data, privacy and security breaches are one of the fastest growing corporate risk factors. Around 47% of chief compliance officers say third-party risk management is "the most challenging aspect" of their compliance and ethics programme, according to Deloitte's latest Compliance Trends survey. To effectively protect information, data managers must work closely with compliance officers.