Working out where to prioritize in 2024 is a challenge every Compliance Leader is grappling with. Here, we summarize the top 5 trends we’re seeing across the market.
Over the past months, we have spoken with hundreds of compliance leaders and, when combined with recent findings from industry leaders like KPMG, Accenture and Deloitte, the trends are clear.
In this article, we summarize the most pressing challenges compliance leaders are likely to face in 2024: starting with the biggest topic of this year which will continue to require our attention: artificial intelligence.
1. Using Artificial Intelligence and Automation
Let’s start with a fact. 54% of respondents to the latest Accenture Compliance Risk Study say that artificial intelligence and machine learning technologies will strengthen compliance.
In the same study, 93% of surveyed respondents agree that AI and cloud compliance tools remove human error, automate manual tasks, and prove to be more effective and efficient.
In short, we know that artificial intelligence will help us in the year ahead. It will create efficiencies that were previously not possible.
A 2023 study conducted by compliance & risk management company, Hyperproof, found that 85% of compliance professionals said their risk and compliance management team spends at least 30% or greater of their time at work on repetitive tasks—a prominent contributor to stress and burnout.”
It is in this area that AI, and in particular, generative AI, can really drive efficiencies.
The latest compliance-specific generative AI software can analyze and interpret complex regulatory and policy documents and give answers to any questions you ask in seconds. This can help in several ways.
It can help you quickly identify organizational policy gaps – reducing time reading through hundreds of pages of multilingual policies.
It can be used by employees to get instant answers to their compliance questions – reducing having to answer repetitive questions.
It can track requests, replies, and reports to give you a complete audit trail for regulators – ultimately, reducing stress.
Moreover, the current capability of AI has the potential to reach some of compliance’s other critical pain points.
It could enable you to compare and analyze policies and guidelines and get recommendations on where to improve.
It could help you detect overlaps and contradictions in large policy document sets.
And it could help in analyzing and identifying discrepancies between two sets of policies during an M&A.
As research and analyst firm Gartner identified in its mid-2023 report, “Compliance leaders anticipate technology will be one of the areas of highest spend increases this year.” Given these advances in AI over the past 12 months, it’s little wonder.
In short, compliance professionals must harness this new generation of AI technologies to reduce the manual burden and open the door to greater efficiency, agility, and risk prevention.
Failing to do so opens the doors to additional risk with a regulatory landscape increasing in scope and complexity.
2. Preparing Ourselves for Global AI Regulations
Of course, the positive elements of AI aren’t going to be the only major impact on compliance professionals in 2024.
News in late 2023 gave us a taste of what’s to come.
Let’s start with the EU. In Q1 2024, A European legal framework for AI to address fundamental rights and safety risks specific to AI systems comes into force.
The goal of this legislation is to:
- Guarantee AI safety and adherence to fundamental rights and EU values.
- Promote legal clarity to boost AI investment and innovation.
- Strengthen governance and enforcement of AI fundamental rights and safety laws.
- Support the creation of a unified market for compliant, secure AI systems to avoid market division.
Compliance professionals in the EU, or those who work for an organization with a presence in the EU, need to start preparing now, particularly in the areas of risk management and regulatory alignment. Especially as the end of the transition period is set for 2025.
In the US and the UK, things aren’t quite as clear-cut. That doesn’t mean change isn’t coming, however. In October 2023, President Biden issued the US Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence.
For compliance professionals, the Executive Order outlines responsibilities regarding AI system development oversight, privacy and data protection enhancement, bias and discrimination prevention, consumer and worker protection, innovation support, international collaboration, and guidelines for AI in government applications.
Compliance professionals need to stay informed about these standards and regulations to ensure that their organizations align with the new federal requirements. Should they pass through Congress, that is.
Similarly, in November 2023, British Prime Minister Rishi Sunak launched the AI Safety Institute. To quote the government’s press release, “Its mission is to minimise surprise to the UK and humanity from rapid and unexpected advances in AI. It will work towards this by developing the sociotechnical infrastructure needed to understand the risks of advanced AI and enable its governance.”
In other words, it will impact us as compliance professionals, too.
All these potential changes point to the same thing: in 2024, we need to educate ourselves on AI and its compliance implications before it becomes an unbearable burden.
3. Dealing with Cybersecurity Threats
You may wonder why Cybersecurity features in a compliance trends report for 2024. After all, Cybersecurity is nothing new. Though that might be the case, it remains a key focus for the year ahead.
After all, in Accenture’s Compliance Risk Study, “Banking, health and public services, insurance, and software and platform respondents cited cybersecurity as one of the top two compliance challenges they face today.”
With remote and hybrid working becoming the norm for most organizations, employees and vendors are accessing your systems from across the world. And not all will be taking the requisite methods to ensure they’re not leaving themselves open to attacks.
It’s not getting any easier, either. Recent research by Cybersecurity Software company Check Point reports a 38% Increase in 2022 Global Cyberattacks.
It can be an expensive business, too. IBM’s Cost of a Data Breach 2023 Report indicates that data breaches cost businesses an average of $4.45 million, a 15% increase over three years.
As compliance professionals, we play a key role in managing and communicating this organizational risk. Because it’s not just expensive, it can lead to legal penalties, criminal sanctions, reputational damage and loss of third-party trust.
Moreover, not complying, specifically where there are criminal sanctions for non-compliance, can sometimes lead to individuals and companies being banned from operating in their industry or region.
In the worst-case scenario, it could lead to companies being served cease and desist orders, and senior management faced with prison charges.
Needless to say, it remains one of the most serious issues in compliance today.
So, what can be done?
Well, ultimately, it’s what we already know. Continuous compliance monitoring. Regular updates to security policies. Training (and retraining) your employees.
This, of course, takes time. But the Compliance AI technology discussed earlier in this article might go some way to making this a whole lot easier.
4. Corporate Sustainability Due Diligence Directive
In 2024, the EU is about to shake things up with a couple of new rules that will change how companies think about human rights and taking care of the planet.
We’re talking about the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD or CS3D Directive). It’s a bold move toward making businesses more open and responsible.
What’s the buzz about? Well, the European Commission has a new rule on corporate sustainability. It’s not just European companies that need to pay attention – even U.S. companies doing business in the EU are in the spotlight.
Predicted to come into force in 2024, companies in the EU could be required to dig into how they impact human rights and the environment.
And this isn’t just about what your organization does directly; it’s about your entire supply chain.
So third-party risk is significantly heightened. If your organization slips up, it could face serious financial and legal headaches.
With the EU pushing for stricter rules on corporate sustainability, companies worldwide need to steer through these changes, using compliance to keep their global edge.
Here’s a stat to chew on: 48% of organizations report that keeping track of how their third-party partners comply is a real challenge, according to GRC company, MetricStream.
Plus, according to US research company Ponemon Institute, another 48% don’t even have a complete list of all the third parties that can access their network.
So, there’s a lot of homework to do in 2024 for businesses wanting to stay ahead in this new, more regulated world.
5. More Complexity, Less Budget: Building a Better Compliance Program with Less
Right now, compliance departments are feeling the squeeze. Teams are confronting a perplexing paradox: as the complexity of your work escalates, your resources to manage it are dwindling.
A recent report by policy and procedure management company Clausematch reveals a startling statistic: 57% of compliance teams have witnessed their budgets being reduced or their transformation efforts put on hold due to current market trends.
This tightening of the purse strings comes at a time when you’re already grappling with the herculean task of navigating the aftereffects of the pandemic, alongside a surge in regulatory scrutiny.
According to Gartner, compliance leaders must now achieve more with less, optimizing the resources at their disposal amidst economic challenges that add volume and intricacy to their workloads.
The Thomson Reuters “Cost of Compliance” report illuminates the crux of the issue: while 45% of surveyed entities confessed they do not track regulatory compliance costs, a significant 70% anticipate a rise in regulatory information.
This forecast is not matched with a corresponding optimism about budget increases, painting a difficult picture for compliance departments expected to do more with less.
Accenture’s study corroborates this sentiment, noting that compliance executives are caught between the imperative to invest in personnel and technology and the harsh realities of cost constraints.
It’s a high-wire act of balancing competitive demands against compliance mandates, with little room for error. The study further discloses that 72% of respondents have not seen an uptick in their compliance technology budgets over the past year.
The scene is set for compliance programs to innovate or falter.
In this lean era, the onus is on compliance leaders to champion efficiency, harness technology, and embrace agility.
As the regulatory landscape grows more demanding, the true test will be how you reinvent your strategies to uphold the integrity and resilience of your organization.
It’s a challenge that will not only test your acumen but will also redefine the contours of corporate compliance.
Embracing Change and Innovation: Navigating the Future of Risk and Compliance in 2024
The landscape of risk and compliance in 2024 presents a complex mosaic of challenges and opportunities.
As compliance professionals, we are at the forefront of navigating through a rapidly evolving regulatory environment, intensified by advancements in technology and global economic pressures.
The advent of stringent AI regulations heightened cybersecurity threats, and the emerging importance of corporate sustainability underscores the need for agility and innovation in our approaches.
The integration of artificial intelligence and automation in compliance practices is not just a trend but a necessity.
These technologies offer unprecedented opportunities to enhance efficiency, reduce manual workload, and streamline compliance processes. The proactive adoption of these tools will be crucial in managing the increased regulatory demands and complexity of our roles.
Moreover, the global nature of these changes, particularly in AI regulation and sustainability, emphasizes the need for a more holistic and internationally aware compliance strategy.
Staying informed and adaptable will be key in ensuring that our organizations not only meet the required standards but also leverage these changes to gain a competitive edge.
As we brace for a year of more complexities and tighter budgets, our resilience, innovative spirit, and commitment to upholding the highest compliance standards will define the success of our organizations.
The journey ahead may be challenging, but it is also ripe with opportunities for growth and transformation.