This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print this page

2014 Compliance Trends Survey Report


Deloitte and Compliance Week magazine recently released a joint survey report on key compliance trends in 2014. The annual survey, which is in its fourth year, included 209 responses representing a wide range of industries from America and around the world. Questions focused on three major issues:

  • Do compliance executives have the appropriate authority and resources to do their jobs?
  • Are compliance executives addressing the right risks?
  • Do compliance executives use the right metrics to measure progress?

This year’s survey found some level of improvement in all three areas; however, the results were a mixed bag and overall there is still a burning need for organizations to improve how they handle their compliance activities — particularly in light of today’s increasingly demanding compliance environment and the complex new requirements associated with laws such as the Dodd-Frank Act and Affordable Care Act.

Here are a few key survey findings from each of the three areas:

Authority and resources

  • 40 percent of organizations have compliance budgets of $1 million or less (including salaries)
  • 65 percent have fewer than 10 full-time people specifically focused on ethics and compliance
  • Only 50 percent have a standalone chief compliance officer (CCO)
  • Only 33 percent feel the compliance function is viewed as a business partner across the organization
  • 48 percent of CCOs do not hold a seat on the executive management committee

These survey results suggest that many organizations may be under-investing in compliance, both in terms of funding and staffing. The results also suggest that the compliance function continues to be under-represented in the C-suite, and in many cases does not have a direct hand in shaping business strategy or tackling strategic business issues.

Addressing the right risks

When respondents were asked to identify their compliance functions’ main responsibilities, the top four areas were: compliance training (87%), code of conduct (84%), complaints and whistleblower hotlines (81%), and compliance with domestic regulations (80%). These are all pretty standard, and the results closely align with previous years.

One rapidly emerging risk area is third-party compliance. In this year’s survey, 85 percent of organizations say they are starting to look at the compliance risks associated with their supply partners and other third-party relationships; however, only 5 percent have specific plans to reduce third-party risk. This is one area where the compliance function will likely play a much more active role in the future.

Metrics to measure progress

  • 23 percent of organizations do not measure the effectiveness of their compliance programs
  • 18 percent are not confident in their IT systems’ ability to fulfill all compliance and reporting requirements

The main types of compliance reporting are (1) compliance violations, (2) results of regulatory compliance auditing or examinations, (3) compliance issue resolution tracking status, and (4) structure and compliance of the compliance program. Most of these standard compliance metrics are backward-looking; however, the survey results suggest an emerging emphasis on forward-looking metrics such as hotline call analysis, which can help identify issues before they become problems. External benchmarking is another emerging metric area that organizations may be able to benefit from.

In today’s increasingly complex and demanding compliance environment, a strong and capable compliance function is more important than ever. This year’s survey results show that while organizations are moving in the right direction, they still have significant room to improve. 

To view the full survey report, please click here


Tom Rollauer
Executive Director, Center for Regulatory Strategies
Deloitte & Touche LLP


As used in this document, "Deloitte" means Deloitte LLP and its subsidiaries. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

Share this page

Email this Send to LinkedIn Send to Facebook Tweet this More sharing options

Stay connected