Skip to main content

Compliance modernization is no longer optional

How evolved is your approach?

Compliance strategy is about mitigating risk and adhering to rules set by external authorities. Internal mandates arising from new technologies, risk trends, ethics considerations, and line-of-defense coordination are creating opportunities for compliance modernization.

Compliance strategy modernization is no longer optional
6 MB PDF

The compliance evolution


Executing on day-to-day compliance activities is a struggle because reactive issues eat up time that might otherwise be used toward forward-looking risk mitigation. The evolution of business adds new pressures for chief compliance officers (CCOs) and their teams. At the same time, new capabilities emerge that can help these teams do more. For some organizations, across-the-board change is in order. Others may have evolved their programs already, but stand to benefit from a corresponding update to discrete capabilities.

For too long, many compliance professionals have been focusing on point solutions and analyzing tactical, transactional data in search of what went wrong. It is time for the compliance function to change its focus from hindsight to foresight and driving insight, teaming with the business to enable growth while at the same time mitigating risks. This will require investment in technology, adoption of improved processes, and deliberate focus on what data the business, risk, and operations can contribute to developing more predictive insights. This is not about building more, but rather taking a critical review of what exists and rightsizing administrative practices or bolt-on solutions in favor of a more strategic and rationalized approach.

For more information, please download the PDF or visit our topic page which further discusses Compliance Modernization.

Beyond the basics


In today’s practice, a “foundational” compliance program does far more than that theoretical minimum. Yet it remains at one end of a progression. Each organization can determine how far it needs to evolve—whether it wants a reliable compliance vehicle or a top racing model. But to enter the realm of value creation, few organizations can afford to stick with the status quo. As an organization moves along the curve, much more becomes possible.

Compliance modernization spans the way the function is governed; the tools, technology, and analytics it uses; the number and nature of its connections to other parts of the business; the expectations assigned to it; and more.

Modern building with curving roof and glass steel column.; Shutterstock ID 110371049; PO: LPX15962-01-01-0000; Job: Potentials for D.com; Other: Alexa Steinberg

The next phase


A compliance modernization program that combines new technologies and new approaches, keeping both of them in alignment with enterprise goals, can generate a measurable value proposition for the compliance function—and turn the CCO into a strategic partner.

With new capabilities, the compliance function can claim a renewed business case. It can deliver a positive return on investment (ROI), rather than merely justify itself as an expense of doing business. But to make this happen, organizations’ compliance strategy should be integrated and aligned with the overall business planning process. That’s the only way to make sure that the value compliance generates is consistent with the organization’s goals.

How can compliance ROI be measured?

  • Being proactive and predictive. How much of compliance’s ongoing testing and monitoring has been automated or enabled through analytics? Have the numbers of preventative controls or related risk mitigation routines increased year over year? Has this led to an increase in compliance adherence or reduced reputational and regulatory compliance risk?
  • Staying out of the penalty box (compliance effectiveness). Has compliance reduced the number of internal audit observations and findings, regulatory observations and issues, or the baseline volume or trend of customer complaints?
  • Efficiency of compliance. Do the first and second lines coordinate in testing activities, processes, or controls? Is the annual compliance testing plan completed each year with enough additional capacity to take on urgent requests?
  • Quantifying compliance’s value. Does compliance enable growth or opportunities for process optimization and/or control rationalization relative to risk mitigation and/or regulatory change?
  • Integration with the business. Is compliance helping the business use risk management to drive value by providing insights that contribute to effectiveness?
Metal design of an interior in a modern building in green light; Shutterstock ID 210166165; Cost Center: 12604; Purchaser: GB&Comms new images; Other: Joannie Sauvageau

The bottom line


In modernizing compliance, companies should be mindful of the difference between enhancement and evolution. Between a “more, better, faster” version of the old approach and a genuinely new version.

To reach the highest stage of evolution, a CCO has to embrace a new vision of where the compliance function fits in a company’s strategic and leadership picture. In this vision, “fewer negatives” are no longer a sufficient return on the investment the company makes in compliance. Instead, an evolved compliance function can help bring measurable, positive value to decisions it hasn’t always participated in—such as product lineup, market definition, and operational methods.

Every company and every compliance function have a starting point somewhere on this evolutionary scale. Wherever your company is starting and wherever it is headed, building value creation into compliance can help shape your progress.

Multi colored threads, red, yellow, green, blue

From an industry perspective: Consumer and industrial products

Consumer and industrial products industry compliance programs face remarkably similar pressures in one area: Expectations to outperform competitors while operating ethically. Uncover Deloitte's insights on outcomes of a modernized C&IP compliance program.

Download the Consumer and Industrial Products PDF

From an industry perspective: Life sciences

The pressures are mounting for life sciences companies from both regulators and patients: Increasing regulatory mandates, intense pressure on pricing and non-stop technological advancements. To thrive and take the lead, business leaders must address the new imperative head-on.

Download the Life Sciences PDF

From an industry perspective: Insurance

The pressures are mounting for chief compliance officers of insurance companies from both internal and external sources. Increasing regulatory mandates, perpetual talent squeezes, mounting demand for increased cost reductions, and a growing need for additional capacity for new and emerging risks and regulations are challenging insurance companies. To thrive and take the lead, business leaders need to address these issues head-on.

Download the Insurance PDF

Get in touch

Gina Primeaux

Gina Primeaux

Deloitte - Global
Previously, Gina served on the US Board Council. Her other prior leadership roles include US Fintech Industry Leader, US Regulatory & Legal Transformation leader, and US Ecosystems & Alliances leader. Prior to Deloitte, Gina was a bank examiner for the US Department of the Treasury. She is a Certified Fraud Examiner (CFE) and Certified Internal Auditor (CIA).
View Profile
Carey Oven

Carey Oven

Deloitte - United States
Carey Oven is a partner with Deloitte & Touche LLP and managing partner of Deloitte LLP enterprise leader development and succession. In her role, Carey leads the intentional planning, identification, development, and selection processes for top cross-business, enterprise-wide leaders of the Deloitte US firm. Carey has more than 30 years of client service experience and is a thought leader on topics of corporate governance, compliance, culture, talent, and risk.
View Profile

Did you find this useful?

Yes
No

Thanks for your feedback

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?