Businesses are struggling to keep pace with the growing burden of compliance, according to a Thompson Reuters study.

Most organisations (73 per cent) said they expected the volume of regulatory change to increase over the next twelve months – 27 per cent said it would do so significantly. They also said balancing competitive and compliance pressures was reported as key challenge. Yet 45 per cent respondents did not monitor their cost of compliance with regulations across their organisations.

“Retaining skilled resources is seen as essential to deliver on a growing range of subjects with which the compliance function is involved,” the report said. “The recruitment of the appropriate talent comes at a cost, and the appeal of becoming a compliance officer has been reduced due to the potential for increased personal liability.”

Unfocused effort

Over the coming twelve months, compliance with cybersecurity (35 per cent) and data security (17 per cent) topped the list in KPMG LLP’s 2023 Global compliance risk benchmarking survey

In emerging areas such as ESG, only just over half of respondents said that they had clearly defined what it means to them. Most often, organisations had no policies and procedures in these areas. For example, only 44% said they had health and safety policies and procedures to address ESG risks and only 42 per cent had them for privacy and protection.  

“ESG has increasingly become an area of focus, but our respondents reveal a lack of consistency in addressing ESG risks. This inconsistency in approach can hinder the effective implementation of organisation-wide policies and procedures and lead to uncertainty among employees,” the report said. “Clearer guidance and communication are essential in navigating the complexities of ESG and ensuring successful integration into business practices.”

Data adoption

Most commonly (45 per cent), organisations had a patchwork of scalable IT systems and processes to use data analytics in this area: fewer than one in ten (9 per cent) said they were advanced. 

“The companies that self-identified as having ‘advanced’ data analytics programs were more likely to use data analytics in areas that relate to management of real-time business risk,” the report said. For example, they were almost twice as likely to report using data analytics to perform risk-based transaction monitoring and testing (89 per cent) than the average (47 per cent).