Our thinking

2023 Global compliance risk benchmarking survey

In collaboration with

KPMG

 

Industry perspectives on the state of compliance today and effective strategies for managing compliance risk within the changing regulatory landscape

 

Introduction

Darryl Lew
Partner
White & Case LLP
T: +1 202 626 3674

Matthew McFillin
Partner, Forensic Services
KPMG LLP
T: +1 267-256-2647

In today's fast-paced and interconnected world of global business, a robust and comprehensive compliance program is not merely a choice, but a critical imperative for any organization. Drawing on the opinions of 201 senior decision-makers from more than 30 countries.

White & Case LLP and KPMG LLP's "2023 Global compliance risk benchmarking survey" offers powerful insights into compliance practices across industries worldwide and strategies employed by companies to manage their compliance risks—from anti-corruption risk assessments, third-party management and employee risk awareness to environmental, social and governance (ESG) practices and cybersecurity.

Among the key findings are the importance of regular anti-corruption risk assessments and robust third-party management practices—essential components for creating a culture of compliance and transparency.

Use of data analytics is gaining momentum in compliance programs, though many companies are still in the developmental stage. Testing anti-corruption programs for effectiveness is crucial, as is consistent measurement of hotline awareness and effectiveness, along with addressing employee concerns about hotline integrity.

ESG has increasingly become an area of focus, but our respondents reveal a lack of consistency in addressing ESG risks. This inconsistency in approach can hinder the effective implementation of organization-wide policies and procedures and lead to uncertainty among employees. Clearer guidance and communication are essential in navigating the complexities of ESG and ensuring successful integration into business practices.

Looking ahead, cybersecurity takes center stage as the top compliance priority for the next 12 months, as safeguarding sensitive data and proactively addressing digital threats become more important than ever.

By proactively addressing these compliance challenges, organizations can ensure ethical business practices, mitigate risks and safeguard their reputation in an increasingly complex regulatory environment. We hope you will find our "2023 Global compliance risk benchmarking survey" an insightful read.

Key insights at-a-glance

Drawing on the opinions of 201 senior decision-makers from more than 30 countries, White & Case LLP and KPMG LLP's "2023 Global compliance risk benchmarking survey" offers insights into compliance practices across industries worldwide and strategies employed by companies to manage their compliance risks—from anti-corruption risk assessments, third-party management and employee risk awareness to ESG practices and cybersecurity.

In today’s fast-paced and interconnected world of global business, a robust and comprehensive compliance program is not merely a choice, but a critical imperative for any organization

Key insights at-a-glance View full image: Key insights at-a-glance (PDF)

Global compliance risk benchmarking survey: ABC risk assessments

Read 2 min. article
tea garden

Global compliance risk benchmarking survey: Third-party management

Read 7 min. article
labyrinth garden

Use of data analytics in compliance programs

Read 2 min. article
mountain tea garden aerial

Global compliance risk benchmarking survey: Monitoring and review

Read 2 min. article
labyrinth

Global compliance risk benchmarking survey: Compliance escalations

Read 6 min. article
maze aerial view

Global compliance risk benchmarking survey: ESG

Read 6 min. article
garden maze

Impact of remote working on compliance and investigations

Read 2 min. article
aerial view of tea plantation

Looking to the future: Cybersecurity tops the list of compliance priorities for the next 12 months

Read 1 min. article
garden maze

Survey methodology and demographics

Read 1 min. article
corn maze
labyrinth

Global compliance risk benchmarking survey: Monitoring and review

In collaboration with

KPMG

Insight
|
2 min read

Key Takeaways

01

Most companies review the content of their anti-corruption programs, but do not test the programs regularly for effectiveness

02

Larger companies prefer to test on a periodic or annual basis, with periodic testing being more popular overall

03

Smaller companies tend to test on an ad hoc basis, if at all

04

A minority of companies use sophisticated techniques to test anti-corruption program effectiveness

Slightly more than half of companies report testing the effectiveness of their anti-corruption programs on a regular basis

Important elements of an effective compliance program are periodically reviewing the contents of the program against evolving risks and regulatory requirements, and monitoring/testing the program to identify and improve deficiencies. While a significant majority of companies (74%) reported regularly reviewing the content of their anti-corruption programs, only 55% regularly tested their programs for effectiveness.

Notably, 9% of companies stated that they have never tested the effectiveness of their anti-corruption program.

Responses also show uncertainty among companies regarding the frequency of anti-corruption program reviews and testing, with 12% of respondents unsure of the frequency of anti-corruption program reviews, and 15% of respondents unsure of the frequency of compliance program testing.

How often does your organization…(PNG) View full image: How often does your organization… (PDF)

Anti-corruption program testing: trends by company size

The largest companies prefer to test on a periodic or annual basis.

Three in four companies with revenues exceeding US$50 billion (75%) conduct periodic or annual testing, with 50% preferring periodic testing. No company in this size class reported "never" testing its anti-corruption program.

In comparison, smaller companies were more likely to test on an ad hoc basis, if at all. 16% of companies with less than US$1 billion in annual revenues reported "never" testing their anti-corruption program. Less than half (45%) of these companies perform periodic or annual reviews.

How often does your organization test the effectiveness of its anti-corruption program? (PNG) View full image: How often does your organization test the effectiveness of its anti-corruption program? (PDF)

A minority of companies use sophisticated techniques to test anti-corruption program effectiveness

Companies are more likely to use traditional anti-corruption program testing techniques including the use of internal audits (60%); review of compliance training and certifications (50%); and review of hotline usage (40%).

Conversely, less than one-third of respondents reported using more sophisticated techniques for evaluating compliance program effectiveness with respect to day-to-day operations, such as transaction testing (32%) and third-party audits (24%).

Only one in five (20%) said that they evaluate employee requests to Compliance and Ethics teams for consultation or approval.

How does your organization test the effectiveness of its anti-corruption program? View full image: How does your organization test the effectiveness of its anti-corruption program? (PDF)

White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.

This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.

© 2023 White & Case LLP

Service areas

Top