Compliance Trends Survey Report India edition. July 2015

Similar documents
In Focus: 2015 Compliance Trends Survey

U.S. CFO Program The Four Faces of the CFO Deloitte Touche Tohmatsu

Compliance in motion A closer look at the Corporate Sector. Deloitte Risk Services March 2015

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

February Audit committee performance evaluation

COMPLIANCE WEEK. In Focus. Compliance Trends Survey A collaboration between Deloitte and Compliance Week August 2013

HR Business Partnering A Custom Approach

Risk committee performance evaluation

For Private circulation only Creative. Clear. Focused. Forensic Services

Henkel s Compliance Management System (CMS)

STAYING AHEAD OF THE PACK: EMERGING TRENDS & ISSUES WHISTLEBLOWING AFTER DODD-FRANK: A NEW WORLD

Take the right steps 9 principles for building the Risk Intelligent Enterprise

Fifth annual survey. Look before you leap Navigating risks in emerging markets

EMEA TMC client conference Using global tax management systems to improve visibility and enhance control. The Crystal, London 9-10 June 2015

Disclosure compliance system Seven questions directors should ask

Medicaid Enterprise Data Governance Approach. MESConference August 21, 2012 Rashmi Menon, Deloitte Consulting LLP

Environment Sustainability and Highways

Stakeholder Engagement

Centre for Corporate Governance. Managing the business risk of fraud: New guidance for a new risk environment

The Companies Act Audit requirement and other matters related to the audit

Moving Forward with IT Governance and COBIT

Deloitte Risk Services B.V. Cyber & Privacy Advisory. Deloitte Cyber & Privacy Risk Services Data Breach Management

Vendor Management. Minimizing Value Leakage. Deloitte Consulting LLP. November 19, 2013

The Internal Audit fraud challenge Prevention, protection, detection

NamCode. The Corporate Governance Code for Namibia

Managing Risk Beyond a Plan's Direct Control: Improving Oversight of a Health Plan's First Tier, Downstream, and Related (FDR) Entities

ARMA: Information Governance: A Revenue Source Potential

Achieve. Performance objectives

Mission Statement. Vision. Values. Introduction

Perspectives on the Future of Financial Advice (FoFA) Deloitte Deloitte Actuaries & Consultants Limited

TSMC 2012 Corporate Social Responsibility Report 4. Corporate Governance

Location of the job: CFO Revenue Assurance

January Sample audit committee charter

Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach

Corporate Code of Ethics

Key Trends, Issues and Best Practices in Compliance 2014

Sprint with Scrum and get the work done. Kiran Honavalli, Manager Deloitte Consulting LLP March 2011

Qualification in Internal Audit Leadership (QIAL ) Exam Syllabus

Charity Audit Committee performance evaluation Self assessment checklist. October 2014

HR Function Optimization

EPA Victoria Engagement Policy ENVIRONMENT PROTECTION AUTHORITY

Is business ready to grow? How human capital and talent technology are influencing global business

The Board s role in anti-corruption compliance

Clear, transparent reporting The new auditor s report

Corporate Governance in the ATP Group

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.

PRIORITIZING CYBERSECURITY

BPM 2015: Business Process Management Trends & Observations

KNOW YOUR THIRD PARTY

5 th ISACA Athens Chapter Conference

Management consulting services. Consulting, 2015

Broker-Dealer and Investment Adviser Compliance Programs

February Sample audit committee charter

Global Tax and Legal September OECD s BEPS initiative a global survey Multinational survey results

Anti-Money Laundering controls in Mergers & Acquisitions

Extract of article published in International HR Adviser magazine The role of HR in global mobility

Annual Compensation & Benefits Trends Survey India FY

2013 Global Contact Center Survey Results

Samsung Engineering Co., Ltd.

APEC General Elements of Effective Voluntary Corporate Compliance Programs

Business Ethics and Compliance in the Sarbanes-Oxley Era A Survey by Deloitte and Corporate Board Member Magazine

Deloitte 2010 lease administration benchmarking survey

Sample risk committee charter

Whitepaper. Beyond Compliance: Implementing Effective Whistleblower Hotline Reporting Systems

Deloitte Forensic Protecting your business in the Banking sector

July New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity

ADMINISTRATIVE MANUAL Subject: CORPORATE RESPONSIBILITY Directive #: Present Date: January 2011

the role of the head of internal audit in public service organisations 2010

2014 Financial Services Industry Compliance Benchmark Study

Ethics and Compliance Training

Privacy by Design Setting a new standard for privacy certification

Auto insurance telematics The three-minute guide

Audit, Risk Management and Compliance Committee Charter

2015 UCISA Award for Excellence Entry

Appointment of the audit committee and independence requirements

Corporate Governance. R esponse. T arget. A ddress. M anagement

Securing tomorrow today Achieving enterprise technology and 'big data' solutions that support the tax lifecycle

Aligning Compliance Program Priorities with Business Objectives

The Companies Act The Social and Ethics Committee and the management of the Ethics Performance of the Company

Advance Pricing Agreement Frequently Asked Questions

Fraud Risk Management providing insight into fraud prevention, detection and response

National Association of State Comptrollers. Architecting a New State Operating Model for the Future. March 12, 2015

California Mutual Insurance Company Code of Business Conduct and Ethics

The SEC's New Whistleblower Program: What It Means for Companies and How to Respond. July 22, 2011

2016 The global ABB integrity program.

A Framework for Managing Crime and Fraud

Quality Assurance Checklist

R&D and Government Incentives Tax & Legal. Financial affairs R&D tax relief opportunities for financial services companies

Business Intelligence Services Identifying what s beneath the surface

GOVERNANCE, RISK AND COMPLIANCE. Internal Audit. Assessing Fraud Vulnerabilities. kpmg.com/in

The Role of Internal Audit in Risk Governance

NCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation

Quality Management System Manual ISO9001:2008

THIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s

Implementing Practical Information Security Programs

Ethics Everywhere Jones Lang LaSalle Incorporated Annual Report for Calendar Year 2013 Program

INSTITUTIONAL COMPLIANCE PLAN

Does Fraud Matter? ASIS Middle East Security Conference and Exhibition Dubai, February 16, Torsten Wolf, CPP Head of Group Security Operations

Corporate Resiliency Managing g the Growing Risk of Fraud and Corruption

Managing the message. Businesses brace for new digital marketing compliance requirements

Transcription:

Compliance Trends Survey Report India edition July 2015

Contents Executive Summary 2 Compliance Structure 3 Do CCOs have enough authority? 4 Are CCOs addressing the right risks? 5 Are CCOs using the right metrics? 6 Types of compliance program reporting 7 Do CCOs have effective IT systems in place? 8 Methodology 10 2015 Compliance Trends Survey Report India Edition 1

Executive Summary Key takeaways from the 2015 Compliance Trends survey are as follows: 62 percent Indian organizations have a designated Chief Compliance Officer (CCO) as compared to 70 percent global organizations. Only 26 percent Indian respondents have a full-time CCO as compared to 58 percent respondents globally. Also, 51 percent companies have a staff of five or fewer employees. We expect companies would need to invest more in their compliance function and increased number of companies will have a full-time CCO, given the heightened expectations under the Companies Act and enhanced regulations. Welcome to the India edition of 2015 Compliance Trends Survey report that gauges the scope and complexity of the modern corporate compliance function among Indian companies. Through the survey, we have tried to answer a common question: how do compliance functions efficiently and effectively manage the risks associated with the increasing demands of numerous stakeholders and position themselves for success in the future? The need for a strong corporate compliance function and an understanding of what that strong function should look like has become important like never before with increased regulations and expectations under new Companies Act. The results from the Compliance Trends 2015 report, show that many Indian companies increasingly acknowledge this idea. However, in many cases, surveyed companies still aren t investing enough to support a strong compliance function in practice. The report shares insights from Indian respondents and the findings have been compared to overall global survey submission. Only 14 percent organizations outsource or co-source their employee and ethics hotline as compared to 39 percent organizations globally. We see increasing trend for compliance needs outsourcing in India especially in compliances by third party service providers, given the growth of outsourcing in India consistent with global trend. Approximately 92 percent respondents mentioned Code of Conduct as a key area of priority of the compliance function as compared to the global figure of seventy three percent. However, Indian companies still need to focus on compliance training, compliance strategy processes, and policy management as they are lagging behind in these areas as compared to global companies. The number of organizations who measure the effectiveness of their compliance programs continues to increase to 57 percent but there is still a long way to go. The most common metrics used by CCOs to gauge effectiveness are internally focused: internal audits, analysis of self-assessment results, feedback from employee ethics survey, etc. Almost 16 percent of respondents were not confident that their IT systems captured and reported all compliance data necessary to get a good sense of effectiveness. That might be because many compliance tasks policy management, document management, risk assessments, regulatory reviews still rely heavily on desktop software applications. 2

Compliance Structure The effect of Companies Act requirements has started showing as evident from the fact that 62 percent of the Indian respondents said that they have a designated chief compliance officer in their organization. However this needs to be looked at also from the perspective that only 26 percent of respondents said that their company now has a stand-alone chief compliance officer as compared to 58 percent companies in the global survey. This is a potential area of growth for Indian companies. Which departments or functions serve on the management-level Compliance Committee? (Please select all that apply.) Legal 5 59% Top compliance officers generally have the right reporting lines to maintain their independence. For India, 48 percent CCOs report to the CEO where as 22 percent report to the board. Globally only 36 percent report to CEO and twenty one percent to the board. Almost 78 percent of respondents believe that one or more departments or functions serve on the management-level compliance committee. Legal and Finance top the charts with 59 percent of their members in the management-level compliance committee. Finance Internal audit Operations/business unit leadership 22% 52% 59% 4 3 4 Human resources 41% 3 Risk management 3 3 IT 30% Other 14% Don t have a compliance committee 24% Not applicable/ Don't know 7% Global India 2015 Compliance Trends Survey Report India Edition 3

Do CCOs have enough authority? We start with a Chief Compliance Officer s (CCO) authority that is, the ability to work with executives at the highest level of the organization. More than half of respondents (52 percent) said the CCO hold a seat on the executive management committee, outnumbering the 22 percent who don t. The data suggest India is at par with the global average when it comes to CCOs having a seat in the executive management committee, suggesting their participating in high-level discussions in creating a robust risk intelligent and compliant organization. Does the CCO hold a seat on the executive management committee? Yes No 22% 3 51% 52% But does the compliance function has the wherewithal, resources and authority to carry out this objective? There is significant scope for improvement here. Over 43 percent organizations have designated compliance officers in their subsidiaries, business units and geographies while an equal number denied having the same. In enterprises that have this structure, the enterprise CCO provides oversight to subsidiaries, business units or geographies compliance officers in forms of periodic meetings with professional development, input on goal setting and input on performance evaluation. Do not have an executive management committee Not applicable/ Don't know 1 1 Global India Compliance program reporting provided by the CCO to the board and/or executive management majorly include compliance violations, compliance issue resolution tracking status and compliance. 4

Are CCOs addressing the right risks? Indian organizations are catching up with global organizations in terms of performing enterprise wide compliance assessments. 78 percent Indian organizations perform an enterprise-wide compliance risk assessment with 43 percent of them doing it on an annual basis. 59 percent Indian organizations outsource or co-source one or more compliance activities compared to 66 percent of global organizations. Third-party compliance risk management is the most outsourced or co-sourced compliance activity. Only 14 percent Indian organizations outsource or co-source their employee and ethics hotline as compared to 39 percent global organizations. 24 percent organizations do not outsource any of their compliance activities. 16 percent respondents feel that conducting internal compliance audits/reviews is the most challenging aspect of organization s program for managing compliance risk followed by 14 percent respondents who selected monitoring compliance with policies and third-party compliance risk management. Approximately 92 percent respondents mentioned Code of conduct as an area of responsibility of the compliance function. Other areas include complaints and whistleblower hotlines, anti-bribery/ anti-corruption/anti-fraud programs, regulatory and internal compliance investigations, etc. An interesting finding is also that figure (68) percent Indian respondents suggested regulatory findings and reports as one of the key areas of compliance, which far exceeds the global data where only 46% considered this as one of the key areas of focus for the compliance function. Which area(s) is the compliance function responsible for your organization? (Please select all that apply.) Compliance training Code of conduct Complaints and whistleblower hotlines Regulatory and internal compliance investigations Conflicts of interests Ethics program Anti-bribery/ anti-corruption/ Compliance strategy processes Enterprise-wide compliance risk Independent compliance monitoring and testing Policy management Issue escalation and reporting Establishing and monitoring standards for business conduct Monitoring resolution of audit and Advisory of emerging regulatory issues Third-party compliance management/mitigation Regulatory filings and reports Privacy programs Regulatory relationship management Anti-money laundering programs Records and information management Communications Culture assessment Other 77% 59% 7 92% 71% 7 6 70% 6 6 6 6 61% 7 61% 4 60% 51% 57% 46% 56% 46% 56% 49% 5 49% 54% 49% 52% 41% 49% 51% 46% 6 42% 32% 41% 51% 40% 3 3 4 3 32% 24% 14% 4% Global India 2015 Compliance Trends Survey Report India Edition 5

Are CCOs using the right metrics? The number of organizations who measure the effectiveness of their compliance programs continues to increase to 57 percent but there is still a long way to go. How does your organization measure compliance program effectiveness? (Please select all that apply) The most common metrics CCOs use to gauge effectiveness are internally focused: internal audits, analysis of self-assessment results, feedback from employee ethics survey, etc., analysis of hotline calls, completion rates for training programs. Metrics that incorporate external information say, reviews from regulators or benchmarks against peer groups are catching up. About 81 percent respondents were confident about the metrics they were tracking. In a related area, 16 percent were not confident that their IT systems captured and reported all compliance data necessary to get a good sense of effectiveness. That might be because many compliance tasks policy management, document management, risk assessments, regulatory reviews still rely heavily on desktop software applications. Analysis of internal audit findings Analysis of self-assessment results Completion rates for required compliance training Hotline call analysis Feedback from employee ethics surveys Disposition of internal investigations Analysis of regulatory reviews Independent evaluations by outside counsel and/or consultants Size of regulatory fines or penalties 6 67% 64% 76% 56% 3 50% 29% 4 57% 4 3 42% 4 39% 4 3 29% Comparisons to competitors or similar organizations Exception rates in compliance testing activities 24% 34% 3 3 Other 0% Global India 6

Types of compliance program reporting 96 percent respondents stated that the CCO provides one or more forms of compliance reporting to the board and/or executive management. What types of compliance program reporting does your CCO provide to the board and/or executive management? Compliance violation with 78 percent responses is the most prominent form of compliance reporting provided by the CCO to the board and/or executive management followed by compliance issue resolution tracking status at 74 percent. Apart from reporting results of regulatory compliance auditing or examinations, India is doing pretty well in terms of compliance program reporting. 70 percent Indian respondents chose the Compliance performance metrics reporting which is higher than global average of 63 percent. (Please select all that apply.) Compliance violations Results of regulatory compliance auditing or examinations Structure and performance of the compliance program Compliance issue resolution tracking status 52% 61% 79% 7 76% 76% 74% 74% Information on emerging compliance risks 57% 7 Regulatory fines and penalties 64% 61% Information on new laws and regulations Compliance performance metrics General reports on ethics and culture Employee disciplinary actions 52% 54% 52% 42% 4 6 6 70% Other 4% 9% Global India 2015 Deloitte Development LLC. All rights reserved 2015 Compliance Week and Wilmington plc 2015 Compliance Trends Survey Report India Edition 7

Do CCOs have effective IT systems in place? Please indicate which tools and technologies are used to support each component of organization s compliance program Training 19% 3 Conflicts of interest 3 14% 0% 24% Compliance monitoring, 41% 19% 27% Employee surveys 41% Third-party risk management 22% 14% 22% 14% Regulatory examination 27% 19% Case/incident management 4 14% 19% Measuring effectiveness 32% 19% 14% Tracking legislation or regulation 22% 24% 22% Policy development 51% Doc Management 4 19% Compliance Risk assessments 41% Enterprise resource planning (ERP) technology and tools Desktop tools No technology or tools used Internally developed tools Other third party technology and tools Not applicable/don't know According to the results, a well-crafted and executed employee survey is one of the best tools a CCO can use to determine how well-understood compliance risks and policies are, how effectively key messages reach the people on the front lines of compliance risk, and attitudes and perceptions related to ethics and compliance. In a few areas, India substantially lags behind global counterparts and extracting value from IT systems is not utilized optimally especially in areas such as incident management conflict of interest among others. 19% of Indian respondents don t have technology deployed in incident management as compared to global average of 9%. Similarly 24% percent Indian respondents don t have technology deployed in conflict management as compared to with global counterparts. Internally developed applications and tools are the most widely used to fulfil needs such as incident management, policy development, compliance risk assessments, training, etc. 8

Summary- The past two years have been a watershed period for all enterprises in India as the country deals with new paradigms and approaches about how risk and compliance is managed. The sudden increase in the regulatory enforcement in India has catapulted compliance risk on top of the board, management and audit committee agenda. Additionally, the regulatory regime in India continues to be complex requiring regular interactions with multiple regulators. The need for a strong corporate compliance function and an understanding of what that strong function should look like has become important like never before. With the increased transparency in terms of board level compliance reporting, there is still a long way to go to integrate compliance as a strategic partner in business. The CCOs will have an important role to play in executing organizational strategy. While the survey data shows a fairly clear trend toward a more empowered CCO with a higher position in the organization, concerns, and challenges related to subsidiary compliance organizations appear to persist. Perhaps with the stronger alignment of the CCO with executive management, the newfound authority may position CCOs to make progress in these areas in the coming year. 2015 Compliance Trends Survey Report India Edition 9

Methodology The 2015 Compliance Trends Survey was conducted by senior Compliance Week editors and Deloitte & Touche LLP in the US in November 2014, and then pushed out to an audience of senior-level corporate compliance, audit, risk, and ethics officers worldwide from December 2014 through mid-march 2015. The survey produced 370 responses globally. Any submission where the respondent s title was not directly related to corporate activities ( partner or administrative assistant, for example) was excluded from the data analysis. The result was 364 qualified responses from senior-level executives, working in ethics, compliance, audit, risk management, or corporate governance. Of those 364 respondents, 37 were from India. 17 percent Indian respondents held the title of CCO, chief ethics officer, or chief ethics and compliance officer; 6 percent held some other C-level title (chief risk officer, chief audit executive); 20 percent held a variety of titles at the vice president level; and the rest held a range of other titles (director of business conduct, director of anticorruption audit, deputy compliance officer, business unit compliance officer, and the like) The survey also went to a wide range of industries. Of the 37 responses, the single largest industry groups represented was consumer & industrial products at 19 percent. Next were technology, media and telecommunications and financial services industry at 14 and 11 percent respectively; and a range of other industries trailing behind. This was a self-reported survey from Deloitte & Touche LLP and Compliance Week s audience of ethics & compliance professionals. The data used are from third-party sources and neither Deloitte & Touche LLP nor Compliance Week have independently verified, validated, or audited the data reported by survey takers. 10

2015 Compliance Trends Survey Report India Edition 11

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms. None of DTTIPL or its affiliate entities (Deloitte Network) are by means of this survey or the survey results, rendering professional advice or services. Neither this survey nor the survey results is a substitute for any kind of professional advice or services. The Deloitte network is not responsible for any loss whatsoever sustained by any person who relies on this survey or the survey results.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information