Published by Jessica Weisman-Pitts
Posted on September 12, 2022
5 min readLast updated: February 4, 2026
Add as preferred source on Google
By Jason Dess, Senior Managing Director, Global CFO and Enterprise Value Lead for Accenture and Samantha Regan, Managing Director, Strategy & Consulting, NA Risk and Compliance Lead, CFO & Enterprise Value for Accenture
Over the past decade, growing uncertainty in our business landscape has reinforced the need for identification and management of risk to meet our desire and need for financial and operational stability and resiliency. Complicating matters, today’s risks are complex and multi-dimensional – from cybersecurity and privacy to ESG – requiring new skills, fresh thinking and a holistic response from companies.
As businesses look to enhance their operating models, their transformation efforts become increasingly more invasive and challenging, exposing organizations to increasing levels of compliance-based risks. Managing these risks to support operational resilience and a sustainable agenda have never been more critical. And having a resilient compliance function has never been more important.
What are the risks?
Before risks and vulnerabilities can be reduced, they first need to be identified. According to recent research from Accenture, compliance leaders don’t have the resources they need to identify and manage risk. For example, more than half of the respondents (52%) said they do not have enough data and information to identify and properly assess business exposure to third-party risks, and 46% said they do not have the time to review all the available data. And, with new and emerging risks and exposures to their business, from cyber to ESG to privacy, demand on executives to identify and understand the compliance challenges is only increasing.
Privacy risk management and violations of consumer privacy rights are seen as the top priorities for compliance departments, both now and in the year ahead. These concerns are the “riskiest” risks, as 58% of compliance departments are currently outsourcing consumer requests on data privacy issues to drive compliance efficiencies. This demonstrates how appropriate corporate behavior has been magnified by an increasingly complex global regulatory and enforcement agenda.
What needs to change?
First, Chief Compliance Officers (CCOs) need to adopt new mindsets and approaches to mitigate these risks, including building new foundations based on automated processes and technologies and by rethinking how they deliver enterprise-wide services to be more responsive to rapidly shifting business needs. Additionally, to keep pace with the rapid evolution of business and cybercrime, compliance officers need to align themselves with regulatory expectations and identify risks so they can advise business leaders appropriately, while also emphasizing the need for increased investments in technology budgets.
Investing in technology and cloud-based platforms is critical to help companies facing compliance risks. In fact, more than nine in ten compliance leaders (93%) we surveyed believe that new technologies like AI and cloud make compliance easier by automating tasks, removing human error and making the overall process more effective and efficient.
For example, telecommunication companies can establish an end-to-end data discovery lifecycle process to identify and remediate unprotected sensitive data. This comprises an advanced scanning strategy to effectively locate sensitive data quicker. By taking a proactive approach to compliance assessment, companies can avoid losing millions of dollars in breach risk.
Although these advances help compliance officers to create efficiencies that were not previously possible, it is important to note that tech challenges are worsened by insufficient investments—something noted by one-third (37%) of compliance leaders we surveyed. By properly focusing on and investing in technology and tech skills, CCOs, Chief Risk Officers (CROs) and their teams can better assess and respond with greater pace and confidence to the risks and compliance challenges their companies face.
What role does compliance play?
As compliance departments continue to evolve, it is vital that all parts of the business communicate and collaborate on firm-wide risk management activities and efforts to align risk processes internally. Leaders already recognize this importance, and businesses have made significant strides toward establishing a working process; 95% of compliance leaders we surveyed said they have built or are building a culture of compliance to ingrain a shared sense of compliance responsibility across the enterprise. However, many compliance officers feel a greater emphasis on the function’s stature is needed to truly strengthen compliance; in fact, 61% percent of them identify the need to increase investments in compliance over the next two years.
What’s next for compliance risk?
By having an efficient and improved compliance function that is data-based and tech-driven, organizations are well-poised to assess and address the risk challenges and exposures they face. Complex threats from a variety of new sources require a new skills approach and an all-encompassing response to mitigating risk. For example, as employees and third-party vendors continue to access systems via remote networks from locations around the world, it is vital that companies’ networks and data are constantly monitored and updated to uphold security and data protection. In response, many compliance executives (48%) we surveyed are turning to big data and analytics to strengthen their compliance function, and 54% believe that AI and ML technologies will reinforce the agility of compliance measures put in place.
The ever-changing business environment, and its associated risks, reaffirms the essential role fulfilled by CCOs and CROs. When these executives are included in C-Suite decision making and operate as a more proactive partner to the business, resiliency is built across the organization through judicious investments in technology and well-rounded compliance practices. These investments and strong compliance leadership are critical to fostering a holistic compliance function able to respond to mounting issues and risks, accelerated change and an expanded compliance agenda with agility and pace.
Compliance refers to the process of ensuring that a company adheres to legal standards, regulations, and internal policies to avoid legal penalties and maintain ethical standards.
Risk management is the identification, assessment, and prioritization of risks followed by coordinated efforts to minimize, monitor, and control the probability or impact of unforeseen events.
Cybersecurity involves protecting computer systems, networks, and data from theft, damage, or unauthorized access, ensuring the confidentiality, integrity, and availability of information.
Operational resilience is the ability of an organization to continue delivering services and products during and after disruptive events, ensuring stability and recovery.
Technology investment in compliance involves allocating resources to tools and systems that enhance the effectiveness and efficiency of compliance processes, such as automation and data analytics.
Explore more articles in the Business category
