Top 6 Trends for Compliance Officers to Consider in 2023

“How’s work?” It’s one of the most common questions I was asked during this year’s holiday festivities. Unfortunately for those who ask me this question rhetorically, I love to talk compliance – and I have a lot to say in response to that question. For me “work” is mission-driven and mission critical for organizational culture and for life.

It’s been a busy year, for compliance professionals especially. Many of us spent more time than we care to admit addressing new regulatory requirements, supply chain challenges, and cultural conflicts, many of which are residuals from the COVID-19 pandemic. We had to meet the new risks presented by an increasingly hybrid workforce. And educate on how to protect our organizations from the increasingly present data privacy and cybersecurity threats.

Don’t get me wrong, it’s been “fun” — eventful to say the least — however, many of us have only had time to be reactive. Yet to truly build a world-class compliance training program in 2023, compliance officers need to be proactive.

So, let’s look forward together. Below, find some of the top trends that compliance officers should be looking toward in 2023.

Most organizations measure their digital transformation efforts by the return on investment these efforts provide. Because compliance training isn’t typically a revenue generator (it never is!), it may not receive the same attention as other parts of a business. But between ever-changing regulatory requirements and increasing complexities in the way we approach work, it’s become clear that this point of view needs to change.

In 2023, more organizations will move away from storing compliance training data in Excel spreadsheets – and further toward digitization. This won’t be easy; but when the difficult process of digitization is complete, organizations will gain efficiencies they never thought possible. Not only that, but they will be able to scale a more effective and efficient compliance program by reaching more people with training than ever before – when, and where, and how they need to be reached.

Hot Take: Digitization is about the data. When we use data as a starting point to see and understand the key trends in our workplace, it is then that we can think critically about these trends, identify root causes, and be proactive in getting ahead of any potential risks.

Compliance officers tend to look at the supply chain through the lens of third-party due diligence. That is, we conduct “background checks” to better understand our suppliers: Are they corrupt? Do they pay to play? Do they associate with shady people?

However, recent European regulations suggest that we should dig deeper. The list of things we need to know about our supply chain is increasing to the point that we need to fully understand our supply chain’s footprint and impact. What do they do? How do they do it? To whom do they do it with? Specific questions might include:

• What are the human rights practices of our suppliers?
• Where do they get their raw materials?
• What is their stance on child labor?
• Are they environmentally friendly?
• Do they have proper controls in place?

On January 1, 2023, the German Supply Chain Due Diligence Act will take effect. It will require all companies with head office, principal place of business, or administrative headquarter in Germany – with more than 3,000 employees in Germany – to comply with core human rights and certain environmental provisions in their supply chains. From 2024, the number of employees will be lowered to 1,000. Switzerland, The Netherlands, and the European Union also have drafts of this type of regulation in the books.

Hot Take: We might be getting ahead of ourselves with this one. While this issue is extremely important and necessary, compliance professionals have yet to get foundational supply chain issues like anti-bribery and corruption diligence right. Yet, we’re being asked to figure out how to operationalize new requirements – often without a budget, regulatory oversight, or appropriate resources. It will take some thought. But, compliance professionals are in a unique position to take a stand on human rights issues – implementing controls to ensure that human rights are not violated on their watch. We need to be proactive in defining and addressing the problem.

Skillsoft recently moved our environmental, social, and corporate governance (ESG) efforts forward with the launch of our first annual impact report, “Living Our Values: A Responsible Business for a Sustainable Future.”

As we compiled the report, we realized just how many stakeholders are involved – both in defining and advancing our efforts, and in consuming the information. ESG pressures are coming from every direction: customers, partners, employees, investors, and society as a whole. But where do you start? Who leads it? What infrastructure is needed to ensure its successful?

While many ESG initiatives are voluntary right now, government regulations in the United States and Europe are evolving rapidly. That’s why a focused approach to ESG is fast-becoming a corporate necessity. But how does creating value through ESG initiatives go hand-in-hand with mitigating risk as part of an effective compliance training program? Does it?

In 2023, if you haven’t already, compliance officers need to help their organizations figure out who owns ESG, how to create a sustainable program around it, and what will reporting look like, among other things.

Hot Take: At the very least, compliance professionals can look to ESG initiatives to help identify and manage overlapping risks and minimize blind spots. And while compliance will most certainly serve as an input to your organization’s ESG efforts, ownership is still to be determined depending on your organization and where you are in your ESG journey.

Humans and animals are intelligent creatures. So, when systems or machines mimic human intelligence, we refer to that as artificial intelligence (AI). From developments in predictive analytics, the launch of better automated systems, and use of digital avatars, AI capabilities are improving every day across industries around the world. But as organizations increasingly rely on AI, compliance officers must start thinking about AI ethics. How can we ensure that we are developing and using AI responsibly?

Potential AI issues for our consideration in 2023 might include:

• Safety. Are AI technologies aligned with human values, and will use of AI technology put human beings in harm’s way?
• Security. Is your organization sure that the data used to fuel its AI initiatives is accurate and clean, and that no one has tampered with it?
• Human concerns. Does the use of AI reduce human beings’ control over their own lives? Will AI displace human jobs? Will AI impede human social and survival skills?
• Environmental considerations. There are many ways that AI may improve environmental sustainability – from managing the supply and demand of renewable energy to reducing traffic congestion and air pollution. But are we ready to address issues related to planning, accountability, transparency, or bias?

Hot Take: Though it is important to consider the ethical implications of artificial intelligence, compliance professionals are just one piece of the puzzle. Certainly, we need to educate ourselves on the potential risks and weigh in on our AI policies and guidelines to ensure they are built with an ethical lens, but at the end of the day our role is primarily monitoring and enforcing – and probably not owning this issue on behalf of our organization.

Even if an organization is not physically located within the European Union (EU), it must still comply with GDPR if it handles personal data that is identifiable to a resident that is located within the EU.

Right now, GDPR impacts companies based in the U.S. because it is designed to protect the personal data of individuals. And as U.S. data privacy law evolves, global companies may be able to take learnings from their European divisions and replicate some of the best practices in the U.S. And we must learn now. Because although only five states have comprehensive consumer data privacy laws, consumer data privacy is showing to be a trend other states plan to adopt and enforce.

Hot Take: How can organizations comply with data privacy laws as they evolve? In the U.S. we need to take a consumer-facing approach and educate individuals on their rights as it concerns their personal information. We also need to make sure our companies respect those rights.

Wow! What a year 2022 has been with respect to investigation and enforcement for regulatory agencies. And it’s only going to increase from here.

Think about this: The SEC reported over 12,300 tips of potential wrongdoing in 2022 and it filed 760 enforcement actions, up 9% from 2021. The Department of Justice has made clear that it is hiring more prosecutors and intends to aggressively root out bad companies and individuals within those companies. And the Serious Fraud Office in the UK has secured its largest fine in its 35-year history.

So, what does this mean for 2023? Compliance officers need to ensure they are keeping a clean house; your compliance program must consider whether it is effective and ask the appropriate questions – taking the appropriate actions to ensure a culture of compliance.

Why? Because what we can expect in 2023 are more prosecutions and higher fines. More cross-border cooperation and more, more, more.

Hot Take: Properly resource your compliance program. In the words of Kenneth Polite, Assistant Attorney General for the Criminal Division at the DOJ: “Support your compliance team now or pay later.” Train your employees and your directors on what is expected of them and how to do the right thing—in the role they play. And be thoughtful in your approach.

By getting these trends on your radar now, you can begin to address them head-on rather than reacting to them in the moment. And the next time someone asks you – “How’s work?” – you’ll have a lot to say as well.

What are you looking forward to in 2023? Let us know.