The pandemic has reshaped our lives in unimaginable ways. However compliance and regulation march on! Whilst compliance teams and regulators adapted to new, remote ways of working, 2020 saw widespread adoption of technology solutions accelerating compliance and regulation trends already in motion. Generally, regulators cut little slack and their message continued to be that firms must still meet their obligations. Innovation became the key. Identifying a few of the main compliance themes in 2020 – data privacy, invoicing and paperwork standards, climate, supply chain and operational resilience grabbed the headlines. The key question for organisations is how to keep up.
- EU data privacy laws, GDPR continue to challenge firms as the UK’s regulator, the Information Commissioner’s Office imposes heavy fines for breaches.
- PEPPOL makes advances in e-invoicing regulations across the world!
- Outbreaks of Covid-19 in Leicester’s clothing sweatshops and modern slavery risk put the spotlight on global supply chain compliance.
- The environment might be getting a short break, but no doubt regulation designed to affect climate change is here to stay and regulation tightened further in 2020.
- Regulation is a risk in itself for many organisations and the role of compliance has never been more important.
GDPR laws stretch compliance teams
New data privacy laws known as GDPR implemented two years ago and designed to protect the collection and use of customers’ personal data are a challenge for compliance as three companies found to their cost. The UK regulator, the Information Commissioner’s Office (ICO) fined British Airways, Marriott Hotels and Ticketmaster in a trend set to continue. All three firms sought to place the blame on third party providers which was rejected by the regulator. A consequence of this legislation being a requirement for organisations to beef up compliance processes in managing customer data. Whilst the main target of GDPR breaches by the ICO to date have been large, multinational organisations expect to see attention turn towards smaller businesses who should have implemented processes and procedures to ensure compliance when handling personal data. All organisations should ask themselves if they are truly GDPR compliant as a matter of urgency.
Towards a global e-invoicing digital paperwork regulation
PEPPOL, Pan-European Public Procurement On-Line, is an EDI (electronic data interchange) protocol, designed to simplify the purchase-to-pay process between government bodies and suppliers. PEPPOL connects via an open digital network designed to bridge the gaps between organisations on different systems and networks. Starting as a set of standards to ease trade between European governments, it evolved far beyond the original intention with the overall objective now being to enable simple, safe e-document exchange between public and private entities worldwide. Over 37 countries adopted it in their laws. Compliance teams need to ensure they are aware of PEPPOL and implementing it.
Supply chains get stretched
The pandemic strained supply chains during 2020 leaving many firms sourcing vital supply alternatives and managing new supply chain risk. Low pay, poor working conditions even Modern Slavery practices prevail in many sectors. The UK government announced proposals that will lead UK firms to face tougher new laws on modern slavery reporting. The Modern Slavery Act 2015, designed to ensure firms take compliance action steps to identify any possible risk in their supply chains has been strengthened and will be a mandatory requirement with enhanced governance. Whilst the legislation is yet to be passed, compliance teams need to plan now to ensure their firms meet the legal requirements.
ESG is still a top priority despite the pandemic
In 2019 Greta Thunberg became the icon for many as she challenged world leaders to take immediate action to reverse environmental destruction through climate change. The pandemic accentuated environmental issues for the public at large and Environmental, Social and Governance (ESG) policy became a hot topic for firms around the globe. Investors are increasingly applying these non-financial factors as part of their analysis process to identify material risks and growth opportunities. As a result, we have seen growth in sustainable finance initiatives from regulators around the world including regulation covering consumer protection, innovation and risk mitigation. The EU’s Digital Finance Strategy sets out strict rules and regulations to govern digital operational resilience and a new regulatory framework for cryptoassets.
Yet 46% of firms still don’t have an ESG policy and set of compliance procedures – is it time to start developing an ESG policy?
The vital role of Compliance in a pandemic
Compliance and regulation policies covered in this review were all in progress before the pandemic hit, regulatory change and heightened regulatory scrutiny around themes of operational resilience, production and delivery of products and services are identified as major areas of risk for 70% of companies. Firms are aware of how the plethora of regulations that have to be complied with is itself a risk. Failure in one area can lead to major business disruption and impact on its growth and innovation plans. Ultimately it is the organisation that has to implement them. In consequence, the compliance role has never been more important than now in keeping both a watch on what’s coming over the horizon and ensuring the organisation meets the laws and regulations it is subject to.