Companies should prepare themselves for more active regulators in 2021 and beyond. With Brexit now resolved, Biden in the Oval Office, and a desire by the EU to position itself as an environmental leader, we are likely to see increased regulations and more importantly, more active compliance officers.
A recent report by MetricStream outlined how the second biggest concern of compliance officers is “compliance violations and regulatory actions”. The report outlines the increasing risks of cyber security attacks as systems continue to grow in both size and complexity. At the same time, governments are becoming more active on privacy and data management legislation leading to more requirements for organizations and the digital services they offer. In short, both organizations and regulations are rapidly increasing their cyber security compliance issues and a systematic approach to IT compliance must be put in place. Though the report addresses IT and Cyber Risk specifically, we see the same trend across nearly all compliance areas.
The EU’s plan to improve management of chemicals highlights that the EU and its member states must step up compliance efforts and increase regulation of chemicals. The strategy outlines how 70% of chemicals still have “poor characterization for their hazards and exposures” and “30% of the alerts on dangerous products on the market involve risks due to chemicals, with almost 90% of those products coming from outside the EU”. The long and short of it is that the EU plans to step up its compliance programs, require more information from chemical producers and resellers, and apply a zero tolerance policy on chemical compliance. Tracking down the chemicals in your products and in your suppliers’ parts will be a critical compliance initiative in the years to come.
While it may seem that chemical compliance and IT / cyber security compliance are two distinct areas of concern, they share many key characteristics. What is clear with both these issues, is that in 2021, a global organization can no longer tackle compliance problems one area at a time. A whack-a-mole approach where an organization tackles issues as they arise without an overall system for compliance inevitably leads to missed issues and non-compliance. Siloed compliance approaches obviously create organizational waste, but even more importantly this non-standardized compliance approach makes your organization more susceptible to surprises. What organizations need instead is to build a compliance framework that allows you to stay ahead of the regulators by focusing on a risk-based approach and a comprehensive analysis of your compliance obligations. If you can create a systematic approach to compliance and instill a culture of compliance first, you will have a more resilient organization that is better prepared for the changes to come.