Plenty in the United States will happen this coming year to keep compliance executives busy, but they'll need to keep an eye on overseas developments too. Europe is the main area to watch. Big changes to the regulatory and compliance environment are coming.
1. Britain loses its voice in Europe. Britain lost many friends in December when it vetoed French and German plans to tie the European Union's 27 member countries closer together to save the beleaguered euro. Undeterred, the 17 countries that use the euro are setting up their own inter-governmental agreement to coordinate national tax rates, spending, and borrowing. Most other EU members are expected to join the deal, leaving Britain on its own and without much influence. This matters to compliance executives because the British have always provided a strong counterbalance to the EU's regulatory zeal. The result could be a trading bloc less accommodating to U.S.-style capitalism.
2. Tougher corporate governance rules. The European Commission spent 2011 consulting on how it might need to change Europe's corporate governance laws in response to the financial crisis; in 2012 it's likely to start taking action. Companies listed on European exchanges face more detailed rules—rather than just general principles—in areas such as how they constitute their boards, make decisions, and manage risks. One idea popular in Brussels is to give securities regulators greater powers to enforce the “comply or explain” principle that underpins much European corporate governance practice.
3. Big 4 Challenged? 2012 will see the European Commission push ahead with plans to break up the Big 4's dominance of the listed company audit market. A raft of changes published in November would stop firms from selling consulting services to their audit clients and would force some firms effectively to split in two. The Big 4—and many business groups—lobbied hard against the Commission and lost. They can still try to block its proposals as they move through the European Parliament. But even if the audit firms win there, an anti-trust investigation in the United Kingdom that started in October could force them to change their business practices.
4. Stricter data protection. February is likely to see the European Union's justice commissioner, Vivienne Reding, publish new data protection laws. Companies operating in Europe will have to comply with new rules about how they capture, store, and use personal information. Reding is also giving Europe's data-protection authorities greater powers to enforce compliance.
One particularly thorny issue: Reding says she will go ahead with the controversial introduction of a “general obligation” requiring companies to notify regulators and members of the public if they discover a data breach. The laws will create an IT and compliance headache. “Certainly, more needs to be done, especially when so much private data isn't encrypted as a matter of routine or uniformly to the same high standard,” says Gary Clark of SafeNet, a security company.
5. Bribery Act gets tested. Britain's tough Bribery Act took effect in 2011 and November saw the first prosecution and conviction. A lowly British court clerk who took bribes in exchange for not recording drivers' traffic offences was jailed for six years. That may not be quite what regulators had in mind when they created the Bribery Act, but the speed with which the prosecution came to court is a warning to companies that have been slow to update their bribery and corruption controls. “The global market has taken big steps forward in compliance this past year, not least because of the legislation that has come into play,” says Howard Sklar, senior corporate counsel at software vendor Recommind. “Compliance officers now have to ensure rules are adhered to.”
6. Fair competition enforcement up. PwC's 2011 global economic crime survey showed that instances of anti-competitive behavior had more than doubled worldwide since 2009, perhaps owing to the tough economy. Yet only a quarter of the firms PwC surveyed said their organization monitored their business for anti-competitive behavior by staff. Such a slack approach could lead to trouble in 2012. “Enforcement by competition regulators is now one of the most serious regulatory risks facing companies, particularly around cartels and collusion,” says Fran Marwood, a director in PwC's U.K. forensic services. “Increasingly, regulators are co-operating to share information on local cases, leading to investigations that reach further than just the country or region where the matter was first identified.”
“The global market has taken big steps forward in compliance this past year, not least because of the legislation that has come into play. Compliance officers now have to ensure rules are adhered to.”
—Howard Sklar,
Senior Corporate Counsel,
Recommind
7. Executive pay scrutiny continues. Complaints about high levels of executive pay are a common refrain, especially in Europe, where national economies remain stuck in the doldrums. Britain has always taken a “let the market” decide approach to the issue, believing that pay deals are a matter for companies and their shareholders, rather than regulators. Nonetheless, the government will introduce new regulations on remuneration in 2012. Among them could be a binding shareholder vote on pay questions. The business lobby has resisted that in the past, but even the Institute of Directors now wants a binding shareholder vote on remuneration policy, if not on individual pay deals. The government will unveil its plans early in the year.
8. Japan gets governance. The boardroom scandal at electronics giant Olympus will likely result in corporate governance reforms for all listed Japanese companies in 2012. The company sacked its CEO, Michael Woodford, after he uncovered a massive accounting fraud. But after an investor and foreign media outcry, Olympus commissioned a report into the affair; in December it released its conclusions. Among them: “The core of management was rotten.”
The report called for several governance changes, including a shake-up of the board and the introduction of independent directors who would be more willing to ask tough questions and challenge management—something corporate Japan has long resisted. Now it seems new laws will be introduced in 2012 requiring all big companies to appoint at least one outside director. This could be just the beginning of a governance reform drive.
9. IT security more complex. The blurring divide between home and work will accelerate the trend that IT folks call “consumerization” next year. This refers to the increasing use of personal computing devices, including smartphones, tablets, and home laptops—for work purposes. It makes life easier for staff and can reduce corporate IT costs, but the data security headaches are significant. Consumerization is “big thing for 2012”, says Andy Fisher, a director of BCS, a software license company, “and unless it is strictly managed it will create a compliance time bomb.”
Companies will need strict policies in place so they know what personal hardware is being connected to their systems, what software staff plan to use and what technology licenses are in place. “Someone might have purchased a ‘personal' license for a piece of software on their laptop but the user agreement might clearly forbid the right to use the software in a corporate environment,” Fisher says.
10. Cloud computing becomes the norm. Another hot technology trend through 2012 will be the continued adoption of cloud computing. The rise of cloud services has given companies new ways to cut their IT bills by purchasing computing power and data storage on a “pay as you go” basis. But any lack of clarity about where a cloud provider actually stores or processes a company's data can become a compliance nightmare.
“The question for companies will be: Where is the data center and, therefore, which country laws will they have to comply with, as they differ from country to country?” says Carl Shallow, head of compliance at SecureData Europe. “Businesses will need to work out exactly how they can manage this in the cloud.”
Of course, compliance executives will have to deal with these trends against the backdrop of a tough economy. Europe is on the brink of a double-dip recession; the global outlook is grim; boards are risk averse; and investors and regulators are skittish. There's never a good time for a company to suffer a compliance failure, but 2012 would be a particularly bad time.
No comments yet