FacebookFacebook icon TwitterTwitter icon LinkedInLinkedIn icon Email
security data


Mind the compliance gap

IbyIMD+ Published 23 May 2022 in Finance • 6 min read

In many businesses, compliance training fell by the wayside when Covid-19 altered priorities and made in-person teaching impossible. That could have significant ramifications. As a result, businesses should refresh both how training is provided and the syllabus itself.

Are businesses sleepwalking into compliance failures? As the COVID-19 pandemic forced most industries to shift to remote working, one casualty was the loss of in-person compliance training programs. Research from KPMG shows that 23% of organizations fear the effectiveness of their compliance and anti-fraud training programs has been adversely affected by the shift to home working; 16% warn fewer people have been able to take part in in such training. 

From financial services, where staff are not kept up to date on how to prevent money laundering, to life sciences, where medical protocol changes are continuous, many sectors now face significant compliance-related training gaps. The consequences could be serious – especially in regulated sectors. In financial services alone, firms worldwide paid a total of $5.4bn of fines for compliance breaches related to money laundering and data privacy last year. 

Moreover, firms that fall short on compliance are vulnerable to gaps in related areas. Compliance work is often closely linked, for example, to fraud prevention and cybersecurity, and breaches in these areas can be devastating. One study has put the annual global cost of cybersecurity attacks at $6tn. 

But the biggest danger of all may be reputational risk. With research suggesting trust in businesses already at an all-time low, compliance failures and related missteps could further undermine the brand value of businesses that are caught out. In some cases, these businesses will not survive the backlash from customers, employees and investors. 

These are not theoretical risks, with a growing number of companies reporting concerns that interruptions to compliance training are now hitting home. Training that was originally delayed for a few months at the outbreak of Covid-19 was put off for longer and longer. Now businesses are seeing the consequences. 

One life sciences company points to a sharp reduction in the number of calls to its whistleblower hotlines since training slowed; it believes the problem is that employees are no longer so sure which issues and concerns to report. Another business has become increasingly worried that supply chain disruption has forced its procurement teams to expand its sourcing – and that in the absence of training, the importance of maintaining supplier due diligence may be sacrificed in the name of keeping the business stocked. 

Many organizations have tried their best. The Association for Talent Development (ATD) says that compliance training accounted for 14% of training delivered during the pandemic at the organisations it surveyed, more than any other type of learning support. However, with total spending on training falling sharply according to the ATD, this was a slightly larger share of a much smaller pot. 

Recently, the Lapsus$ gang hacked Microsoft's Azure DevOps server containing source code for Bing, Cortana, and various other internal projects.

Log in or register to enjoy the full article

Explore first person business intelligence from top minds curated for a global executive audience