CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.
87% of companies bring in outside cybersecurity advisers, 72% list cybersecurity as desired board skill
Companies are dramatically increasing their use of external cybersecurity advisers, with 87% now engaging outside experts compared to 43% in 2023, according to new research from EY’s Center for Board Matters. The surge comes as cyber threats grow more sophisticated, with FBI data showing a 10% increase in complaints and a 22% rise in losses to $12.5 billion annually.
The analysis of Fortune 100 companies’ cybersecurity disclosures reveals growing board involvement in cyber oversight. Nearly three-quarters (72%) of companies now list cybersecurity as desired board expertise, while 81% report that audit committees oversee cyber risk.
Other key findings include:
- 70% report their chief information security officer (CISO) provides cyber risk information to the board, up from 9% in 2018.
- 57% specify regular board meetings on cybersecurity, either quarterly or annually.
- 47% conduct cyber preparedness exercises, compared to just 3% in 2018.
Boards increasingly concerned about cybersecurity compliance risk
More than two-thirds (68%) of board directors rate cybersecurity and data privacy as their companies’ top regulatory challenge, according to a survey by GRC software provider Diligent.
The survey, based on responses from 140 public company board members, found that cybersecurity compliance surpassed issues like climate (34%), financial accounting and auditing (23%), supply chain (20%) and DEI (18%) as the issues board directors find most challenging in their roles.
Diligent’s report, part of its director confidence survey, set to be released later this year, also indicated that 41% of directors say they need a better grasp on the regulatory picture and how it affects their company.
80% of dealmakers increase focus on due diligence amid heightened regulatory scrutiny
Increased regulatory oversight is prompting dealmakers to intensify their due diligence efforts, according to Dykema’s 20th annual survey on M&A, which found that 77% of respondents observed heightened scrutiny of M&A deals and 80% enhanced their due diligence practices over the past year.
The law firm’s survey of more than 200 senior executives and dealmaking advisers revealed that 75% plan to increase their due diligence specifically to assess potential antitrust risks in target companies. This comes as a majority believe the FTC’s stricter merger reviews could hamper deal activity in the coming year.
“This mounting optimism is somewhat tempered by persistent concerns around economic volatility and increased regulatory oversight,” said Jeff Gifford, a member of Dykema’s executive board.
Other key findings from the survey include:
- 70% expect a stronger U.S. M&A landscape in the next 12 months.
- ESG considerations in dealmaking are declining, with only 55% prioritizing it in target selection, down from last year, while one-third say they’re unlikely to screen for ESG risks.
- Nearly three-quarters report that companies are seeking to integrate AI capabilities or acquire businesses leveraging the technology.
Regulatory fines surge in Q3 as agencies ramp up enforcement
Global regulatory enforcement hit new highs in the third quarter of 2024, marked by precedent-setting actions and increased scrutiny across sectors, according to new data from Corlytics. The period saw several enforcement firsts, including the Financial Conduct Authority’s (FCA) first fine against an audit firm and a landmark $12.7 billion CFTC ruling against FTX and Alameda.
“We have seen the regulators roar into action in this third quarter, not only in terms of the amount of fines imposed but also with some enforcement firsts,” said Susie MacKenzie, head of legal and regulatory analysis at Corlytic, a risk and regulatory intelligence firm.
Key enforcement trends from the quarter include:
- Continued focus on recordkeeping violations, particularly around off-channel communications like WhatsApp.
- Heightened consumer protection enforcement, exemplified by CFPB’s $27 million action against TD Bank
- Growing attention to greenwashing, with Australia’s ASIC levying an £11.3 million fine in its first such case.
- Increased emphasis on self-reporting and cooperation as potential mitigating factors in SEC cases.
76% of corporate legal teams use generative AI weekly, but ESG readiness lags
Legal professionals are rapidly adopting generative AI while struggling to meet rising ESG demands, according to Wolters Kluwer’s 2024 “Future Ready Lawyer” report. The survey of 700 lawyers across the U.S. and nine European countries found that 76% of corporate legal department lawyers use generative AI at least weekly, as do 68% of their law firm counterparts.
A majority of respondents (60%) expect AI to reduce reliance on billable hours, the survey found, while nearly three-quarters (73%) of legal departments expect to increase AI investment over the next few years.
“The 2024 ‘Future Ready Lawyer’ survey finds an industry confident not only in its ability to master new and emerging technologies, but also the systemic changes that follow,” said Martin O’Malley, CEO of Wolters Kluwer Legal & Regulatory.
The survey also revealed significant gaps in ESG preparedness. While 68% of respondents see increased demand for ESG-oriented legal services, only 29% of law firms and 41% of corporate legal departments report being “very prepared” to meet this demand. To bridge the gap, 56% of legal departments have begun ESG training for existing staff.
67% of banks lose clients due to slow KYC processes
Inefficient Know Your Customer (KYC) practices are driving away banking clients at record rates, according to new research from financial compliance software provider Fenergo. The survey of over 450 C-level banking executives found that more than two-thirds have lost clients due to slow and inefficient onboarding and KYC processes, with Singapore banks hit hardest at 87%.
The annual cost burden is substantial, with corporate and institutional banks spending an estimated $60 million on KYC reviews and commercial banks spending $175 million. Yet only 4% of banks have successfully automated the majority of their KYC workflows.
“In today’s fast-evolving regulatory landscape, it has never been more important for firms to strengthen their KYC procedures,” said Stella Clarke, chief strategy officer at Fenergo.
The survey findings suggest financial institutions are looking to AI to solve for inefficiencies and data challenges. 42% said that they aim to increase operational efficiency with AI while 40% are focusing AI on improving data accuracy.
Only 31% of healthcare compliance leaders feel ‘very prepared’ for future risks
Healthcare and life sciences organizations are struggling to keep pace with mounting compliance pressures, according to Barnes & Thornburg’s inaugural healthcare compliance outlook report. The survey of 120 compliance and risk leaders found that less than a third feel very prepared to meet future challenges, while only 42% are very confident about maintaining quality care amid compliance issues.
Resource constraints are a significant factor, with 53% reporting limitations in program areas like budget, staffing and technology, according to the firm’s survey. The outlook appears challenging, as 56% expect these resource limitations to worsen next year.
“Healthcare compliance professionals are dealing with expanding areas of risk, even as many report resource constraints that could limit their ability to meet challenges,” said John E. Kelly, a Barnes & Thornburg partner.
Other key findings include:
- Nearly three-quarters of respondents are using or considering AI for compliance functions.
- 60% say AI integration will add more than 10% to their budget next year.
- 58% report difficulty developing AI governance structures.
- 54% are either seeking or considering private equity backing.
The survey included responses from leaders at hospital systems, physician practices, pharmaceutical companies and medical device manufacturers, ranging from organizations with less than $1 million in annual revenue to those generating over $10 billion.
UK customs rejects $456M per year in suspicious invoices amid fraud concerns
The UK’s tax, payments and customs authority has rejected nearly $1.4 billion in suspicious invoices over the past three years, according to data obtained through a freedom of information request by Basware, an accounts payable software company. The figures show HM Revenue & Customs (HMRC) rejecting an average of $1.25 million in suspicious invoices daily.
The analysis revealed 29,360 rejected invoices over the three-year period, with 12,000 being PDF invoices and 17,360 coming through the department’s e-trading procurement system. During this same period, HMRC spent over $1 billion employing an average of 4,800 staff annually in its Customer Compliance Group to handle enforcement and compliance activities.
“Invoice errors and fraud is one of the biggest threats facing large enterprises, including governments,” said Jason Kurtz, CEO of Basware. “Criminals are producing increasingly realistic fake documents, designed to divert legitimate payments into rogue bank accounts.”
The rejected invoices fell into several categories including:
- Supplier errors
- Invoices rejected and unpaid
- Invoices rejected and subsequently paid
- Rejections due to goods or services not being received
The findings highlight HMRC’s ongoing efforts to combat fraud and errors within the UK tax system through both manual verification and automated processing.
