2024 年首席合規(guī)與道德官的領(lǐng)導(dǎo)愿景-英

LeadershipVisionfor

2024To

p

3Strategic

Prioritiesfor

ChiefCompliance

and

Ethics

Officers?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.

Thispresentation,

includingallsupporting

materials,

isproprietary

toGartner,

Inc.

and/or

itsaffiliates

and

isfor

the

soleinternal

use

of

the

intended

recipients.

Because

this

presentation

maycontain

information

that

isconfidential,

proprietary

or

otherwise

legally

protected,

itmay

not

be

further

copied,distributed

or

publicly

displayed

without

the

express

written

permission

of

Gartner,

Inc.

oritsaffiliates.Leadership

Vision

for

Chief

Compliance

andEthics

Officers

in2024Increased

expectationsaround

riskmanagement,enforcement

and

regulatory

pressures

aredrivingKeyquestions

addressed:unprecedented

changeandreshapingthe

chiefcomplianceofficer

(CCO)

role.What

arethe

majortrends

impactingCCOs?What

arethe

top

challenges

CCOs

mustaddress?Inthisenvironment,

CCOs

arefocusingon:What

actionsshouldCCOs

prioritize

toimprovecompliance

program

performance

in2024??Defining

andmeasuring

the

effectivenessof

theirrole?Using

technologytomanage

increasing

volume

andvolatility

of

regulations?Integrating

andoverseeingthird-party

networksCCOs

canusethisresearch

torespondandadapt

tothechangesandsucceed

through

disruption.RESTRICTED

DISTRIBUTION2?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Tr

endsImpacting

CCOs

in2024In

2024,

CCOs

faceheighteneddemands

from

regulators

andenforcement

agencies

for

program

effectiveness,with

manyinthe

U.S.

also

facinganexpanded

duty

of

oversight.

Theymustmeet

thesedemands

all

whilenavigating

increasing

riskmanagement

volatility,

uncertainty,

complexityandambiguity

—“VUCA”

—acrosstheorganization

and

the

extended

enterprise.IncreasinglyFragmentedRegulatoryRegimesFueledby

Nationalism,Statismand

Trade

WarsContinuedSupplyChainVolatility

andShortagesPrivacy

Regulations,Cyber

Risks

andBusiness’sDataandDigital

StrategiesIncreasing

StakeholderExpectationsforIncreased

RiskManagement

Rigor,with

2023

DOJUrgencyIncreased

StakeholderExpectationsforGovernance,

ESGandSocialResponsibilityIncreased

EmployeeExpectationsforTransparency

andAccountabilityExpanded

DutyofOversighttoCorporateOfficersIncreasinglyHybrid

andRemote

WorkforceIncreasing

Global,DivergentWorkforceAttenuated

FromCorporateCenterFragmented,

BoomingTechnology

andServices

Market

forCompliance

andRiskTeam

Burnout,Fatigueand

CompetitionforTalentInflux

of

GenZTalent

CreatesNewExpectationsforComplianceRESTRICTED

DISTRIBUTION3?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.ImprovingCompliance

Program

Perfor

mance2024CCO

ImperativesDevelop

Effective63%of

compliance

leadersareMethods

forless

than

fully

confidentintheirAssessing

Programability

toassess

programPerformanceeffectiveness.StreamlineOver

50%

of

executiveThird-Party

RiskManagementStrategies,ProcessesandPracticesDigitalizeComplianceRisk

ManagementProcessesleadershaveobservedanincreasein

seniorleaderoversightof49%of

compliance

leadersplantoincreasespendoncompliance

technology.third-party

networks.Source:

GartnerRESTRICTED

DISTRIBUTION?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.4W

hat

Tr

ends

AreImpactingCCOs?RESTRICTED

DISTRIBUTION5?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Tr

end:

The

Pressurefor

Program

Perfor

manceCaseinPointImpactFeltaRegulatory

andEnforcementUpdates

toDOJguidance

oncompliance

effectiveness87%

experience

greaterpressurefromregulatorsAgency

PressuresSenior

Leadership

Enhanced

personalliability

on66%

experience

greaterpressurePressuresexecutives

fromDelaware

ChanceryCourtfromleadership

and

theboardValue

ChainPressuresIncreased

expectations

forsupply

chain

77%

experience

greaterpressuredue

diligence

fromCSROb

fromvalue

chainpartnersn=82Source:

Gartner

2023Compliance

Effectiveness

Client

Surveya

Percentage

ofcompliance

leaderswho

say

expectationsfor

effectiveness

areat

leastsomewhat

greaterb

The

European

UnionCorporate

Sustainability

ReportingDirectiveRESTRICTED

DISTRIBUTION6?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Tr

end:

Third

Par

tiesAre

Critical

andHigh

RiskOur

Third-Party

NetworkIncludesanIncreasing

Number

of“Startups”44%and/or

Business

Model

Innovators

OverIncumbent

ServiceProvidersNearlyhalfof

seniorfunctionalleaderstellusthat

theirthird-party

networks

arecomposedofstartups

orbusiness

modelOur

Third-Party

NetworkIncludes

Thirdinnovators,

performing

new-in-kindtechnology

services

for

their

business,andperforming

services

outside

of

theirorganization’s

corebusiness

model.Parties

That

ArePerforming

New-in-KindTechnologyServicesfor

OurBusiness

(e.g.,Analytics,

Automation,

Artificial

Intelligence)43%42%Third

Parties

AreMore

CriticaltoOurOrganization’s

Profitability

Than

TheyWere

Three

Years

AgoOur

Third-Party

NetworkProvidesServicesIncreasingly

Outside

of

OurCoreBusiness

Model37%n=939Source:

2022Gartner

Cross-FunctionalThird-PartyRisk

Management

SurveyRESTRICTED

DISTRIBUTION7?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Tr

end:

AFocus

onOversight

andMonitoringDrivers

ofIncreasedPressure

onCCOstoImprove

InternalandExternalReportingSystemsExtendedDuty

ofOversight

toOfficersSEC

ChargesCompanies

WithDisclosure

ViolationsDOJ

Updates

Guidelines

onCorporate

ComplianceIn2023,

the

DelawareCourtofChanceryapplied

the

Caremarkduty

of

oversightto

corporate

officers,extending

anobligation

toimplementandmonitor

internalcontrolsystemsandaddress

flags.Activision

Blizzard

settledchargeswith

the

SEC

for

analleged

failuretomaintaininternalcontrolsdesignedtocollect

employee

complaintsof

workplacemisconductandanalyzethedatafor

disclosure

purposes.InFebruary

2023,

the

DOJ

issued

aCorporate

Voluntary

Self-DisclosurePolicy,

whichprovidesincentives

forvoluntarycorporate

disclosures,whereby

the

companydiscloses

allrelevantfacts

aroundmisconductbyemployees

prior

tothe

threat

ofdisclosure

or

voluntaryinvestigation.Source:

In

re

McDonald’s

Corporation

Stockholder

Derivative

Litigation,U.S.SEC,

C.A.No.2021-0324-JTL

(Del.Ch.January

26,2023).;In

re

Activision

Blizzard,Inc.,

U.S.

SEC,ReleaseNo.34-96796

(February3,

2023).;Voluntary

Self-Disclosure

Policy

(February

2023),

UnitedStatesAttorneys’

Offices.RESTRICTED

DISTRIBUTION8?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.W

hat

Are

theTo

pChallenges

CCOsMust

Address?RESTRICTED

DISTRIBUTION9?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Challenge:

SignificantEffor

tSpenton

KRIsCCOs

tellusthey

spendsignificant

effort

reviewingKRIs

—keyriskeventsandother

riskhot

spots

—toevaluatetheir

compliance

program

performance.Yet,

despitethoseinvestments,

there’slittle

correlationbetween

effortexpended

hereandCCO

confidence

inprogram

effectiveness.Compliance

Leaders

WhoSpendSignificant

Effort

onEvaluationApproachPercent

Who

Agree/Strongly

Agree

That

They

SpendSignificant

Effortn=82Source:

Gartner

2023Compliance

Effectiveness

Client

SurveyRESTRICTED

DISTRIBUTION10

?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Challenge:

Finding

aCommon

Standard

AcrossTPRM

Fr

amewor

ksCommon,

Cross-Industry

TPRMFrameworksSelect

FrameworksDepartmentofJusticeGDPRISOCPRANISTThere

isanetwork

of

cross-industry

TPRMframeworks

inplace,

butCCOs

arechallenged

toanchortoa

single

standardfor

third-party

risk

management.SASBSource:

GartnerRESTRICTED

DISTRIBUTION11

?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Challenge:

Arriving

at

Actionable

Risk

InsightDriveActionable

Insights

FromEnterprise

DataSourcesCCOs

should

familiarize

themselveswith

data

sourcesacrossenterprise

functions,

data

sourcesthey

already

have

accessto,andthe

key

risk

frameworks

andcontrols

for

which

they

haveoversight

responsibility.Source:

GartnerRESTRICTED

DISTRIBUTION12

?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.W

hat

ActionsShouldCCOs

Prioritize

toImprove

ComplianceProgram

Perfor

mancein2024?RESTRICTED

DISTRIBUTION13

?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Imperative:

Develop

andAssess

Quality

StandardsOur

research

showsthat

those

CCOswhoevaluate

their

programs

according

to

adefined

set

of

performance

indicators

or

quality

standardshavethe

highest

confidence

intheir

program

effectiveness.Based

onour

many

yearsof

cross-functional

research,

we’ve

highlighted

nine

quality

standards

that

impact

program

performance.Our

research

showsthat

employees

are139%more

likely

tounderstand

and

prioritize

compliance

when

qualitystandards

arepresent.n=1,003Source:

Gartner

2023Compliance

Effectiveness

Client

SurveyRESTRICTED

DISTRIBUTION14

?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Imperative:

Tar

getTPRMProcess

MaturitySingleStandard

for

TPRMInforms

TPRM

Activities

andProcessImprovementsCommon,

Cross-Industry

TPRM

FrameworksTPRM

Activities

andProcessesRecertificationDepartmentofJusticeRiskRemediationLeading

CCOs

targetselect

improvementsacross

processes

andactivities,

informed

byaconsolidated

view

ofTPRM

standards.GDPRandCPRAMonitoring

and

AuditingOnboarding/OffboardingSingle

Standardfor

Third-PartyRiskISOManagementDueDiligenceBusiness

JustificationTPRMFoundationsSASBNISTLearnmore

about

howourall-new

Third-Party

Risk

Management

ProcessMaturity

Assessmentcansupportyou.Source:

GartnerRESTRICTED

DISTRIBUTION15

?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Imperative:

Digitalize

ComplianceRisk

ManagementCore

Capabilities

andExamples

of

Other

GRC

Composable

CapabilitiesGRCCoreCapabilityMultipleStakeholdersERMandAuditCorporateComplianceImprove

riskRiskMonitoringITRiskGRC

toolscanbeusedinconjunctionwith

point

solutionsfor

specific

roles,processes

orgovernance,

riskanalysis,

associationof

controls

or

riskmitigation

plans

andworkflow

automationthrough

governance,riskandcompliance(GRC)

tools.RiskResponseRiskReportingCyberRiskRiskAnalysisTPRMResilienceERMandRiskGovernancePolicyManagementCompliance(Umbrella

RiskDomains)Privacyactivities

acrossassurancefunctions.AuditManagementESGGiftandEntertainmentDisclosureOperationalRiskBCM/CrisisCOIDisclosureWhistleblowerHotlineLearnmore

about

the

GRC

Market

for

Assurance:

Market

Guide

toGRC

Tools

for

Assurance

Leaders.Source:

GartnerRESTRICTED

DISTRIBUTION16

?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Ke

y

Planning

AssumptionsCorporate

needsCompliance

assumptionsWhichchief

compliance

officerimperatives

aremostimportant

foryou

in2024?1.2.RESTRICTED

DISTRIBUTION17

?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Planning

for

2024Statement

of

Compliance

StrategyTo

help

achieve

companygoalsof

improving

profitabilityand

customer

loyalty

byproviding

streamlinedcomplianceandlegalservices,andinnovations

that

reduce

compliance

andlegalrisksandenable

costandoperationalefficiencies.State

ofCompliancein2024To

p5to7Compliance

InitiativesState

ofCompliancein20XX1.

Establish

anoutsidecounselsharedservicescenterto

reduceoverallcosts.To

p5to7MetricsDescribing

theInitial

StateTo

p5to7MetricsDescribing

the

EndState2.

Implementa

contracts

management

system

to

enhancefunctionality

andimproveefficiencyof

keybusiness

processes.3.

…4.

…To

p5to7Underlying

Beliefs

and

Assumptions1.

The

companywillachieve

x%

revenue

growth

in

20XX.2.

The

regulatory

environmentwillchangeconsiderably.3.

Thereare

opportunitiesfor

acquisitions

or

divestituresthat

willshiftcurrent

priorities.4.

…RESTRICTED

DISTRIBUTION18

?2023

Gartner,

Inc.

and/or

itsaffiliates.

All

rights

reserved.Actionable,

objective

insightPositionyourcompliance

organization

for

success.

Explore

theseadditional

complimentary

resources

and

tools:Temp