By Ernst & Young Global
Top trends that companies should address in their 2016 planning:
1. Preparing for the inevitable cyber breach. Cyber breaches will continue and recent destructive attack techniques will be adopted by hacktivists to drive their agenda. With more than one-third of global organizations still lacking confidence in their ability to detect sophisticated cyber-attacks, according to EY’s Global Information Security Survey, companies are looking to technology to reduce cybersecurity risks associated with both insider and external threats. ‘Cyber savvy’ companies and their boards are demanding more information about the specific threats they face, evaluating their resources, bolstering protection for critical assets, and preparing for incursions by advanced threat actors.
2. Focusing on the individual. As the United States Securities and Exchange Commission (SEC) and DoJ have continued to invest in specialized resources to combat fraud, bribery, and corruption, there is increased focused on the individual. While statutory safeguards exist to protect and motivate whistleblowers, the DoJ Yates Memorandum advances expectations for companies to fully identify all individuals who took part in corporate wrong doing if they are to secure credit for cooperation with the authorities.
3. Data privacy and information sharing. The European Court of Justice recently invalidated the Safe Harbor Data Privacy regulation between the US and the European Union that enabled the movement of personal information across the Atlantic. In addition, In addition, the Cybersecurity Information Sharing Act passed the Senate and is close to being signed into law. If passed, corporations will be sharing information to help reduce cyber breaches and attacks, but will need to protect the data privacy of individuals using their systems. The ongoing focus on how personal information is handled internationally and how commercial information is shared between companies and the government during a cyber-breach investigation will drive companies to revisit their information governance strategies.
4. Sanctions and their commercial implications. As governments continue to enforce trade sanctions against individuals, companies and other governments, companies are left navigating a difficult regulatory compliance environment. They need to be vigilant about understanding risks posed by third parties and individuals that are often masked by corporate structures often involving illicit drug trade or terrorist financing. Companies will need to build more robust local compliance teams and increase oversight and training.
In addition to these four trends, there are special considerations for regulated industries.
Specialty pharmacy and distributors should expect increased scrutiny. There will be greater examination of third-party relationships such as therapeutic and specialty pharmacy relationships. Pharma companies will need to be even more careful with service-based agreements and marketing/distribution contracts.
Use of data analytics in monitoring will be on the rise. More companies will use sophisticated forensic data analytics to self-identify issues combined with Centers for Medicare & Medicaid Services open payment databases. Elements under investigation will include average payment per doctor.
Economic challenges will impact compliance standards. The fall of oil prices has roiled the energy sector and geopolitical tensions are rising. These issues will challenge investment in compliance at all levels and companies operating in this segment will need to be thoughtful and vigilant about maintaining anti-bribery/anti-corruption compliance efforts. In addition to working with third parties, companies will need to be aware of insider threats posed by disgruntled employees.
Compliance expectations will be expanded for broker-dealers and investment advisors. Continued areas of focus will include protection of confidential customer information, potential Market Access Rule violations, and compliance with record keeping requirements. New and evolving areas of focus are likely to include broker-dealers’ anti-money laundering compliance programs, and how domestic broker-dealers address risk exposure to foreign wrong doers.
There will be more oversight into retail asset management. Regulators are bringing scrutiny to asset managers’ supervisory systems, fee disclosures and marketing incentives relating to the sale of municipal bonds, mutual funds and closed-end-funds. Noted failures to adequately monitor customer account concentrations and leverage suitable customer risk tolerances resulted in censures and fines that will likely continue.