Breaches in security aren't the only major risks that organisations today need to be aware of. Increasingly, compliance, or a lack thereof, is almost as significant a risk to a company as cyber attacks, according to new research released today by TAS.
The Australian technology services firm says the data from its fourth annual Compliance Index suggests business leaders still have work to do when it comes to ensuring effective compliance management.
While awareness of compliance issues has broadened throughout the years, industry leaders are still grappling with how to foster a compliance-first culture in the workplace - deemed essential by TAS in maintaining a low-risk profile for an organisation.
Results from a survey conducted as part of the Compliance Index indicate over a quarter of respondents have either no knowledge or only a basic level of understanding of compliance obligations.
Additionally, 64% of participants estimate that staff spend between as little as zero and two days on compliance training annually, potentially exposing companies and customers to increased risk from lack of knowledge and skills.
This may not be for lack of trying, however, as the report also suggests that many industry leaders face constraints in resources, skills capability and a lack of strategic partnerships.
Most organisations have worked with a third-party partner to help with compliance obligations. However, ‘very few' are actively engaging partners to manage their end-to-end compliance obligations, according to the study – while many businesses have done neither.
“With compliance costs growing, and organisations identifying time and resources as significant barriers, leaders must open themselves to innovative ways to address the compliance challenge,” says TAS chief executive officer Shane Baker.
“While risk and compliance are clearly on the agenda, there is still work to do in moving the compliance conversation forward.
“As the Index reveals, compliance must be viewed as a business imperative and must be fully embraced and visible across the organisation.
“Strategic partnerships, smart and intuitive technology, and the use of data and analytics will help navigate the compliance landscape.”
To ensure organisations don't suffer the consequences of non-compliance, workplaces should encourage a compliance-first culture at all levels, as well as invest in quality training programmes and tools.
The research finds that many industry leaders do not give as much thought to compliance as they should, with 40 % of those surveyed unsure of their compliance-related expenditure and therefore are not focusing on the how to manage compliance.
“Leaders should empower all staff with both training and tools to be responsible for compliance and work strategically with the right solutions and RegTech partners to achieve compliance,” says RegTech Association founding director Julian Fenwick.
“By championing a compliance-first culture, organisations can meet their obligations and ensure their customers are protected now and in the future.