The Future of Compliance – Today and Tomorrow


Featured Author: Tom Fox, The Compliance Evangelist

Compliance Week 2017 is in the books now. The conference opened with futurist, Dr. Brian David Johnson from the Threatcasting Lab at Arizona State University as its first keynote speaker. The mission of the lab and of Dr. Johnson is to provide strategic insight, teaching materials, and subject matter expertise on threatcasting, which looks 10 years into the future. For the compliance practitioner, his talk was an excellent way to open the conference and to provide a framework to think through many of the challenges we all will be facing through the end of this decade and beyond.

First and foremost will be the use of data in compliance, which has several implications.

For those of us with a legal training – particularly those trained in the last century – this will require a shift away from legal-based thinking and a move toward more of a business approach. Similarly, this also means future training of compliance specialists will need to reflect a similar emphasis of business proficiency. The training of old no longer meets today’s requirements of a chief compliance officer – let alone what will be faced five to 10 years down the road. 

Read More: CCOs Say Policies Are Getting Stronger; Adoption of Technology – Not So Much

That is because the use of data has moved from being cutting edge in compliance to a best practice to simply a must have for your compliance program. 

That is because the use of data has moved from being cutting edge in compliance to a best practice to simply a must have for your compliance program.  Dr. Johnson’s talk also made it clear that the successful disciplines will be those that incorporate data more foundationally into their processes going forward. For the compliance practitioner, this means more than simply having data analytics. It means understanding the data and then incorporating the information it provides back into a corporate compliance program on an ongoing basis so that continuous improvement is demonstrated.

It was this final point on the use of data in continuous improvement that tied Dr. Johnson’s remarks to those from a panel of current and former regulators and prosecutors. This was our keynote panel on the second morning. The panel emphasized the use of data to more completely operationalize compliance going forward as set out in the Justice Department’s Evaluation of Corporate Compliance Programs, which was released in February. The government has set this operationalization as a minimum standard which all compliance programs must adhere to going forward. 

Read More: New Guidance from the DOJ on Your Compliance Program

So in all, we received a glimpse into the future as well as immediate action steps to be taken today. The gist is that data needs to be an embedded part of every compliance program, not an add-on, and the way we use data needs to contribute back to the proof points used to define our programs as “effective.” 

With this Compliance Week 2017 in the books, all the participants can reflect on what we learned from the event and what came out of it. I think everyone will appreciate how much the compliance profession will change over the next five to 10 years and how we all need to be ready to respond to those changes. 


Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

Whistleblowing’s Renaissance

Compliance’s Role in Preventing the Next “WannaCry” Cyberattack

The WannaCry cyberattack is being called the biggest ransomware attack in history. The insidious nature of the attack heightens the urgency of implementing sophisticated cybersecurity measures. It also reinforces the necessity of a cross-functional approach to cybersecurity and the critical role Compliance plays within that approach. Take a look at Compliance’s role in preventing the next WannaCry attack.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Whistleblower Hotlines: Still a Vital Tool

Recently the chief compliance officer of a global company asked me: does a company need a telephone-based whistleblower hotline anymore? In our all-technology, all-the-time world, could a company phase out telephone hotlines in favor of a web-only reporting system? Here's my answer.
Next Post Previous/Next Article Chevron Icon of a previous/next arrow.