Skip to main content

Conclusion — the future of compliance

Business models are changing and with that, compliance functions will also need to transform the way they better prevent, detect and respond to fraud and corruption.


The transformation of business models and the high profile scandals and consequent loss of reputation show a need to redefine the compliance function.

For some companies, the role of compliance has been largely a reactive role, working as the second line of defense to monitor and enforce their policies. In other companies, the role has also included managing legal and compliance risks without necessarily embedding compliance into the business.

In the era of digital transformation, products and the business processes that bring them to market are changing rapidly, creating significant challenges for the compliance function to keep pace. How can the compliance function of companies that refresh their risk assessments just once every year or two play an effective role? Compliance professionals need to be much more involved in strategic and operational business decisions.

For some companies, therefore, management’s existing efforts to tackle fraud and corruption are lagging behind business change. So what is the future of compliance?

Technological advances in compliance such as enhanced data analytics, combined with an employee-centric approach to providing guidance will result in compliance acting as a key driver of innovation in the use of forensic data analytics. Examples include the following:

1. The proliferation of data analytics as a management tool is likely to challenge the traditional monitoring role of the compliance function. Our 2018 Forensic Data Analytics Survey* shows that more and more companies are using advanced analytics technologies for continuous monitoring.

2. Advances in the predictive capabilities of “big data”** means that analytics can be used to make real-time decisions, helping to identify and prevent fraud and providing management with more effective oversight.

3. Leading companies are using artificial intelligence technology to replace classroom and web-based training with individualized risk-based communications in real time.

Our experience suggests compliance policies and procedures, backed up by training and consistently applied enforcement, are necessary but not sufficient to deliver effective compliance.

For many companies, there are substantial gains to be secured by better leveraging FDA, which can significantly improve the effectiveness and efficiency of monitoring and reporting, strengthening the second line of defense.

The first line of defense has typically been the responsibility of operational management within the business and included management controls and internal control measures. Compliance should work with the business to reinforce front-line compliance by sharing insight from data analytics and promoting the Integrity Agenda. The chief compliance officer role should be seen as a fully-edged management role in the organization responsible for proactively safeguarding the corporation’s reputation, not just helping it comply with laws and regulations.

For the future, digital disruption will significantly impact compliance programs evolving them from a reactive rules-based approach to proactive engagement with the business and promotion of the Integrity Agenda.

* Global Forensic Data Analytics Survey 2018: How can you disrupt risk in an era of digital transformation?, EY, 2018.
** Big data refers to the dynamic, large and disparate volumes of data created by people, tools and machines.

Back to top