With pivotal compliance trends starting to materialize in 2024, regulatory compliance and sustainable practices have become business drivers across industries and geographies. While the EU continues to lead the way in global sustainability and ESG practices, the US is expected to catch up with its own climate disclosure rules later this year. Meanwhile, the US Department of Justice (DoJ) evolves its compliance expectations while keeping a close eye on how companies follow sanction laws. Below is the overview of key milestones in the legal landscape and how entity management and corporate governance strategies can help meet your 2024 compliance challenges.
EU Leading the Way: Global Sustainability and ESG Trends
While the climate change regulation by the US Securities and Exchange Commission (SEC) has been in the making for some time, the European Union already set the pace for ESG trends with its EU Corporate Sustainability Reporting Directive (CSRD) and the European Sustainability Reporting Standards (ESRS).These regulations set reporting requirements for a range of sustainability and governance aspects with the aim of integrating ESG into corporate practices. Businesses seeking to get ready for the novel regulations in the US would be smart to review the EU practices and employ an anticipatory action, especially when doing business in the EU.
Aligning with DoJ: Navigating Evolving Compliance Expectations
The US Department of Justice (DoJ) has maintained an unchanging focus on corporate compliance programs over the last years and continues to evolve its compliance expectations by introducing new guidance. One of the examples is the DoJ's rule for merger and acquisition (M&A) due diligence intended to steer acquiring companies into reporting misconduct. Similarly, the DoJ's three-year pilot program on clawbacks and compensation initiatives seeks to incentivize companies to pursue compliance and implement compliance-related criteria in its compensation structure, including "promotions, rewards and bonuses." Meanwhile, organizations are expected to impose penalties for misconduct to deter risky behavior.
In addition, the DoJ introduced revisions to its Evaluation of Corporate Compliance Program (ECCP) guidance, expanding its scope to cover three new areas, which include communication, policy environment and risk management. The updated regulation meticulously addresses various touchpoints, including:
- expectations for business communication,
- using personal devices and messengers for business,
- retention of data on platforms,
- penalties for failure to comply.
Sanctions: Shaping Third-Party Risk Management
With the head of the DoJ mentioning that "sanctions are the new FCPA" (Foreign Corrupt Practices Act actively pursued by the US from the year 2000), the trend toward sanction reinforcement becomes a compliance priority in the corporate sector. With the expansion of government scrutiny and focus on ESG, the regulators, for example, in Germany's Supply Chain Act (LkSG), expect businessesto identify and prevent or minimize the risk of human rights violations and damage to the environment while involving third parties. Given these ever-increasing requirements, companies need to automate their sanction screening when operating on an international scale in the new era of third-party risk management practices.
Navigating Data Privacy Challenges
As data has become a global currency, regulators seek to put additional controls on citizens' data, pushing new laws and guidance every so often. Again, the European Union was the first to develop standards for data privacy, followed by the UK and now by the United States, expected to push federal data privacy law in2024. In the meantime, the California Consumer Privacy Act (CCPA) goes even beyond the EU's approach, for example, in defining personal data, followed by 11 other states, with more joining the queue. With change being the only constant, companies now face more data privacy and data localization laws and need to keep informed of the updates in regulations to stay abreast of the requirements.
Compliance and Cybersecurity – Balancing People and Technology
Marked by the deployment of AI and digital technologies on a global scale, the 2024 landscape is changing rapidly, calling for making cybersecurity-related compliance a part of companies' DNA. The partnership between cybersecurity and compliance teams has become crucial in meeting government expectations for managing security risks and data privacy. With regulations, such as SEC rules requiring listed companies to publish information on cybersecurity incidents and strategies for managing risks, there is a growing expectation for pushing cybersecurity to the top of every business agenda.
Strategic Compliance for Business Resilience
By building a holistic compliance framework, organizations enable the collection of comprehensive data from multiple sources, including information about potential conflicts of interest, risk factors and breaches, implementation of existing policies, training, as well as emerging and updated regulations. As a result, organizations gain comprehensive knowledge for better decision-making and stronger compliance while avoiding financial penalties. With risk and compliance being critical for continuity of operation, risk-based compliance initiatives become imperative for sustaining business resilience.
Learn more with Athennian
In a data-driven environment, an effective compliance strategy is only possible when backed by reliable technology providing for the management of risk and critical business data, data privacy and security, as well as collaboration and transparency across the organization.
Companies leveraging modern entity management software, like Athennian, are able to address novel compliance challenges via a reliable framework for strategic compliance, managing risks and keeping their critical business records safely stored and available at a click of a button. Please don't hesitate to reach out to the Athennian team or request a free demo to learn more about addressing compliance with technology.