The year 2021 ushers in a new decade of business change, especially considering the roller-coaster that 2020 was. As organizations move forward, there are various compliance challenges both new and old that compliance officers must come to terms with. Compliance refers to playing according to the rule book, so amid geo-political changes, data privacy concerns, questions on operational resilience, and cybercrime threats, there is new interest in policy and regulatory mandates.
5 Pressing Compliance Challenges You Will Face in 2021
To shed some light, here are 5 pressing compliance challenges businesses will face 2021.
The workplace after COVID-19
As workplace restrictions ease and eventually give way to business as normal, organizations will have to rethink their work models, ensure workplace safety, and assess their exposure to legal risk. With the onset of the new administration in the US, the Occupational Safety and Health Act (OSH Act) is expected to pursue COVID-related enforcements more aggressively.
OSHA had earlier issued guidance on preparing workplaces for COVID-19 and it expects employers to take steps such as:
● Developing an infectious disease preparedness and response plan
● Having policies and procedures for prompt identification of potentially infectious individuals
● Issuing flexible leave policies, in line with public health guidance
If employers fail to comply with standards, for instance, by not adopting virtual meetings as a control when the situation calls for them, there could be hefty fines to be paid on lawsuits.
Apart from OSHA, employers would have to pay attention to the Americans with Disabilities Act(ADA) and the Family and Medical Leave Act (FMLA) too. As an employer, you may also want to institute a pandemic response team and undertake workplace risk assessment to know who may be at risk based upon their regular workday interactions.
Remote work as a permanent fixture
While opening the workplace in a safe manner, employers may find it difficult to dislodge work from home from its perch. Many find that it boosts productivity (while saving commute time and costs!) and, going forward, many companies may move to a partially-remote work model.
However, while work from home uncomplicated the path forward at the onset of the pandemic, it may have complicated compliance by a whole lot. For instance, how do you manage payrolls for employees who work out-of-state for half the month and in-state for the rest? Do your employees get stuck paying income tax in two states?
Alongside a web of complicated tax issues, you also have the world wide web and the issue of data privacy and security to heed to. With weaker Wi-Fi networks, more personal devices, and the absence of company IT security systems, the prospects of cyber risk increases. A single data breach can cripple your business and cause financial, legal, and reputational loss. Some other elements that employers will have to consider are:
● Work from home infrastructure
● Occupational safety and health
● Disability accommodation
● Insurance coverage in a WFH setting
Brexit and subsequent EU-UK deals
Brexit has a direct impact on businesses in the UK and a direct impact on the US. Major finance companies in the US route their EU operations through London, and hence the implications of the Brexit deal are important. Banking services, for instance, no longer enjoy automatic right of access to markets in the EU. Likewise, professional qualifications won’t be recognized automatically. In essence, you would have to comply with different sets of regulations, for the UK and EU, wherever applicable, moving forward.
Freedom of movement between the UK and EU is also something that Brexit severed. New immigration rules have entered into force, but several visa restrictions have been removed. Importantly, data transfers from EU to UK and UK to EU will be treated differently. The UK does not yet enjoy an ‘adequate’ status when it comes to data protection, just like it does not enjoy ‘equivalent’ status for financial services. Finally, for a multi-country data breach you could be dealing with both, the UK’s Information Commissioner’s office and an EU regulator.
Big data and balancing rewards and risks
With business ecosystems going digital the potential for big data to revolutionize how a company provides its services is unprecedented. However, given the legal, financial, and reputational ramifications of mishandling personally identifiable information (PII), such as passwords, payment information and passport number, it is possible for data to pose serious compliance challenges. You must be prepared to account for the flow of data through your organization, through all points, be it collection, processing, or storage.
Here are 10 compliance hurdles linked with big data:
● Inability to properly identify and classify data
● Lack of mapping data with the regulations that apply to them
● Lack of clarity on the ownership of the data
● Possession of large volumes of data that could be subject to a major breach
● Insufficient tools to manage and control the data through its lifecycle
● Possession of vulnerable infrastructure that houses data
● Inability to distinguish between public and private data
● Lack of controls with respect to third party big data service providers
● Insufficient knowledge of global regulations that apply to data being handled
● Presence of unprotected data on the cloud
As technology continues to disrupt the way businesses operate, maintaining a compliant environment will be a challenge but will prove to be a necessary safety net.
Environmental protection as a priority
As consciousness of the fragility of the world we live in continues to grow, more attention will be given to the way businesses conduct their operations. What is the effect of non-compliance with environmental regulations? Penalties, fines, project delays, increased scrutiny, and above all, a tarnished public image are a few. Apart from these, there are physical risks such as floods and fires that can arise if environmental issues aren’t given due respect.
Depending on where you are located, you may have different levels of regulations to adhere to, for instance, county-level, state-level, and federal-level. Hence, it is good to do a full audit of your operations and note the regulations that apply to you. Some of them may pertain to hazardous waste, air permits, storm water, toxic substances, clean water, resource conservation, and so on. Being compliant is not a choice, really. But your organization can transcend the limits drawn by regulations and strive for what is socially desirable too.
Adopting low-carbon policies, using energy efficiently, saving resources through the supply chain, for instance, are approaches that build customer confidence and draw investor attention. The hard work put into maintaining legal compliance and setting green development targets can yield to economic advantages in the long-term.
One thing about these 5 compliance challenges is that juggling between multiple compliance regimes, such as PCI DSS and GDPR or HIPAA and CIJS, is hard. It becomes even more difficult if you do not have a way to oversee compliance on an organization-level. Poor communication, training, monitoring, and data management can hinder compliance. Being stuck in silos with spreadsheets and binders fails to provide the big picture and that is the gap VComply, an integrated GRC solution fills.
With it you can analyze your organization’s performance with graphs, delegate responsibilities to increase accountability, get real time alerts, obtain automated reports and much more. So, as you tackle the compliance challenges2021 has in store, commit to a smarter way of running your organization!