Boosting Risk and Compliance: Key Insights from NAVEX’s 2024 Report

NAVEX’s 2024 State of Risk and Compliance Report offers a detailed analysis of current trends and challenges in risk and compliance (R&C) programs based on responses from over 1,000 global professionals. The report shows that half of the respondents place their R&C programs in the top two maturity tiers (Managing or Optimizing), indicating a level of stability and confidence. Despite this, several critical elements are lacking in many organizations. For instance, 39% of organizations do not have a hotline or whistleblower channel, and 45% lack a non-retaliation policy.

The report underscores the significant impact of leadership commitment on program maturity and outcomes. Organizations with strong senior executive support for compliance tend to have more mature programs. Positive leadership behaviors, such as encouraging ethics and modeling proper conduct, are more prevalent in higher-maturity organizations. Conversely, negative behaviors, such as tolerating compliance risks for business gains, are more common in less mature programs and correlate with increased compliance issues.

The role of technology is another focus area. While 75% of respondents indicate that their compliance functions are engaged in AI risk management, technology sharing across functional areas is inconsistent. This disparity can lead to siloed data and missed opportunities for comprehensive risk management. Only 69% of organizations are effective at ongoing third-party monitoring, a critical aspect of modern R&C programs.

The report also explores how compliance is integrated into various business processes. Although a majority of organizations engage compliance in areas such as data breaches and reputational harm, only 67% involve compliance in mergers and acquisitions, an area identified by the U.S. Department of Justice as crucial for effective compliance programs.

Overall, the 2024 report provides valuable benchmarks and insights for R&C professionals. It highlights the need for robust leadership engagement, comprehensive technology integration, and effective third-party risk management to advance program maturity and effectiveness. Organizations can use these findings to assess their programs, identify gaps, and implement strategies for improvement.