You are here
How global data protection laws are putting CFOs to the test
This article is an excerpt of the “CFO & Financial Leadership Insights” report, which addresses some of the biggest challenges facing CFOs from SMEs to multinationals – and the four approaches needed to overcome them.
The list of regulations increases in size and complexity each year. CFOs are facing this challenge using their expertise, that of external consultants, and finally, considering the challenge from a talent acquisition perspective. Are these regulations a mere hurdle to be surmounted or a real opportunity to streamline operations?
Our interviews with CFOs from SMEs to multinationals have revealed four key ways of approaching regulatory changes and compliance. To understand how each interviewee approaches this challenge differently, we first highlight how CFOs have four distinct approaches or ‘roles’ when solving these issues and the added value these have to the CFO's decision-making process.
The number of new regulations for businesses is increasing at lightning speed. U.S.-based insurance firm Thomas Risk Management Solutions once calculated that a new regulatory alert occurs every 12 minutes, guaranteeing that compliance is squarely on the CFO’s agenda for the foreseeable future.
The European General Data Protection Regulation (GDPR), which came into force this year, is the latest example of the regulatory hurricane that is striking businesses across the world. It is set to have an enormous impact on the EU, with data protection violations amassing fines of 4% of group sales or EUR 20 million, whichever is higher.
More complex and harder to understand
The CFOs interviewed for this study unanimously considered the new data protection regulation to be a huge challenge, especially as other regions are developing similar laws. “It is a massive hurdle that everybody is struggling with at the moment,” says Kelvin Stagg, Global CFO of PageGroup. “The rest of the world is moving in the same direction; there is already a Chinese version in the making.”
There is little doubt that within companies, the CFO is well positioned to tackle the fact of ever-changing regulations. But as pressure grows, the question is how. As James Gregory, UK CFO of global real estate firm JJL explains: “Whether it’s GDPR, IFRS or US GAAP, the list just gets bigger and more complex each year.”
The Engineer: solutions to mitigate costs
On top of this, the new regulations impact more than the company, particularly as a failure to comply would instantly affect its credibility before shareholders.
This is where the CFO as Engineer comes into its own: this particular approach sees the CFO taking the initiative to design the right approach to tackling compliance, constructing a solution that calls for the support of range of disciplines: finance, accounting, treasury, administration, budgeting and planning.
“Compliance and the changing regulations mean that we need to have people who know more about practical details, who contribute to the work required to achieve compliance, and who can review and assess progress in a competent manner,” says Phil Dennis, CFO of Bizspace. “Our processes in the past were fairly compliant, but the documentation needed greater attention. Now we delegate tasks to the people in the business who are closer to the action, while keeping an overall view.”
The Scientist: familiarity with security issues
To ensure IT systems are compliant, the CFO must be familiar with security issues and ideally within the framework of multiple legal systems, either by working closely with the COO/CIO or having the Tech Department report directly into the CFO. Not only should the company’s systems undergo regular health checks but so should those of the customers and suppliers. This is a heavy-duty undertaking best suited to the tech-savvy approach of the Scientist.
The Coach: creating internal awareness
It would be short-sighted, however, to approach compliance exclusively from a technical point of view, argues Phil Dennis: “In the last few months, we´ve been working on GDPR, the more rigorous money laundering regulations, the corporate criminal offence regulations and, obviously changes to IFRS. For each of those we have had to adopt a different approach. For example: GDPR is not purely about IT, but it’s also about creating business-wide awareness, training and familiarisation.”
By being an advocate for change, the CFO as Coach can utilise his or her visibility within the company to spread that advocacy among employees. Indeed, JJL CFO James Gregory sees training as a key priority: “The challenge with the control team is, in the increasing world of compliance regulation, how do they keep up with it? How can they use technology better, and how can they be better trained on people skills? As laws become more complex, our people need to get better at explaining complex things in simple ways.”
The Pilot: turning regulations into competitive advantage
Although many CFOs view regulations only as an expense for the company, proper planning and precise execution can become a competitive secret weapon. When faced with an administrative vortex, keeping an eye on the bigger picture as Pilot allows a company to turn compliance into a competitive advantage.
A CFO of a logistics company explains: “Having been owned by an opportunistic fund, governance and compliance have been crucial to us for some time. As a result, we have formed a really good general counsel who is already on top of those aspects and competently educating the rest of our business about them. Now we are far more conscious about how we manage and report personal data.”