How global data protection laws are putting CFOs to the test

The list of regulations increases in size and complexity each year. CFOs are facing this challenge using their expertise, that of external consultants, and finally, considering the challenge from a talent acquisition perspective. Are these regulations a mere hurdle to be surmounted or a real opportunity to streamline operations?

Our interviews with CFOs from SMEs to multinationals have revealed four key ways of approaching regulatory changes and compliance. Click below on the Pilot, Scientist, Coach and Engineer to reveal an insight from one of our interviewees on different approaches to this challenge.

The Engineer

“We delegate tasks to the people who are closer to the action, while keeping an overall view.”Phil Dennis, CFO, BizSpace.

The Scientist

“One of the things we do as part of our supplier check is to make sure their cybersecurity and data security systems are adequate.”Andrea Wesson, CFO, Eversholt Rail.

The Pilot

“We have formed a general counsel for governance and compliance that is educating the business about them.”Shane Kelly, CFO, Gazeley.

The Coach

“As laws become more complex, our people need to get better at explaining complex things in simple ways.”James Gregory, UK CFO, JLLThe Scientist.

The number of new regulations for businesses is increasing at lightning speed.  U.S.-based insurance firm Thomas Risk Management Solutions once calculated that a new regulatory alert occurs every 12 minutes, guaranteeing that compliance is squarely on the CFO’s agenda for the foreseeable future.

The European General Data Protection Regulation (GDPR), which will enter into force this year, is the latest example of the regulatory hurricane that is striking businesses across the world. It is set to have an enormous impact on the EU, with data protection violations amassing fines of 4% of group sales or EUR 20 million, whichever is higher.

More complex and harder to understand

The CFOs interviewed for this study unanimously considered the new data protection regulation to be a huge challenge, especially as other regions are developing similar laws. “It is a massive hurdle that everybody is struggling with at the moment,” says Kelvin Stagg, Global CFO of PageGroup. “The rest of the world is moving in the same direction; there is already a Chinese version in the making.”

There is little doubt that within companies, the CFO is well positioned to tackle the fact of ever-changing regulations. But as pressure grows, the question is how. As James Gregory, UK CFO of global real estate firm JJL explains: “Whether it’s GDPR, IFRS or US GAAP, the list just gets bigger and more complex each year.”

The Engineer: solutions to mitigate costs

On top of this, the new regulations impact more than the company, particularly as a failure to comply would instantly affect its credibility before shareholders.  

This is where the CFO as Engineer comes into its own: this particular approach sees the CFO taking the initiative to design the right approach to tackling compliance, constructing a solution that calls for the support of range of disciplines: finance, accounting, treasury, administration, budgeting and planning.

“Compliance and the changing regulations mean that we need to have people who know more about practical details, who contribute to the work required to achieve compliance, and who can review and assess progress in a competent manner,” says Phil Dennis, CFO of Bizspace. “Our processes in the past were fairly compliant, but the documentation needed greater attention. Now we delegate tasks to the people in the business who are closer to the action, while keeping an overall view.”

The Scientist: familiarity with security issues

To ensure IT systems are compliant, the CFO must be familiar with security issues and ideally within the framework of multiple legal systems, either by working closely with the COO/CIO or having the Tech Department report directly into the CFO. Not only should the company’s systems undergo regular health checks but so should those of the customers and suppliers. This is a heavy-duty undertaking best suited to the tech-savvy approach of the Scientist.

The Coach: creating internal awareness

It would be short-sighted, however, to approach compliance exclusively from a technical point of view, argues Phil Dennis: “In the last few months, we´ve been working on GDPR, the more rigorous money laundering regulations, the corporate criminal offence regulations and, obviously changes to IFRS.  For each of those we have had to adopt a different approach. For example: GDPR is not purely about IT, but it’s also about creating business-wide awareness, training and familiarisation.”

By being an advocate for change, the CFO as Coach can utilise his or her visibility within the company to spread that advocacy among employees. Indeed, JJL CFO James Gregory sees training as a key priority: “The challenge with the control team is, in the increasing world of compliance regulation, how do they keep up with it? How can they use technology better, and how can they be better trained on people skills? As laws become more complex, our people need to get better at explaining complex things in simple ways.”

The Pilot: turning regulations into competitive advantage

Although many CFOs view regulations only as an expense for the company, proper planning and precise execution can become a competitive secret weapon. When faced with an administrative vortex, keeping an eye on the bigger picture as Pilot allows a company to turn compliance into a competitive advantage.

Shane Kelly, CFO of real estate investor Gazeley explains: “Having been owned by an opportunistic fund, governance and compliance have been crucial to us for some time. As a result, we have formed a really good general counsel who is already on top of those aspects and competently educating the rest of our business about them. Now we are far more conscious about how we manage and report personal data.”

Key takeaways

  • The General Data Protection Regulation (GDPR) will be one of the biggest compliance challenges this year, with similar initiatives being rolled out worldwide
  • As laws get more complex and harder to understand, CFOs need to appoint experts who are able to explain them to key stakeholders in an accessible way
  • To make sure that IT systems are compliant, CFOs need to be tech-savvy
  • Compliance is also about business-wide awareness and training and familiarisation
  • With proper planning and precise execution, compliance can become a competitive advantage