Professional services struggle keeping up with risk & compliance

05 June 2019 5 min. read

The professional services industry is often tasked with keeping their clients in step with new global regulatory rules and compliance measures. However, according to a new study, ‘Insight to Action – The Future of the Professional Services Industry’, many firms are struggling to keep up with the rate of change themselves.

The results from the research, conducted by software company Deltek, show that companies across the professional service industry are struggling to remain compliant. As the regulatory landscape becomes more complex, firms have admitted that they feel unprepared for changes in compliance requirements and the risks that come from not keeping pace.

The professional services industry spans a range of professions. While it covers such a wide expanse of organisational formats, however, it seems the one constant in the sector is that its leaders are struggling to keep up with regulatory change.

Regulatory demands include quality controls on projects, segregation of activities (for instance between consulting and accounting work), data protection and cybersecurity measures. In the survey, 79% of chief finance officers in the industry said they do not think their business is prepared for this heightened level of regulatory risk. Deltek found this view was shared by 91% of chief executives surveyed.

The top five risks businesses feel unprepared for

Data concerns

Professional services firm handle an enormous volume of confidential client information, including strategic, sales and marketing, and personal information. The delicate nature of this cannot be overstated, as high-value data can cause havoc if it falls into the wrong hands, making professional services companies the obvious targets of hackers. As a result, data breaches pose a huge potential threat to consultancies.

In recent years, a number of high-profile consulting providers struggled with data losses and hacks, of which some have sparked an investigation by regulators, as well as a state probe by the Attorney General of New York.

With the introduction of General Data Protection Regulation (GDPR) in Europe, which came into force last year, professional services firms now risk huge penalties if they fail to protect their data. Under GDPR, the EU will increase fines for data breaches to up to €20 million, or 4% of annual global turnover, depending on which is higher. On top of this heavy blow to a firm’s bottom line, GDPR mandates that companies must publicise a breach within 72 hours and scrupulously maintain internal records of their processing activities.

While such regulations may reduce the chances of a breach, they increase the difficulty of remaining compliant. GDPR’s fines come amid a more punitive climate, as the conduct of professional services firms in general is under greater scrutiny. Those who operate outside the law, knowingly or otherwise, risk big fines and reputational damage, as evidenced in cases where professional services firms that didn’t keep pace with changes were hit by business-altering 7 figure fines.

The top long-term improvement priorities

Top risks

When asked about the top risks they feel unprepared for, executives ranked regulatory risk more highly than disruptive technologies (inciting competition) and talent shortages. One major reason for this is globalisation. When operating across borders, organisations are faced with a perfect storm of different regulations, including rules to prevent market abuse, protect data, and to moderate accounting practices.

This can mean that a typical enterprise-sized professional services firm that operates globally, and therefore has to account for various accounting practices, could have between 10 and 15 variations of revenue recognition to manage. This is a huge undertaking, raising the risk of unintended errors, as some of the bigger firms may have hundreds of subsidiary companies around the world employing hundreds of thousands of staff. Amid this, 33% of chief executives told Deltek that compliance remains a top improvement priority for their firms.

Fergus Gilmore, Vice President Sales and Managing Director UK and Central Europe at Deltek, commented, “For professional services companies, many of which offer their clients expert regulatory advice, the challenge of staying on top of new legislation while applying it to their own internal operations is clearly crucial. Yet, as the results of the survey show, many are struggling to keep up with the deluge of new rules being introduced across the globe.”

Concluding the report, Deltek listed five ways in which professional services firms can prepare for changes in the regulatory landscape. Avenues include devising a detailed compliance strategy and establishing a crisis plan for data breaches to purchasing cyber security insurance, implementing the right technology and systems, and creating a culture of compliance throughout the organisation.

For more details, download the Insight to Action – The Future of the Professional Services Industry’ report on Deltek's website.