Skip to content

Compliance Is About Risk and Processes, Not Reporting

Compliance officers woke up last week to news that the Trump Administration suspended plans for enhanced reporting of employee pay data: a rule originally proposed during the Obama Administration to expand form EEO-1.

Companies already use EEO-1 to report data on employees’ race, ethnicity, gender, and job category. The Obama Administration proposed expanding the compliance burden to include pay data, to help the Equal Employment Opportunity Commission identify potential discrimination in salary.

With a few strokes of the bureaucratic pen, the Trump Administration sent that idea to the dustbin. Corporate America loved it: a practical example of deregulation that makes sense, because the compliance costs weren’t worth the benefit.

Enjoy the moment, while I brew a rhetorical cup of coffee for us. Then we can smell the reality, which is still very much a compliance challenge.

The reality is this: corporations will still collect all this data; they have for years. The reporting requirement has gone away; and critics who describe the expanded Form EEO-1 as burdensome nightmare (3,600 points of data per report!) shouldn’t be dismissed.

But the need to possess that data in some form, to meet other risks that large companies have; that very much remains. And ensuring that the company has processes to do that in an orderly fashion— well, that’s what compliance does.

Take the tech giants in Silicon Valley as an example. Apple, Facebook, Google, and others all face heavy scrutiny over pay equity and hiring practices. Even if they battle forced disclosure via regulation or shareholder demands— and some are doing precisely that— they know they need this data, even internally. It’s also quite possible that expanded reporting will return sometime in the future.

To put things another way, show me the world where collecting details about employee pay and demographic data isn’t necessary; a world where the risk of discrimination accusations is falling rather than rising. Even if your business isn’t committing pay discrimination, the potential for accusation exists. You can only rebut that with data. You can only rebut it convincingly with strong, sound processes to collect that data.

That point goes well beyond pay discrimination data. What was a regulatory reporting risk in the past can still endure as a litigation or reputation risk today — and the spectre of that risk is all the more easy to summon in our social media-saturated world.

We can talk all we want about deregulating compliance burdens; that doesn’t mean the risk management challenge goes away. Whether the company needs to meet a reporting requirement, or gather enough evidence to support a motion to dismiss, or hit internal targets, or just keep the howling voices of Twitter at bay: you still need the capability of governing a business processes, so they behave in certain ways, to achieve certain objectives. That’s what a compliance function does. It creates that capability.

So farewell to expanded Form EEO-1 reporting. It won’t be the last regulatory reporting duty the Trump Administration cancels. The need for effective compliance programs will endure, and compliance officers will stay as busy as ever.

Implement a tailored Third-Party Risk Management solution