Manufacturing & Utilities: Cyber Security & ESG Cause Concern in 2024

New research from Dun & Bradstreet finds that cyber security concerns and regulatory change (especially around ESG and Sanctions) are the biggest compliance issues facing the manufacturing and utilities industries.

We recently surveyed compliance professionals across Europe to understand what they perceived to be their biggest compliance risks, how different regulations are impacting them, how demand on compliance teams is increasing, and in which ways they plan to manage this increased pressure. 

In this article we dive into the results from the manufacturing and utilities sectors, comparing them to the average scores for the overall cross-sector group made up of both regulated and non-regulated industries.

We discovered that 68% of compliance decision makers in the manufacturing and utilities sector feel that regulatory demand on their teams has significantly increased in the last 12 months, which is on par with the overall group. When asked by how much that demand had increased, the group responded with a staggering 28%.  

68% of compliance decision makers in the manufacturing and utilities sector feel that regulatory demand on their teams has significantly increased in the last 12 months.
 

While these figures are lower than more highly regulated sectors such as financial services, they highlight the impact recent geopolitical events and regulatory changes are having across all industries. 

 

We asked which regulations were contributing most significantly in terms of added effort and teams responded as follows:

Share of interviewed professionals answering that a specific area of regulation contributed significantly to the increase in effort
Regulation

Average Across All Sectors 

Manufacturing & Utilities Sectors

Anti-Money Laundering & Bank Secrecy (e.g. EU AML Directives, FinCEN Final Rule)

55.59%

53.33%  

Sanctions and Export Controls (e.g. OFAC 50% Rule, UN, EU, and UK Sanctions)

57.02% 

61.82% 

Data Governance & Financial Regulations (e.g. FATCA/CRS, Solvency II, Basel III) 

57.98%

60.61% 

Anti-Corruption Laws & Regulations (e.g. FCPA, UKBA, CFPOA, OECD / UN Conventions)

56.72% 

60.61% 

Environmental, Social, Governance Regulations (e.g. German Supply Chain Act, EU Corporate Sustainability Due Diligence Directive, UK Modern Slavery Act, ROHS Directive, WEEE Directive, EU CSR Directive )

55.83% 

67.27%  

Supplier Management (e.g. FAR Regulations, GDPR, CCPA/CPRA) 

61%

56.97%

 

Whilst the manufacturing and utilities sectors largely followed the trend of the overall sectors in each category, what stands out as putting additional strain on these sectors specifically are ESG regulations.

67% of compliance teams in the manufacturing and utilities sector say ESG regulations are contributing to increased time spend on compliance activities.
 

From an ESG perspective, C. 67% of compliance teams in the manufacturing and utilities sector say ESG regulations are contributing to increased time spent on compliance activities. We have seen several ESG regulations and requirements to establish structures and processes introduced across the European region in the last 12 to 24 months. These include the EU Taxonomy, the German Supply Chain Act (LkSG), Corporate Sustainability Due Diligence Directive (CSDDD) and Corporate Sustainability Reporting Directive (CSRD). Considering different scopes of emissions and their large supplier base, manufacturing and utilities companies are having to go the extra mile vs their colleagues in other sectors to keep up with this expanding regulation.

 

43% of manufacturing and utilities firms see cyber risk as one of the biggest compliance threats to their business in the next 12 months.
 

Concerns around Cyber Risk

Besides the impact of regulations, we heard that cyber risk is a key compliance concern for manufacturing and utilities companies. With 43% of firms agreeing, it topped the list of their biggest compliance risks in the next 12 months. This was 5% higher than the average of the overall cross-sector group.

 

Despite the issues we have already detailed around ESG and sanctions, 30% agreed that staying up to date with regulatory changes was one of their biggest compliance risks, followed by meeting data privacy requirements (27%). 

Missing out on business

To assess the risks above most efficiently, manufacturing and utilities companies will need significant amounts of timely and accurate data to identify, verify and monitor their suppliers and customers.

59% of manufacturing and utilities companies have had to reject potential customers and therefore lose business due to a lack of risk visibility.
 

However, 59% say they have had to reject potential customers due to a lack of risk visibility. This is down to an overload of false positive matches meaning risk can’t be assessed within time constraints (59%) and Ultimate Beneficial Ownership (UBO) data becoming harder to access (61%) due to the EU Court of Justice Ruling on UBO registers. It is hoped that upcoming compliance regulations such as the 6th EU Anti-Money Laundering Directive (AMLD6) will reverse this in some way with a specific article on data sharing provisions, but the impact of that is to be seen.

 

Investments focus on automation and AI

To combat these concerns, 64% of manufacturing and utilities companies would like to invest more in compliance processes in the next 12 months, and 59% plan to increase compliance team headcount. Yet, for 62% this will have to be done with flat budgets.

One way to reduce cost and effort is to automate workloads and move away from periodic reviews to always-on compliance and perpetual KYC models. In the manufacturing and utilities sector, 66% agree that their team is prepared for perpetual KYC. This is in line with the cross-sector result of 64%.  

58% of companies feel they don’t have the appropriate solutions in place yet to fully switch to perpetual KYC.

In recent analysis we conducted using traditional KYC methods vs perpetual KYC, the latter led to a 90% reduction in time spent on KYC, and 85% reduction in cost.
 

 

 

In the interim, manufacturing and utilities firms are starting to make the move to automation software such as monitoring, notifications and intelligent screening processes to conduct due diligence checks (70%), allowing them to spend more time on complex, ambiguous cases.

When it comes to innovation, 62% of firms are starting to invest in AI solutions to streamline compliance processes and enhance risk assessment. In the long term, 65% feel AI will help to enhance compliance efforts, creating a more robust and adaptive compliance function. However, there is still hesitancy from the group with 62% nervous about the ethical and regulatory implications if they do start to use AI.

 

62% of organisations in the manufacturing and utilities sectors are starting to invest in AI solutions to streamline compliance processes.

 

In summary, the manufacturing and utilities sectors are feeling the pressure of increased regulation, particularly around ESG, and external threats such as cyber risk. Despite flat budgets, they are taking steps to combat this through new technologies like automation and AI, and new processes such as perpetual KYC.

To find out more about our research into reducing compliance cost and workload through automation and perpetual KYC, check out our guide below:

Perpetual KYC Guide: Automating Third-Party Compliance

Survey Methodology

Censuswide, the survey consultants, conducted an online survey during April 2024 on behalf of Dun & Bradstreet surveying 1,354 of compliance decision makers across 9 countries. Countries included were: UK, Sweden, Norway, Denmark, Finland, Austria, Germany, Switzerland, and Poland. This article focuses on the 165 decision makers across the manufacturing and utilities sectors

 

D&B Risk Analytics suite supports organisations moving to perpetual KYC models and provides visibility into traditional and emerging compliance risks across your portfolio in a single platform. In addition to standard compliance measures, incorporate financial strength, country risk and industry risk, ESG performance, cyber risk exposure and more into due diligence processes to understand where to deep dive. 

Find out more about Risk Analytics Compliance Intelligence and request your free trial