Dennis van der Meer is the Director Forensic at Grant Thornton Netherlands (GT). He is responsible for leading KYC services for the Forensic practice within GT. His scope includes all non-financial investigations, ranging from in-depth integrity investigations to forensic analyses. He is also the lead for all 3rdRisk assignments. According to Dennis, companies should no longer wait to get their compliance management in order, as regulatory pressure is set to exponentially increase in the coming years.

What services do you provide?

“Our service offering is very broad. We assist some clients end-to-end with compliance challenges. This includes, for example, setting up governance and structures to providing operational support in the execution of screening and due diligence research of customers and suppliers. For other clients, we improve aspects of compliance. For instance, creating and implementing a whistleblower program, which is becoming increasingly important due to legislation. The German Supply Chain Act (LkSG), for example, stipulates that (Dutch) organisations doing business with German companies must have a whistleblower scheme, not only for themselves but also for employees of suppliers. With the advent of the CSRD and the CSDDD, such requirements will apply throughout the European Union. Additionally, you see, for example, banks increasingly passing on their KYC obligations to their suppliers."

Which sectors do you serve?

"We serve essentially all sectors, but we are particularly dominant within companies not obliged by the WWFT (Dutch Money Laundering and Terrorist Financing Prevention Act). They face various demands imposed by banks. We currently see a shift where banks are passing their KYC obligations onto their suppliers. This means that as a supplier of a bank, you must demonstrate that your customers and own suppliers comply with all legal requirements and regulations. For many of our clients, this is a real challenge, as they are not equipped for this and thus need to grow in maturity. The consequences can be significant. After all, you don't want the bank to terminate the relationship with you, or to receive a fine from one of the regulators.

I personally am very active in the agricultural sector. We define this sector quite broadly. It includes greenhouse builders and seed breeders to flower growers and manufacturers of agricultural hardware. These companies face many challenges in the field of compliance. On one hand, because they do business with companies from various challenging jurisdictions, such as the Middle East, Africa, or Central Europe. On the other hand, these are often organisations that do not have a full-fledged compliance function. This means that someone – often the legal counsel - handles it additionally. Certainly, with the complex, constantly changing compliance landscape, the combination of strategic and operational work, and the pressure from the business, this is a challenging task for one person with limited time."

What trends do you observe in the field of compliance?

"From my practice, I see various interacting trends:

First, increased pressure on data privacy and security: With the advent of the GDPR, NIS-2, and DORA, there is an increased focus on the protection of personal data. Companies are more focused on strengthening their data governance and cybersecurity measures.

Second, technology-driven compliance: Automation and the use of advanced technologies such as artificial intelligence (AI) and machine learning are becoming increasingly important in compliance management. These technologies enable organisations to be more efficient and effective in monitoring and enforcing compliance.

Third, the integration of Environmental, Social, and Governance (ESG) standards: There is increasing pressure on companies to improve their ESG performance. This means that compliance is not only focused on legal and regulatory requirements but also on sustainability, social responsibility, and corporate governance. Traditionally we screen mainly for PEPs, UBOs, and negative news. Increasingly, ESG aspects are also being included. We work very closely on these topics with our colleagues from Impact House (Grant Thornton Netherlands ESG Advisory Practice).

Fourth, the pace of new legislation and sanctions: Due to the increase and dynamics of regulations at both European and national levels, companies must continuously update and improve their compliance programs to avoid fines and sanctions.

Fifth, we see from companies more focus on ethics and culture: There is a growing recognition that a strong compliance culture, which promotes ethical behaviour, is essential for effective compliance management.

Sixth, we see a changing role of Compliance Officers: The role of the Compliance Officer is becoming increasingly important and strategic within organisations. They play a crucial role in managing risks and ensuring compliance with laws and regulations.

Finally, more and more companies are facing cross-border compliance challenges. With globalization, European companies must comply not only with local and regional legislation but also with the regulations of other countries where they are active."

How do large and small organisations differ?

"Even companies with a few hundred million in turnover often do not have a well-developed compliance function. This is logical. These companies have often grown quickly, leaving little time to reflect on the compliance organization. At the same time, more and more themes are landing on the plate of compliance. Take the CSRD or NIS-2. Within larger organisations, there is often a lot of experience with compliance and there are multiple professionals who deal with this on a daily basis. But even there, we help to optimise processes."

What if organisations do limited compliance work?

"The first question is whether they should do something. So, I would always advise conducting a gap assessment that provides insight into any gaps. It is also important to distinguish between must and want. Some organisations want to do more on compliance than they must from regulations, but believe it benefits their business operations. I fully support this."

Does ESG belong to the compliance department?

"That's a tough question. I'm not saying it belongs, but I think it could fit. Especially the CSRD, for example, because it really concerns a reporting obligation. At the same time, you also see that much new legislation like NIS-2, CSDDD, and DORA contains many operational risk management activities, such as sending out and assessing questionnaires. With the CSDDD, you really need to have a view of the entire value chain. Is that compliance? In my opinion, this goes much further."

What role does technology play within compliance?

"Technology plays a very important role, in my opinion. In general, data and technology are crucial for the success of today's enterprise. By smartly linking data, a company can make processes so much smarter, more efficient, and better. This also applies to compliance. Unfortunately, many organisations make insufficient use of technology. Or they use traditional compliance systems that integrate poorly and make little use of existing data. That makes 3rdRisk totally different and unique. 3rdRisk is really a platform that integrates seamlessly, combines different data sources and provides new insights."

Unfortunately, many organisations make insufficient use of technology. Or they use traditional compliance systems that integrate poorly and make little use of existing data. That makes 3rdRisk totally different and unique. 3rdRisk is really a platform that integrates seamlessly, combines different data sources and provides new insights." Dennis van der Meer

How can technology help smaller businesses?

"I see a lot of opportunities to help smaller to medium-sized businesses with their compliance challenges using technology. For example, within the agricultural sector. Multiple agricultural companies could collaborate within a community. This community can then efficiently purchase compliance services. For example, from Grant Thornton, where we can perform compliance work for the community using the 3rdRisk platform. If we then screen a particular customer, the entire community can make use of it. This makes high-quality technology in combination with our expertise accessible to medium and smaller enterprises. This is especially important now, as this sector also faces new legislation and higher customer demands. Now is the moment to start working on compliance within the chain."