Compliance to harness tech innovation as pressure grows
October 2014 | SPOTLIGHT | RISK MANAGEMENT
Financier Worldwide Magazine
Hardly a week goes by without yet another, often well-known, organisation coming under the spotlight of industry regulators or law enforcement. From allegations of bribery and corruption, to charges of manipulating markets in their own favour, a heightened focus on compliance is presenting a significant challenge for many senior executives.
To some, the allegation of wrongdoing may come as a surprise. How, with a multitude of policies and procedures well embedded into the organisation, could someone even contemplate any wrongdoing?
It is a question echoing in many boardrooms, with pharmaceutical, financial services, construction and manufacturing just some of the sectors having to face up to such issues. Last year alone, more than $730m was paid as a result of US Foreign Corrupt Practices Act (FCPA) violations and the UK’s Serious Fraud Office appears to be pursuing breaches under the Bribery Act with renewed vigour.
The reality is that preventing compliance breakdowns is more complicated than just adopting a commitment to play by the rules. Such breakdowns are rarely caused by a deliberate corporate strategy of deceit. Most companies that have been prosecuted or fined had legally accurate policies in place, and a management team that at least claimed to want to follow them. Instead, more often than not, what causes compliance programs to break down is the failure to implement and track compliance with a legally adequate policy. At far too many companies, static policies are left to languish on bookshelves and intranets. This approach is in urgent need of reform.
In the face of compliance failures, many executives believe that the solution is creating not just compliance policies, but a ‘culture of compliance’. While an ethical culture and setting a good example are absolutely necessary, there is no doubt that if employees perceive that senior management act unethically, they will follow suit. However, this does not mean that a good example set at the top will alone be enough to ensure ethical behaviour by more junior staff. Instead, an effective compliance framework requires systems and processes that constantly remind and encourage people to do the right thing. A well implemented compliance program defines and reinforces a good culture – a good culture does not create a good program.
Effective compliance policies are well written and easy to understand by their employees, not just the lawyers who wrote them. Where policies are written like statutes or legal documents, no one will read them and no one will understand them.
With easy to understand policy in place, regular online and face-to-face training is crucial. This must be engaging, interesting and relevant – not just a chore for employees. Next, companies must ensure that employees have ready access to information necessary to apply the policies in their daily work. At a basic level this means that employees need to know where the policies are kept, how they can seek approvals, and to whom questions should be directed.
But even this is not enough. Organisations must not only educate and reinforce, employee actions must be tracked. Perhaps surprisingly, most companies do remarkably little tracking of their compliance programs. Smart companies have figured out how to track every aspect of their compliance program. Who is being trained? Who is asking questions? What questions are they asking? What is being approved? From where are the questions emanating? By tracking the various aspects of the program, companies can make data-driven decisions on how best to spend the compliance budget to prevent problems from erupting into investigations, prosecutions and fines.
Compliance is increasingly safeguarded with the assistance of software applications that help simplify the day-to-day operation and implementation of specific policies. Such tools may be available on smartphones, tablets or laptops and make compliance come alive, by promptly providing relevant answers and interactive information.
Take, for example, a scenario where an overseas sales representative or third-party agent wants to invite a business contact to a high-profile sporting event. Rather than consulting the company’s entire global anti-corruption policy, a simple application can provide a clear answer to whether the rules allow him to offer hospitality and, if so, the appropriate level of expenditure. If the policy requires prior approval, the software application can make the process easy, efficient and trackable.
Such solutions commonly work by reducing a complex policy into a decision-tree. The approach allows the software to use the answers to a few simple questions to point the employee towards the relevant portions of the policy. It also forces companies to rethink their compliance policies to ensure that they can be subject to decision tree analysis. This in itself assists the compliance process by ensuring that as little as possible is left to interpretation by employees, who have neither the training nor experience to make the relevant decisions.
This strategy also allows for the creation of a central repository of compliance data that simplifies future analysis in the event of an investigation. It replaces the approach being used by most companies, where approvals are sought and granted by email. Emails are a disorganised way to store information, meaning that any subsequent investigation requires extensive searches of archives to find, in the mass of irrelevant emails, the crucial question and answer that may constitute compliance approvals.
Compliance will never be easy but heightened public focus should be the catalyst for an in-depth review of current policies and practices. Technology is set to play an ever-greater role in this process, as organisations develop strategies to develop properly functioning, data-driven compliance cultures.
Seth Berman is executive managing director and UK head of Stroz Friedberg. He can be contacted on +44 (0)20 7061 2200 or by email: firstname.lastname@example.org.
© Financier Worldwide