What makes some organisations great at compliance?
May 2017 | SPECIAL REPORT: OPERATING AN EFFECTIVE BOARD
Financier Worldwide Magazine
For those who want to do right, and focus on compliant conduct for employees and business partners, this can mean more profits, less headaches and better business results. This article discusses the benefits of having robust compliance programmes, and the potential consequences of organisations’ failure to appreciate the importance of good internal controls and commitment to compliance.
Budgeting for compliance, focusing on compliance, and having the right tone, all must matter to organisations intent upon avoiding regulatory actions, and bad headlines. An organisation cannot sincerely believe that compliance is important, when the dollars and actions do not follow the words.
Compliance cannot be a second or third thought. To understand whether an organisation has a strong compliance programme, consider the answers to these questions: Is the compliance department independently and sufficiently funded, or is it dependent upon ‘the kindness of strangers’, meaning others in the business? Is there an experienced compliance professional on the board of the organisation? Does the compliance department have direct reporting access to the board, which is a best practice, or is the business telling compliance to report through the general counsel? Are the compliance professionals well-paid and well-regarded?
If the answers to those questions are yes, then it is likely that the organisation is protected by the compliance department, if not, then the organisation likely has no strong commitment to compliance.
The headline grabbing compliance failures of large business organisations like VW, Wells Fargo and others show both how some organisations’ strong internal controls and dedication to compliance protects organisations against regulatory enforcement actions, penalties, fines and fraud, while other organisations’ lack of commitment to compliance creates risk and causes lost profits.
VW’s insular organisation simply could not accept compliance as a partner in the organisation, even after it was caught cheating on emissions standards. Wells Fargo’s sales culture was like many organisations today, setting virtually unachievable goals that create an environment where cheating is not only acceptable, but necessary for an employee to keep his or her job. Where was compliance?
For both VW and Wells Fargo, it appears that compliance was not important to either organisation. In fact, at Wells Fargo, hotline calls were used as a mechanism not to identify internal problems, but to identify malcontents who could be fired. Without a seat on the board, a place in meetings with senior executives, or sufficient funding, compliance falls into the category of a second-class citizen, ignored sometimes, underfunded and unimportant.
There are basic things organisations can and should do when considering how to establish and improve upon compliance. Regardless of the industry, country or otherwise, it all comes down to whether the organisation is truly committed to compliance success.
Pick up any book or article about compliance and there is always some reference to ‘tone from the top’. This term may be overused, but in fact, this term is amazingly predictive when assessing the likelihood of an organisational compliance failure. When CEOs, board members, CFOs and others make a big deal about compliance, including funding and supporting the compliance department, then those under their direction follow closely in most instances. Simply put, if compliance matters, like sales goals and profits matter, then employees recognise and act upon their obligations to report misconduct, adhere to codes of conduct, and avoid acting outside the law. This message filters from the highest points of the organisation down to those working hard in the fields.
Consider the tone from the top that was present during the recent VW scandal or the Wells Fargo disaster. In both instances the organisations were doomed to fail because those at the top were not vigilant about or committed to compliance. Dedicated, appropriate funding for compliance is critical to assure success. Among other things, that means dedication of a meaningful annual budget for compliance that includes money for due diligence, training, third-party management and investigations.
A common but flawed practice occurs when the compliance chief must seek monies from business units to perform due diligence or conduct investigations. In those instances, the business units, subject to wholly different objective standards of success, will typically try to undercut the compliance efforts, if only to avoid paying for the cost of the work. An organisation must fund the compliance unit as it does the law department or the audit staff, understanding that compliance activities are a critical means to manage risk.
Third-party risk is a serious problem and one that must be managed aggressively. Under the Foreign Corrupt Practices Act (FCPA), third parties undeniably create the most risk. Sales agents, distributors and others, if not properly vetted and managed, can create substantial monetary and brand risks. But third parties are not only a potential FCPA risk. The requirements of Sarbanes-Oxley mandates accurate recordkeeping. So today, under stricter accounting standards, most frauds are ‘off the books’ schemes, usually a kickback arrangement between corrupt employees and vendors anxious to get business.
Failure to conduct diligence on third parties is vital under the FCPA and one of the most common risks today for businesses engaged in international commerce involves kickback schemes, which are plaguing every industry. Failure to perform diligence on third parties allows corrupt employees and vendors to collude, causing organisations to lose millions in profits. If an organisation has established a thoughtful, risk-based plan to manage third parties, that is a clear sign of a commitment to compliance, and it also offers protection against off-the-books schemes.
In the end, a commitment to compliance is not sexy, does not bring shareholders immediate profits and costs money. A lack of commitment to compliance can create havoc, disrupt business planning and usually takes key people away from their important tasks. Take your pick. Ask VW or Wells Fargo.
Jeffrey Klink is president and chief executive of Klink & Co., Inc. He can be contacted on +1 (412) 201 9123 or by email: firstname.lastname@example.org.
© Financier Worldwide
Klink & Co., Inc.