Customer relations has sometimes become shaky recently with the amount of cybersecurity hacks and fraudulent activity that has been happening. Because of these incidents, consumers have lost faith and it becomes a job of the board of directors to improve their corporate governance and compliance policies to try to regain the faith in their organization and subsidiaries. These companies are asking us to trust in their own definitions of ethics. And by using phrases like “rededicating ourselves to our customers” and “remembering why we’re here,” they are signaling that there’s been a lapse, both in their companies’ adherence to laws and in the vision that guides the companies’ leadership. The distinction between these two — following the rules and creating an overall ethos for the company — is the difference between corporate compliance and corporate governance.
In many contexts, corporate governance and corporate compliance are inextricably linked. Insofar as both efforts constitute a response to risk management, this link makes sense. Businesses wish to integrate and align their governance and compliance initiatives wherever possible to eliminate duplication, conflicts, wastefulness and gaps.
But to understand the intricate relationship between governance and compliance, it’s useful to pull them apart for a second and unpack the motivations and intentions that underpin these initiatives. Let’s start with some definitions.
- Governance is the overall management approach board members and senior executives use to control and direct an organization.
- Governance integrates information gleaned from reporting with management control structures.
- Governance ensures that important information is communicated to appropriate organizational levels in a complete, accurate and timely fashion.
- Governance instills control mechanisms to make sure strategies, directives and instructions from management are carried out systematically and effectively.
- Governance attempts to balance the interests of a company’s many stakeholders, such as shareholders, management, customers, suppliers, financiers, government and the community at large. Corporate governance is intended to increase accountability and to facilitate prudent management.
- Compliance is the process through which companies demonstrate that they have conformed to specific requirements in laws, regulations, contracts, strategies and policies.
- Compliance assessments determine the present state of compliance and measure the projected cost of implementing compliance against the potential cost of non-compliance.
- Compliance initiatives prioritize, fund and implement any corrective actions deemed necessary.
Some Important Differences
Both governance and compliance involve rules of conduct and controls on behavior. In issues of compliance, those rules originate from external sources. These may be legislation, contracts, industry standards or other policies that obligate the company’s response. Compliance policies are not optional; these requirements must be met in order to stay within the bounds of the law. Enforcement consequences for noncompliance might include penalties, fines, legal action, loss of contracts, and revocation of licenses or permits.
In contrast, corporate governance originates internally. These are the rules agreed upon by the board of directors and other C-suite executives that are intended to manage and mitigate risk and set the ethical tone for the business at large. Thus, these rules reflect the overall vision of the company. The consequences for breaching government mandates are left up to each individual company, but may include such measures as removal from the board, demotions or termination.
2) The Letter of the Law vs. the Spirit of the Law
Many organizations understandably view compliance mandates as onerous, time-consuming and, in some cases, costly chores. Thus, there is the tendency to think of them as a series of boxes; if you can check all of the boxes, then you can demonstrate that you comply with the letter of the law. Unfortunately, this is often the kind of thinking that leads to loopholes and exemptions.
By comparison, governance initiatives are more about the spirit of the law. While not as heavily concerned with the particulars of any one piece of legislation, corporate governance lays the groundwork for how a company approaches matters such as fair business practices, shareholder activism and ethical standards.
3) Tactical vs. Strategic
Because compliance initiatives are focused on the more limited goal of meeting the obligations of particular sets of regulations, the approach toward dealing with them tends to be more tactical in nature. What changes need to be made in order to work within the purview of this law? What kind of reporting needs to happen so that we can demonstrate the changes we’ve made?
Governance concerns tend to be more interested in the long view. How can the company as a whole position itself in relation to ethics and risk? How does the company’s overall business strategy reflect its attitude and reputation? Such considerations factor into decisions such as which vendors or service providers a company chooses to use, which markets they want to enter and how the company wants to align itself with the community.
How the Board of Directors and Legal Teams Can Put the Pieces Back Together
For the sake of discussion, we’ve examined compliance and governance in isolation, as if the two were separate. But in reality, the risks they are designed to protect against are often interdependent, and the controls that modulate a company’s behavior are often shared. Siloing these two efforts can lead to inefficiencies and duplication of effort. Instead, it is better to conceive of them as a piece. Governance sets the tone for the entire company’s attitude to risk, ethics and business practices. Compliance embodies that attitude in relation to specific laws and regulations.
If you’re interested in learning more about how entity management can help enhance your governance and compliance initiatives, please contact a Blueprint representative.