Times were that the core aspects of corporate governance that related to the government and regulatory authorities were subsumed under the activities of legal departments or were handled by the board or its subcommittees in an individualized or ad-hoc manner.

However, the scandals at Enron and WorldCom around the turn of the millennium, the Madoff crisis over a decade later, and the ensuing tightening up of regulatory authority through laws such as Dodd-Frank and Sarbanes-Oxley pushed corporate governance in the direction of a new and autonomous realm: compliance. These days, major new regulations like the General Data Protection Regulation (GDPR) in the European Union are making it more incumbent upon firms within and outside Europe to put in place a sound compliance strategy.

This post provides a quick introduction to the basics of compliance, its importance in contemporary enterprise, its relationship to the broader tasks of entity management and the possible structures enforcing compliance can take.

What is “compliance” in corporate culture, and why is it important?

“Compliance” covers the practices that allow an organization to measure itself by the standards of the law under regulatory regimes where it operates and to deter violations. Although it is in the last instance an imposition by the state and regulators that deters malfeasance through sanctions and penalties, the function of a compliance officer, department or practices is more than simply making sure their organization stays clear of legal hurdles.

Compliance best practices involve a proactive approach that, at a basic level, involves fostering the mentality and culture that keep a company clear of not only applicable laws, rules and regulations, but also its own internal codes of conduct, procedures, policies and ethical standards.

While the idea of complying with the law is, of course, not new to business, compliance as a realm autonomous from the general counsel/legal department — and even from leadership — is a relatively new development in corporate culture. Compliance departments will usually develop authority that goes beyond that of a general counsel, and in some cases, beyond the Board and investors themselves, to interface directly with government.

Put one way, while the role of a legal department is to tell leadership and senior management what it can do, a compliance department exists to tell them what they should do. Both perspectives need to exist and to be in balance with each other. The most basic functions of such a department include:

  • Identifying the risks (legal and otherwise) that an organization faces in the course of affairs.
  • Designing strategies and controls that protect the organization from those risks.
  • Monitoring and reporting on the effectiveness of controls to leadership and regulators.
  • Resolving difficulties in the processes of compliance as they occur.
  • Advising the organization on rules, controls and standards overall.

What is the relationship between compliance enforcement and entity management?

The larger and more complex the operations of the firm — for example, as it grows and establishes subsidiaries across different regulatory jurisdictions — the greater the compliance risks and the more necessary it is to have established processes and internal specialization for enforcing compliance. Legislative instability is an unavoidable feature of the current business landscape — we hardly need any more reminders of this since Brexit, which is forcing many multinational organizations operating by EU standards to establish new British entities, or the new US tax code, which moves US policy in a more nationalistic direction by cracking down on activities perceived as profit-shifting.

This makes it more important than ever before not only that compliance standards are established proper to each jurisdiction a multinational organization operates within, but that these standards are internationally integrated to absorb the shocks that rapid shifts in economic policy in one country can produce in others.

What structures should an entity put in place for compliance?

Compliance authority separate from legal is increasingly seen as essential in corporate culture, but the form this takes is dependent on the size and needs of each entity. The need for independent compliance has always been evident, with many major corporation’s subsidiary putting forth less than honest business practices and in some cases being subject to bribery. In many of these scandals, international counsel is sometimes implicated because sometimes it is revealed that legal helped to silence an internal investigation by referring it to the same local counsel that had approved the payoffs in the first place. In light of recent political turbulence, international organizations should consider the level at which they are capable of sustaining considerable economic penalties and the ensuing loss of institutional credibility.

Recent scandals underline why having established compliance practices that aren’t dependent on legal departments is increasingly seen as necessary for contemporary enterprise. That said, the type of structures that can enforce compliance will always need to be tailored to the needs of different sizes and types of entities, as well as the regulatory landscape within which they operate. What’s certain is that the practice of compliance is something deadly serious enough that the leadership of a firm needs to set the tone for it — from the Board and the C-suite on down. In recent cases, it has been shown that if a good compliance practice has been established, regulators will target individual employees for malfeasance rather than whole firms.

What form this takes is dependent on the shape of your organization. Larger multinational organizations may find that they need not only a compliance department, but also a chief compliance officer (CCO) who can straddle the boundaries of the law and issues like data privacy (which is becoming more and more important since the GDPR), crisis management and IT failures. Smaller organizations may have radically different needs and capabilities.

Position your organization for entity management & compliance success

Institutional change, like adapting to the compliance environment, can be tough, but it doesn’t have to be. Technological innovation can make a crucial difference as your leadership re-evaluates your organizational structure to avoid some new pitfalls and also take advantage of new opportunities. This package is precisely what Blueprint OneWorld’s entity management platform offers. Please email or call us today to discuss our solutions.