Times were that the core aspects of corporate governance that related to the government and regulatory authorities were subsumed under the activities of Legal departments or were handled by the Board or its subcommittees in an individualized or ad hoc manner.
However, the explosive financial scandals at Enron and WorldCom around the turn of the millennium, the Madoff crisis over a decade later, and the ensuing tightening up of regulatory authority through laws such as Dodd-Frank and Sarbanes-Oxley pushed corporate governance in the direction of a new and autonomous realm: compliance.
This post provides a quick-and-dirty introduction to the basics of compliance, its importance in contemporary enterprise, its relationship to the broader tasks of entity management, and the possible structures enforcing compliance can take.
Q: What is “compliance” in corporate culture, and why is it important?
A: “Compliance” covers most basically the practices that allow an organization to measure itself by the standards of the law under regulatory regimes where it operates and to deter violations. Although it is in the last instance an imposition by the state and regulators that deter malfeasance through sanctions and penalties, the function of a compliance officer, department or practices is more proactive than simply making sure their organization stays clear of legal hurdles. Best compliance practice is a proactive approach that, at a basic level, involves fostering the mentality and culture that keep a company clear of not only applicable laws, rules and regulations, but also its own internal codes of conduct, procedures, policies and ethical standards.
While the idea of complying with the law is, of course, not new to business, compliance as a realm autonomous from the general counsel/legal department, and even from leadership, is a relatively new development in corporate culture. Compliance departments will usually develop authority that goes beyond that of a general counsel, and in some cases beyond the Board and investors themselves, to interface with government directly.
Put one way, while the role of a legal department is to tell leadership and senior management what it can do, a compliance department exists to tell them what they should do. Both perspectives need to exist and be in balance with each other. The most basic functions of such a department include:
- Identifying the risks (legal and otherwise) that an organization faces in the course of affairs
- Designing strategies and controls that protect the organization from those risks
- Monitoring and reporting on the effectiveness of controls to leadership and regulators
- Resolving difficulties in the processes of compliance as they occur
- Advising the organization on rules, controls and standards overall
Q: What is the relationship between compliance enforcement and entity management?
A: The larger and more complex the operations of the firm — for example, as it grows and establishes subsidiaries across different regulatory jurisdictions — the greater are the compliance risks and the more necessary it is to have established processes and internal specialization for enforcing compliance. Legislative instability is an unavoidable feature of the current business landscape — we hardly need any more reminders of this than Brexit, which is forcing many multinational organizations operating by EU standards to sever those standards and establish new British entities, or the new US tax code, which moves US policy in a more nationalistic direction by cracking down on profit-shifting activities.
This makes it more important than ever before not only that compliance standards are established proper to each jurisdiction a multinational organization operates within, but — as the Trump administration gears itself up for a trade war — that these standards are internationally integrated to absorb the shocks that rapid shifts in economic policy in one country can produce in others.
Q: What structures should an entity put in place for compliance?
A: Compliance authority separate from legal departments is increasingly seen as essential in corporate culture, but the form this takes is dependent on the size and needs of each entity. The need for independent compliance was made crystal clear all the way back in 2011 when Wal-Mart’s Mexican subsidiary was investigated for bribery — a scandal its international counsel was implicated in when it came out that legal had helped to silence an internal investigation by referring it to the same local counsel that had approved the payoffs in the first place. Wal-Mart finally made it clear of this scandal last year, but in light of recent political turbulence, international organizations should consider the level at which they are capable of sustaining considerable economic penalties and the ensuing loss of institutional credibility.
Wal-Mart’s Mexican scandal underlines why having established compliance practices that aren’t dependent on legal departments is increasingly seen as necessary for contemporary enterprise. That said, the type of structures that can enforce compliance will always need to be tailored to the needs of different sizes and types of entities, as well as the regulatory landscape they operate within. Larger multinational organizations may find that they need not only a compliance department, but also a Chief Compliance Officer (CCO) who can straddle the boundaries of the law and issues like data privacy, crisis management and IT failures. Smaller organizations may have radically different needs and capabilities.
Institutional change, like adapting to the compliance environment, can be tough, but it doesn’t have to be. Technological innovation can make a crucial difference as your leadership re-evaluates your organizational structure to avoid some new pitfalls and also take advantage of new opportunities. This package is precisely what is offered through Blueprint OneWorld’s entity management platform. Please email or call us today to discuss our solutions.