Corporations around the world are spending significant resources and effort in building and sustaining robust compliance programs. However, despite these efforts there is an increasing trend in violations and enforcement actions. Executives are placing more emphasis on making the compliance program succeed amidst complex business operations, geo-political challenges, competitive pressures and financial stress.
In many organisations, there are barriers to overcome – or, red flags, that influence the success of a compliance program. In this article, FTI Consulting identifies some of the stumbling blocks of implementing an effective compliance program and the measures companies can take to mitigate and overcome these challenges.
Overstressed Business Aspirations
One of the foremost and fundamental factors in creating an effective compliance program, is the buy-in from management and shareholders on its impact on business, growth and profits. One has to bite the bullet on the consequences of having to deal with red-tape, delays and impact on the operations and growth of the business. The employee on the ground cannot be expected to adhere to all compliance guidelines whilst also being pressured with business goals. Often the risk of bribery and corruption increases due to aggressive business plans and strategies. This does not imply that a successful business is built on a foundation of bribes and corruption, but it is important to acknowledge and maintain balance between a culture of compliance and achieving business goals.
Disparities in Preaching and Practicing
The behaviour of managers especially senior management drives the behaviour of the workforce in any company. A clear, consistent and communicative tone at the top goes a long way to ensuring effective compliance. Having robust policy procedures and systems is not enough to mitigate the risk of bribery and corruption. The general impression of the conduct and behaviour of management is an important step which often becomes the pathway for employees to follow.
One of the foremost and fundamental factors in creating an effective compliance program, is the buy-in from management and shareholders on its impact on business, growth and profits.
Dubious Third Parties
A fundamental yet often ignored step in ensuring compliance is due diligence. This includes analysing the background and reputation of a company's business partners who act as extended arms of the company in day-to-day affairs. In the past, prosecutions and enforcement actions have shown significant exposure to bribery and corruption risks due to the actions of third parties. It is perceived by many companies that using a third party or a consultant to make an improper payment or conduct in bribery is easier and a less risky proposition for the company. In fact, it is quite the opposite, as using a dubious third party can be counterproductive and increase the chance of enforcement action. Such third parties will be engaged with multiple corporations and any regulatory action on any other company which they are associated with might result in expanding the investigation to its other clients and associates.
Venturing in Unchartered Territories
Often businesses end up in situations which create an environment where bribery and corruption can occur. This is due to the smokescreen of complex regulations in certain geographies as well as political, cultural and demographic uncertainties. Risk assessments and more specifically bribery, corruption and fraud risk assessments, enable companies to gauge the risks before entering into a market or transaction. These enable them to prepare for unforeseen contingencies as well as align the business objectives with a more clear and transparent assessment of the risks involved. Risk assessment is a continuous process and needs to adapt with business growth and changes therein.
Over Reliance on Compliance Teams
Responsibility of effective compliance does not solely rest with the compliance team of a company and needs to be embedded within the company culture and ethos. The wider the geographical spread of a company's operations, the need for training and awareness of compliance issues increases. Certain practices which may be considered legitimate in certain cultures or geographies may not be true for others. Similarly, a lack of knowledge about regulations and law is no defense for non-compliance. It is therefore important for every company not only to have a robust compliance program, but also to percolate the same to every associated party who is governed by it. However, the frequency and depth of training needs to be tailored according to the risks associated with the target audience. For example, senior management, business development functions and teams which interact with government bodies, tend to be at a higher risk.
Responsibility of effective compliance does not solely rest with the compliance team of a company and needs to be embedded within the company culture and ethos.
Failing to Investigate
There are tremors before an earth quake. Ignoring red flags around non-compliance could prove catastrophic to companies. These could be direct allegations, complaints or indications emanating from internal audits or management review. Failing to do a root cause analysis or brushing issues under the carpet for short term gains will not eliminate the risks. Investigations and incident management are core to a compliance program. Resolution and reporting of compliance violations are often complex and require specialist or legal guidance. Companies which have a response plan in place are in a better position to deal with such violations.
How We Can Help
There is no "one size fits all" solution to make any compliance program succeed, but companies which have followed the policies in letter and spirit are much more likely to overcome the compliance risks and sustain longer.
Effective compliance programs play a critical role in warning of potential threats and preventing violations of laws that could at a minimum tarnish a corporation's image and impact its business relationships or financial viability. FTI Consulting's highly experienced professionals bring detailed knowledge of their fields and industries to client projects, providing full-scale assessments, process improvement and support for compliance programs. We help analyse existing policies and procedures to find gaps or breaches in existing safeguards, and are adept at designing and implementing controls that serve to rehabilitate deficiencies and/or monitor the continuing effectiveness of an organisation's compliance program in an ever-changing business environment.
May 28, 2019
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.