CFOs are increasingly finding themselves at the centre of initiatives to reduce such risks. However, from long-established expenses policies to more recently introduced measures aimed at reducing bribery and corruption risks, a significant challenge remains: how can organisations ensure staff at all levels understand and adhere to such policies?
A well-implemented compliance programme defines and reinforces a good culture
The reality is that preventing compliance breakdowns is more complicated than just adopting a commitment to play by the rules. Such breakdowns are rarely caused by a deliberate corporate strategy of deceit. Most companies that have been prosecuted or fined had legally accurate policies in place and a management team that, at least, claimed to want to follow them. Instead, more often than not, what causes compliance programmes to break down is the failure to implement and track compliance with a legally adequate policy. In far too many companies, static policies are left to languish on bookshelves or intranets and the approach is now in urgent need of reform.
To some, the allegation of wrongdoing may come as a surprise. How, with a multitude of policies and procedures well embedded into the organisation, could someone even contemplate any wrongdoing? Many professionals believe that the solution is creating not just compliance policies, but rather a culture of compliance. It is certainly true that, an ethical culture and setting a good example are absolutely necessary - there is no doubt that if employees perceive that senior management act unethically, they will follow suit. However, this does not mean that a good example set at the top will alone be enough to ensure ethical behaviour by more junior staff. Instead, an effective compliance framework requires systems and processes that constantly remind and encourage people to do the right thing. A well-implemented compliance programme defines and reinforces a good culture – a good culture does not create a good programme.
The challenge is to develop processes and programmes to help the organisation avoid the potential consequences of non-compliance. At the same time, staff must be given the tools to help them respond appropriately and rapidly when compliance questions or issues arise. Having knowledge, available information, transparency and a dedication to authenticity, are fundamental components of any effective compliance initiative.
Effective compliance policies are well written and easy to understand by their employees, not just the lawyers who wrote them. Where policies are written like statutes or legal documents, no one will read them and no one will understand them.
With easy to understand policies in place, regular online and face-to-face training is crucial. This must be engaging, interesting and relevant – not just a chore for employees. Next, companies must ensure that their staff have ready access to information necessary to apply the policies in their daily work. Fundamentally, this means that employees need to know where policies are kept, how they can obtain approvals and to whom questions should be directed.
But even this is not enough. Organisations must not only educate and reinforce; employee actions must be tracked. Perhaps surprisingly, most companies do remarkably little tracking of their compliance programmes. Smart companies have figured out how to track every aspect of their compliance programme. Who is being trained? Who is asking questions? What questions are they asking? What is being approved? From where are the questions emanating? By tracking the various aspects of the programme, companies can make data-driven decisions on how best to spend the compliance budget, to reduce the likelihood of investigations, prosecutions and fines further down the line.
Compliance is increasingly safeguarded with the assistance of software applications that help simplify the day-to-day operation and implementation of specific policies. Such tools may be available on smartphones, tablets or laptops and make compliance come alive, by promptly providing relevant answers and interactive information.
Take for example a scenario where an international sales executive wants to invite a business contact to a high-profile sporting event. Rather than consulting the company's entire global anti-corruption policy, a simple application can provide a clear answer to whether the rules allow him to offer hospitality and, if so, the appropriate level of expenditure.
Such solutions often work by creating a decision-tree, based on previously complex written policies. By using the answers to a few simple questions, the employee may be directed to the relevant section of the policy. Importantly, this approach also forces organisations to rethink their compliance policies, to ensure that they can be subject to decision tree analysis. This assists the compliance process by ensuring that as little as possible is left to interpretation by employees, who have neither the training nor experience to make the relevant decisions
Recent cases have reinforced the considerable corporate and personal risks facing executives that fail to implement a compliance strategy that can withstand external scrutiny. Compliance and governance go hand-in-hand and the senior team must be at the forefront of developing strategies – backed by data-driven compliance cultures – that can help safeguard compliance and reduce the likelihood of becoming the focal point of regulatory action.
Seth Berman is executive managing director and UK head of Stroz Friedberg, a risk management, investigations and intelligence company