In some companies, and despite the best efforts of compliance chiefs to support rather than hinder operations, the compliance function gets a bad rap. It is the odd man out. It is viewed as the department of “No”, and yet it often has (and should have) direct access to the board. The lines of responsibility between compliance and legal can be blurred. And to some, the value proposition is not clear: we need to have it, apparently, but what does it really do?
Unfortunately but predictably, these perceptions have traditionally manifested themselves at budget time. Specifically, in the last few 5 – 10 years, it has been HR, Finance and even IT that have been provided with the resources to make the migration from limited, on premises software systems to more efficient and capable software as a Service (SaaS) cloud-based systems. Compliance, for a variety of reasons, has usually not been included.
Thankfully, this situation is now changing, for several reasons. First, from a general perspective, many boards and senior management teams now have a more realistic and focused view of compliance. The realism comes from seeing how many “good” companies find themselves involved in compliance enforcement actions, particularly in the anti-corruption area, and appreciating the considerable costs involved. The focus comes from the US Department of Justice’s renewed emphasis on prosecuting individuals, including senior executives, in matters involving alleged corporate misconduct, as detailed in the Yates Memo.
Secondly, with the growing appreciation for compliance’s value by management and the board, there is more interest on their part in knowing the details – specifically, what are the regulator’s priorities? Two DOJ compliance program areas of emphasis are “adequate resources” and “culture of compliance”, as most recently expressed in their FCPA Guidance and Enforcement Plan. SaaS-based compliance management systems specifically help organize, manage and track compliance activities and thus speak to both DOJ priorities. In summary, better resources – better applied.
Lastly, there is the element of risk. Companies operating globally have varied and complex compliance obligations, and compliance chiefs must be constantly monitoring higher risk activities while staying proactive to keep their compliance programs effective. In most cases, the email, spreadsheet, sticky note, matrix management and dated IT data tools previously relied upon to help manage these demands no longer do the job. And is extraordinarily difficult and time consuming for compliance chiefs to stay abreast of the numerous changing external and internal demands placed on them; there is the constant worry that something may “slip between the cracks”.
On-line compliance management systems, by contrast, help reduce a company’s overall risk (and compliance chief anxiety) by: (1) helping the compliance chief identify programmatic priorities, while automating routine administrative tasks; (2) placing all compliance data in a single system of record containing multiple, activity-based repositories; (3) freeing up time for the compliance chief – to meet the above demands.
Make your case, compliance chiefs – get more closely aligned with what other departments are doing in terms of cloud-based management support. It is in the organization’s best interests to shake off the long-dated odd man out label. Do some corporate spring house cleaning and bring in enhanced organizational capabilities and reduced compliance risk in the form of an integrated compliance management system.