From the outset, the evolution of compliance has been characterized by corruption scandals. It was these crises which led companies to implement new legal obligations and regulations. The compliance programs were originally implemented to be exempted from liability and in almost all cases owing to external legal obligations. However, with the passage of time, and in particular after those cases in which companies suffered scandals, both the compliance programs and the codes of conduct, as well as the introduction of compliance officers, have become mandatory. They have even taken on a new purpose different from the original one: to recover institutional reputation.
It is necessary to identify the challenges and risks then turn them into opportunities. Compliance becomes an opportunity for companies to be managed in a more transparent, efficient manner. It is an area that is quickly moving forward and gaining ground.
Matthias Kleinhempel, a fulltime professor at the Governability and Transparency Centre of the IAE of the Austral University, points out challenges compliance still has to overcome, as its effectiveness is very hard or even impossible to measure. He raises two main challenges, particularly in the case of transnationals. The first is related with the difficulty of mapping the compliance and ethical risk.
We need to have an effective risk map as this is what allows us to assign resources correctly and is a good indicator on senior management’s progress in adopting codes. This is crucial, as whether someone commits illicit acts or not depends on behavior and psychological and cultural aspects.
The second major challenge relates to compliance by third parties or suppliers. Investigation of third-party value chains is complicated, as well as that related to outsourced activities. According to Kleinhempel, interviews with compliance officers indicated 70% were unaware of what is happening in supply chains. Due diligence needs to be boosted and routine monitoring is needed for supply chains. Training in communications and transparency can also be put into effect, as well as determining termination clauses in the event of ethics violations.
By contrast, there are some observable aspects which need to be highlighted. One of these relates to the importance compliance officers are gradually acquiring in Latin American countries, particularly in South America. Now, according to Kleinhempel, 30% report directly to the CEO or to the board and, of these, almost 50% take part in the strategic company decisions and can bring about changes to the business model when they regard it as risky. Around 50% of them meet up periodically with the CEO and 60% with the board every quarter.
Kleinhempel goes on to say we can find two major trends in compliance. The first is the creation of a true ethics-based compliance culture. It doesn’t matter how good the procedures implemented are, as they will prove ineffective if we fail to create a true “compliance culture” right from the company’s executive levels to the general workforce.
“80% of compliance officers believe technology has a major impact on compliance. Big Data and Data Analytics allow better targeting and better risk monitoring”
Because there are ever fewer incentives guided by law, compliance is being based more on principles than rules. Rather than complying with standards and regulations, it is a matter of how companies make good decisions in difficult situations. Hence, decision-making, ethical principles and leadership have become very relevant. The major scandals of recent years have mainly occurred due to problems and failings in ethical leadership. This is why compliance programs must have as their target audience those executives and employees who need guidance and assistance in cases of temptation or even extortion. The board’s commitment is crucial as they will decide the company’s culture.
Compliance training has proven ineffective and dull. Education should be increasingly provided when facing dilemmas and situations which are hard to deal with. These circumstances assume companies work in a gray area, that they have problems which are hard to sort out and there is no right solution. Companies must go over and above compliance and look at human behavior to comply with their prevention function.
A second major tendency is related to technology. Many companies get delayed and bogged down by the vast amount of data. Approximately 80% of compliance officers believe technology has a major impact on compliance. Big Data and Data Analytics, for example, allow better targeting, better risk monitoring and better identification of executives’ needs to provide them with an education more in tune with their activities.
“Compliance started off with a legal approach, subsequently, ethics were gradually incorporated and, finally, today a behavioral-based approach is used”
The digital revolution is imposing new forms of interrelating inside and outside the company. An increasing number of people work on the cloud, on digital platforms which get rid of the bureaucracy and management layers. An increasing number of companies relocate teams or business units to make them more flexible and free them up from the rigidity of large corporations. Furthermore, new risks and responsibilities also arise, inherent in the use of algorithms in data analytics and the use of artificial intelligence. Ethical and legal challenges undoubtedly arise which are directly incumbent upon corporate compliance, over and above data protection. It is vital for the fields of Risks and Compliance to start managing, within their fields of competence, this cyberworld with which they will have to deal.
Compliance started off with a legal approach—at the time this seemed ineffective but it afforded tools and a framework for better management and an improvement in companies’ reputation. Subsequently, ethics were gradually incorporated and, finally, today a behavioral-based approach is used. The programs are seldom called compliance, and are starting to get renamed as they begin to focus more on integrity and ethics rather than solely legal aspects.