There are few things more devastating to a chief executive or board of directors than seeing their company’s name splashed across media headlines with allegations of having broken the law. After wondering how it could possibly happen to us, the focus quickly goes to how best to effect damage control, with accompanying thoughts of billions of dollars in fines, penalties, judgments and lost business, as well as personal exposure, and knowing great amounts of time and energy will be directed to dealing with regulators, lawyers, and investigators instead of growing the business.
It’s fascinating to see that, despite reading of such happenings at other companies, somehow many top managements can’t imagine it happening to them. Hence, too often companies put in place a code of conduct and ancillary policies, a whistleblower channel, and perhaps even a compliance officer – all useful elements – but which fall far short of an effective compliance program. And with each new law or regulation, a new policy and related procedures are installed, frequently duplicating existing procedures but still falling terribly short of an effective program. So we see fragmented and duplicative procedures that are administratively burdensome and often outdated, while the significant risks of non-compliance continue to grow.
In contrast, leading companies are proactively dealing with the associated risks. They take a holistic approach, first recognizing that laws and regulations were set forth in the first place as a reaction to damage to someone – customers, employees, investors or communities. And they recognize that companies satisfying related marketplace expectations – with “green” food products, better child safety products, better automobile gas mileage, or more desirable workplace environment – are rewarded with better workers, greater market share, and enhanced profits. With this recognition, they design a compliance program not only to ensure minimum compliance, but to seize related business opportunities geared to the underlying marketplace drivers. The compliance program is built into strategic objectives, and is risk-based and streamlined, with clarity around responsibilities and accountability, and supported by technology with meaningful communication and reporting.
Yes, there is an initial cost to doing this right, and a chief executive will expect to see a rational business case made for establishing such a program. But the benefits are real, and the CEO and board members will sleep better at night knowing an effective compliance program is in place in their company.