Avoiding Stovepipes and Embracing Efficiencies
The hot selling topic these days is anti-corruption compliance. All the usual buzzwords are floated around with anti-corruption compliance – risk assessments, financial controls, corporate integrity, training and communication and tone-at-the top.
The compliance community, however, is not doing its job. They are focusing on too narrow a topic. Compliance can and should address all the risks facing an organization. As a starting point, the company needs to integrate all of the compliance programs, identify overlaps, and build in efficiencies in responding to multiple risks. What do I mean?
Corruption is not the only risk facing every company. Most companies need to address some of the other basics – antitrust, environmental, data privacy, health and safety, money laundering, export controls and sanctions (just to name a few). Depending on the industry, this list can grow, especially in the health care industry.
So, in keeping with my mantra, here is a profound grasp of the obvious – for each of these areas, compliance means: risk assessments, documentation, financial and other controls, continuous monitoring and periodic audits, and training and communication. Chief Compliance Officers have to identify all the risks, develop organizational responses, and implement important compliance programs which bring together overlapping and efficient compliance procedures and policies. This is a challenging project and one that requires dedication and commitment. It is why I usually view CCOs as the unsung heroes in every organization.
It is very easy to respond to this complement of risks with stovepipe programs. You can have an AML program which is separate and apart from your anti-corruption program. But you would be doing a great disservice to your company and eventually it will breakdown. There are obvious areas of overlap – for example, in the health care area, pharmaceutical and medical device companies are subject to strict regulations relating to payments to doctors to attend conferences, conduct company-sponsored research, or publish company-affiliated studies. These same interactions raise risks of corruption under the FCPA in those situations where doctors are affiliated with state-owned medical facilities.
There is no reason to separate the company’s policies into different stovepipes for compliance purposes. In fact doing so will only confuse management in avoiding potential problems.
We often point to the importance of “leveraging” existing compliance programs and structures. In essence, this means looking for compliance-driven efficiencies. AML programs have been around for a long time. AML compliance staff usually know how to comply with AML requirements and are a natural starting point for adding in anti-corruption controls. Some of the existing procedures can be used for anti-corruption control, and some cannot. But the possibilities have to be examined.
The same is true for antitrust compliance – risks of competitor contacts and possible cartel behaviors need to be identified. Training and communication are an important aspect to making sure senior staff is aware of the risks. Documentation of compliance efforts are critical to ensure a record exists of steps take in response to individual risks or conduct which create risks of enforcement.
A macro view of these risks is essential and the CCO, along with the Audit or Compliance Committee have to operate in a way which avoids stovepipes and seeks efficiencies.