Too Many Cooks in the Compliance Kitchen
Sometimes too much of a good thing is a bad thing. We spend so much time advocating for compliance programs that we forget to remind companies that sometimes too much compliance is not a good thing. What do I mean by this?
Simplicity is a good thing. The true measure of intelligence is the ability of someone to take a complex subject and explain it in simple terms so that anyone can understand it. The same holds true for compliance. A compliance program needs to be clear and it needs to avoid complex concepts and procedures.
It is important to avoid ineffective or unnecessary advisory groups made up of people who have no direct responsibility for compliance but use the group as a forum to offer suggestions or solutions which have little value. Too many companies adopt complex compliance structures making sure that they are politically constructed so as to avoid controversy or create compliance enemies.
In order to avoid these common pitfalls, let me offer a few suggestions:
1. Enlist the board and senior management to the mission of streamlined compliance. It is important to get upper management support for a cost-effective compliance program which is designed with efficiency in mind.
2. Limit committees to stakeholders and senior managers. There is no need to have numerous compliance committees. The stakeholders in compliance are clear – senior management, auditing, legal and human resources. A management committee should be limited to these compliance stakeholders (including the chief compliance officer) and they should have the authority to decide issues and direct every aspect of the compliance committee. The chief compliance officer should chair this committee and should try to make the committee works collaboratively. To make matters easy, the chief compliance officer and the committee should report directly to a board’s compliance or audit committee. No other reporting obligations or authorities are needed.
Global companies face real challenges in keeping compliance simple. A mechanism must be created for global compliance to be located at the senior management level, and reporting obligations from stakeholders in regions and even specific countries. It is difficult but not insurmountable for senior managers to ensure that they obtain sufficient information from their delegated offices to make informed compliance decisions. Information and reporting is the key to compliance and organizations have to be committed to keeping the information limited to what is needed by the senior compliance committee.
3. Eliminate all advisory compliance committees or functions. It is up to each stakeholder to bring compliance issues to the senior management compliance committee. There is no need for advisory panels or other compliance functions to be created.
4. Ensure proper oversight. The board committee responsible for compliance must meet with the management compliance committee at least every quarter. The board has to take an active role in the supervision of the management committee, reviewing information and reports, and key management decisions concerning compliance. The board committee cannot be reluctant to suggest additional actions or revisions where necessary. That is the board committee’s role and it should not shirk from carrying out its duties.