Compliance Risks: Rational or Stupid Decisions
“Never argue with stupid people, they will drag you down to their level and then beat you with experience.” – Mark Twain
Mark Twain’s quotes are timeless – his keen observations apply today just as they did years ago.
A compliance program depends on rational decisions. Stupid decisions will undermine compliance.
The key to compliance is identifying and analyzing issues, weighing risks, and making rational decisions. A company’s compliance program is built on several requirements for rational decision-making: (1) collect information; (2) identify specific risks and likelihood of risk outcomes; (3) identify benefits; and (4) weigh the risks against the benefits.
With these four categories of information, the company can make a rational decision. These principles are used in every aspect of business decisions – e.g. entering a new high-risk corruption country; retaining a third party agent; or entering a joint venture.
Compliance programs consist of policies and programs to advance rational decision making. A company’s due diligence policy requires compliance personnel to collect information, identify risk, identify benefits and weigh the risks versus benefits. A breakdown in this process inevitably leads to “stupid” decisions, or decisions which do not advance company objectives.
Information is the lifeblood of every compliance program. Rational decisions cannot be made without considering basic information. A failure to gather accurate information can lead to disastrous consequences.
For example, a company may not be able to confirm whether or not a prospective joint venture partner is controlled by a state-owned entity – a recurring scenario in China. Or a company may have to try and dig through layers of corporate ownership to identify the beneficial owner – a recurring scenario in Russia. In the absence of accurate information, rational decisions are unlikely to occur. The more information that is obtained, the more likely the company will make a rational decision.
Internal reporting policies and programs are built on the same principle. Companies need to focus on how to make sure information about potential compliance issues are raised, elevated to the proper management level and then analyzed by the appropriate managers.
In many cases, companies struggle to ensure that issues are elevated within the organization. An employee who is reluctant to report an issue to his or her supervisor needs to have an alternative way to report the issue. Anonymous reporting systems are not very effective. Employees need to be able to report to someone who is viewed as fair and reliable.
In the end, complete information does not guarantee a rational result. Instead, it provides an “opportunity” for a rational decision. Decisions which reflect corporate ethics and compliance lead to rational results. Decisions made by companies which lack a commitment to compliance are more likely to lead to “stupid” outcomes.