Avoiding Stovepipes: Integrating Compliance Functions
Compliance is becoming more and more specialized. Whatever is the soup du jour, or current high-risk operation, becomes the focus of compliance education, marketing, and surveys. After the passage of the PATRIOT Act in 2001, the focus was anti-money laundering compliance programs. In the last few years, the focus has now turned to anti-corruption compliance.
Compliance officers usually get dragged into this trend and focus on high-risk compliance activities. Corporate board monitoring reinforces this attitude by increasing monitoring and oversight of higher risk activities.
There is a real opportunity cost to this singular-risk focus by compliance professionals. By focusing on single-risk compliance functions, compliance professionals ignore economies of scale and scope. There are significant efficiencies to building compliance systems which cut across different substance areas.
For example, antitrust, anti-corruption and anti-money laundering compliance procedures can be integrated. Each substantive area focuses on relationships and interactions – antitrust between executives in in a company and executives from competitor companies; anti-corruption between executives and sales staff in a company and foreign officials; and money laundering between a financial institution and customers and politically exposed persons.
Due diligence is a process which can have overlapping functions – a merger and acquisition due diligence program should address all of the significant risks, including antitrust, money laundering and anti-corruption risks. Even third-party due diligence can share common practices when reviewing third-party intermediaries for anti-corruption risks and potential customers for a bank.
The relevant legal standards and details may differ but there are aspects of every compliance area which can be leveraged across different substantive risks. The challenge for a chief compliance officer is to identify potential overlaps and economies to be gained. It is another important way for CCOs to stretch compliance dollars, minimize staff resources, and improve overall compliance operations.
It is wishful thinking to assume that this is easily done. It takes a dedicated philosophy and understanding of compliance risks in all substantive areas. Of course, there are some areas where compliance functions have to remain distinct, such as health and safety issues.
On the other hand, there are a number of functions which can be scrutinized for a number of issues, including gifts, meals and entertainment for corruption risks and compliance with anti-kickback laws in the health sector. Even more generally, it is important for companies to centralize certain functions such as internal investigations where each substantive area can be tracked and evaluated under a general compliance microscope.
The more that stovepipes are broken down, the better for compliance professionals. With such a perspective, compliance professionals gain a better understanding of relative risks and can allocate resources among those risks to minimize risks with minimum resources.