March 2021

This article was written by Brook Horowitz, CEO of IBLF Global, published on CEP magazine.

The forces buffeting today’s multinational corporations are fundamentally changing the role of compliance. Growth in high-risk countries and new, unregulated markets; stronger regulatory coordination by national authorities; and new technological challenges—these are all factors in how companies are being forced to reassess their approach to compliance.

In this article, I examine what the changing business environment means for compliance officers and corporate culture overall.

The changing environment for compliance

To define the new role for compliance, we need to first understand the context and environment in which the compliance function has to operate.

Growth of high-risk markets

Outside the G-7 and European Union, a significant majority of countries in the world present a high corruption risk—the very markets where companies want to invest more in order to capture the growth that has been elusive in the more stagnant developed markets. Transparency International’s Corruption Perception Index,[1] the World Bank’s Ease of Doing Business Index,[2] and the World Economic Forum’s Global Competitiveness Report[3] all show corruption as a major issue in doing business in most emerging and developing markets.

In these countries, debilitating bureaucracy and red tape, weak rule of law, and poor enforcement all contribute to environments in which many find it difficult to do business without, at best, making facilitating payments for minor favors and, at worst, paying full-scale bribes to win major contracts.

In other words, there is a culture gap between the rules put out by justice departments in the developed world, multinationals’ compliance departments, and business practices in most emerging and developing markets. For example, in many countries, “wining and dining” and gifting are fundamental parts of the local business culture. Indeed, it is more than a cultural gap. It is a juxtaposition between Western traditions of law and any number of distinct systems stemming from traditions such as the primacy of the family, caste, tribe, community, religion, and social relations.

Despite this juxtaposition, compliance programs of multinational organizations are often based on a global company code of conduct developed in US or European headquarters, which is then translated and rolled out to employees, distributors, and partners in different countries by the local subsidiary. But a global concept of integrity and ethics, especially if it emanates from principles of common law, is not necessarily the most convincing or understandable framework for people brought up in an environment with different cultural reference points and legal and regulatory systems.

Extended reach of regulation

Partly as a result of both perceived and actual lack of effective regulation, governments have been tightening their anti-corruption legislation and enforcement. Although the Anglo-Saxon world has traditionally led with extraterritorial prosecutions, now other countries have been following suit, for example the introduction of the Sapin II anti-corruption legislation in France. Many other countries, not known for their leadership in anti-corruption, have introduced new legislation and are enforcing it. A case in point is Malaysia, whose Section 17A of the Malaysian Anti-Corruption Commission Act 2009 (MACC Act) came into force in June 2020.[4]

At the same time, international efforts to combat bribery and corruption have been reinforced by growing cross-border cooperation through bodies such as the G-20 and the Organisation for Economic Co-operation and Development. New voluntary standards in the form of ISO 37001 have gained popularity among leading companies, as pressure from regulators has pushed them to demonstrate their commitment to rigorous compliance processes.

Last, but by no means least, the risk landscape is not limited to anti-bribery/anti-corruption compliance. Similar globally driven legislation around environmental, social, and governance issues (often referred to in the investment community as “ESG” and in the world of multinational and multilateral organizations as “Sustainable Development Goals” or “SDGs”) are resulting in a convergence of these issues. For example, governance topics as varied as anti-corruption, director compensation, diversity and inclusion, sustainability, and human rights compliance are all increasingly linked in terms of law, policy, and practice.

In terms of day-to-day compliance management, critical legal issues such as antitrust and competition policy, the General Data Protection Regulation and data privacy, sanctions and export controls, and supply chain liability are increasingly landing on the desk of the compliance department. While other departmental heads, such as the chief legal counsel, the chief information officer, the chief security officer, the head of risk management, and others may have functional responsibility for these external aspects of a company’s operations, the proliferation of converging risks and their complexity are challenging traditional compliance strategies and competencies to their core.

The challenges and opportunities of technology

The emergence of data analytics as a management tool is providing new opportunities to address compliance challenges, yet these same tools are challenging the traditional role of the compliance department. With the automation of many compliance-related functions, such as surveillance and detection, some activities that were traditionally the responsibility of the compliance manager may no longer be required.

With the business world being on the cusp of a full-scale introduction of artificial intelligence that will transform many administrative functions, the question has been asked, “Will robots replace compliance officers?”[5] The answer, of course, is no. A company seemingly with all its safeguards in place—a strong reputation, an army of compliance officers, codes of conduct, and a public commitment to responsible business standards—can still run afoul of the law because of an undetected rogue employee; ineffective information technology (IT) or security systems; the ignorance of managers or the “ethical blindness” of board members; or, worse, by a deliberate cover-up.

Human intelligence will always be needed in addition to artificial intelligence, but the compliance role is undoubtedly on the verge of being radically transformed by the breakneck speed of technological innovation.

‘Stakeholder capitalism’

The final challenge for the compliance function is “stakeholder value” or the radical heightening of expectations for companies’ roles in society. Consumers, shareholders, and regulators are increasingly expecting companies to consciously contribute to a fair, clean, and transparent environment in their markets of operations, just as they are expecting companies to contribute to climate change management or social development.

In August 2019, 181 CEOs of America’s largest corporations, members of the Business Roundtable, overturned a 22-year-old policy statement that defined a corporation’s principal purpose as maximizing shareholder return. They adopted a new “Statement on the Purpose of a Corporation,” declaring that “companies should serve not only their shareholders, but also deliver value to their customers, invest in employees, deal fairly with suppliers and support the communities in which they operate.”[6]

What began as a movement has become a revolution—a revolution that may redefine capitalism.[7] Endowed with the values and principles of “stakeholder capitalism,” companies really do have the potential to be the agent of social change. Compliance is emerging as the key function to ensure that a company meets these expectations, not only within its own four walls but in the supply chains, markets, and broader society.

Redefining compliance

The aforementioned forces, as well as recent failures of corporate behavior and the consequent losses of reputation, show a real need for a redefinition of the compliance function. So what will the compliance function look like in the years to come?

From rules to values

Traditionally, compliance has been positioned as a technical support/administrative role. Seen as an adjunct to the business rather than as inherently part of it, the compliance officer plays a quasi-legal enforcement role. At its most limited, the compliance function is constrained to verification of whether the company is complying with the law and its internal conduct code. The training and compliance processes are sometimes seen purely as defense mechanisms by the company to protect itself in the event of violations of the law. The compliance officer is still often perceived by colleagues to be “preventing” the organization from reaching its commercial goals, such as keeping the sales team from reaching their sales targets.

With technological innovations such as data analytics, the future role of the compliance officer will be far less focused on compliance and more on having a wider oversight of ethical behavior. They will be increasingly responsible for cocreating a culture of compliance. This is already happening, as can be seen in the increasing number of compliance and ethics officer titles.

The trend from rules-based to values-based management will reach its apotheosis in the redefinition of the compliance manager.

The CCO of tomorrow

As the role expands beyond a quasi-legal enforcement role, the compliance department will have to embrace many new functions. The chief compliance officer (CCO) will occupy a fully fledged management role at a senior level in the corporation where they, together with other members of the executive team, will be responsible for proactively safeguarding the corporation’s reputation while also ensuring it complies with the law.

This will be a senior figure with powers of persuasion, an exemplary role model with strong moral fiber who is able to play a multifaceted, multifunctional management role that encompasses traditional legal compliance while increasingly incorporating elements of human resources, audit, IT, and finance.

Here is a list of some of the hard and soft skills that the job of CCO will require:

• Cultural sensitivity. A good understanding of the pressures and challenges of working in the field in countries with very different cultures and value systems.
• Commercial acumen. Changing the outward perception of the compliance function from a department that holds back the business from entering new markets to one that enables the business to drive forward in the knowledge that doing business with integrity is a competitive advantage.
• Process management skills. A high degree of competence in building management systems by combining human skills, technological solutions, rewards, and incentives to guide optimal behavior while allowing freedom of enterprise and initiative.
• Empathy. Ability to weigh a multitude of business and ethical dilemmas and to ultimately make decisions that support the company’s reputation as a law-abiding and law-enforcing body that treats its employees scrupulously fairly and humanely.

The ‘integrity leader’

In the traditional model, the CCO function is often ill-defined, sometimes a symbolic role, possessing the nominal responsibility for compliance but without the power or influence to support the right decision or even to facilitate the debate in the event of an ethical dilemma. As a result, the question often arises: “Is the CCO truly independent?” With second-tier management positions, the answer is surely “no.”

In a values-led organization, the CCO is a management board executive, at least reporting directly to the CEO, but also with a dotted or hard reporting line to the head of the ethics committee at the board level. The CCO should have the seniority in the organization to be able to have their views heard, respected, and acted upon.

The new CCO role will also have much more interaction with other functions, such as sales, procurement, and research and development. There will be much higher expectations on the CCO to provide support in business decisions and risk forecasting. This person will become nothing less than a key partner in defining the future direction of the company.

Finally, some companies are beginning to take seriously their social role through collective action initiatives whereby they join forces with governments and civil society to create a fairer business environment. The CCO will play an important role in projecting these values outside the company, via the myriad commercial relationships in the supply chain, to the broader society in which they are operating.

With the redefinition of the compliance function, a new title for this leadership position should be considered that reflects its cross-cutting nature as the conscience of the company—integrity leader, perhaps? Although some point to the CEO as the ultimate integrity leader, this role needs to be functionalized and professionalized to be effective; the redefined and repositioned CCO is, therefore, in the best position to perform these duties.

A new role

I have shared here some of the major changes afoot in business that will shape and affect the role of compliance in upholding the behavior and reputation of the company. Converging risks like corruption, human rights and modern slavery, the development of international enforcement cooperation, new threats such as cybercrime and privacy lapses, technological advances in forensic data analytics, and the advent of stakeholder capitalism are all changing the role of the compliance function, both inside the company and with companies’ external stakeholders.

As capitalism continues to redefine itself, the compliance function will do the same. From being a technical support function, it will develop into a new form of corporate and social activism, promoting proactive ethics and integrity within the company and transforming the way business is done within its markets and the broader society in the years to come.

The views expressed in this article are the author’s own.

Takeaways

• With new challenges in markets and new technologies as risks and opportunities, the role of compliance is being transformed.
• The compliance function itself is being redefined and, with it, the role of the compliance officer.
• The new chief compliance officer, as part of the leadership team, will need a breadth of skills and experience not traditionally associated with the role.
• In the future, the chief compliance officer’s role will go well beyond compliance, toward a new concept of “integrity leader.”
• As capitalism redefines itself, the compliance function will take on corporate and social activism, promoting integrity within the company, its markets, and society.

Reference

[1] “Corruption Perceptions Index 2016,” Transparency International, accessed January 6, 2021, http://bit.ly/2LpSVKu.

[2] World Bank Group, Doing Business 2017: Equal Opportunity for All, October 25, 2016, https://bit.ly/2XhxpKM.

[3] World Economic Forum, The Global Competitiveness Report 2017–2018, September 26, 2017, https://bit.ly/2MwfRIw.

[4] Malaysian Anti-Corruption Commission, “Section 17A Malaysian Anti-Corruption Commission (MACC) Act Enforced On 1^st June 2020,” accessed January 6, 2021, https://bit.ly/3s159Kw.  

[5] Will Dennis, “Will robots replace compliance officers?” Financial News, September 19, 2017, http://bit.ly/2Xg6uih.

[6] “One Year Later: Purpose of a Corporation,” Business Roundtable, accessed January 6, 2021, http://bit.ly/3pVQdLG.

[7] “Milton Friedman was wrong on the corporation,” Financial Times, December 8, 2020, http://on.ft.com/2JOo6i8.