Anti-corruption compliance is often criticized as a brake on business development, but you believe it increases a company’s competitiveness, why is that?
At its core, anti-corruption is about your company’s values. What is the value that drives your company: that you have superior products and/or services that would improve your customers’ lives, or you need to cheat one deal at a time? Are you looking to a long-term future for both your company and the communities where it does business, or do you just want to make sure you get through today? I believe companies that have clear sense of their mission and long-term vision would be more competitive than those that focus on short-term deals and quick growth, because the long-term mission focus compels strategies and investments consistent with sustainable business growth.
In practice, anti-corruption compliance requires a disciplined enterprise resource management system that provides clear visibility to, and robust control in, a company’s financial transactions and operations. It is all about knowing where your money is going, with whom you are doing business, and how these decisions are made. Efficient enterprise resource management means, by definition, more efficient use of resources, reduction of waste and fraud, and business processes that service these goals. For example, I have seen, many times, companies’ anti-corruption third party due diligence process leading to the discovery of duplicate and dormant vendors and suppliers, resulting in a streamlining of their supplier database and leading to cost saving. Conversely, I have never seen a company that has poor anti-corruption compliance but strong financial controls: financial and operational discipline are both the foundation and outcome of effective anti-corruption compliance.
How does a compliant company from the OECD zone retain its competitiveness when it is in competition with a company from a non-OECD based country?
First, let’s recognize that bribery and corruption is not a reliable way to win business. Since bribery is illegal in virtually every country, you can’t sign an enforceable contract to make sure you get what you paid for. There is always the possibility that your competitor can offer a bigger bribe, and certainly no guarantee that you would get your bribe back even if you lose in that case. So, even if there is no prohibition on bribes for OECD countries, it would be an expensive and unreliable way to compete. A corrupt decision-maker can simply take bribes from everyone, award the business to the highest briber, and not refund any other bribes. Is that a “competitive” way of doing business?
One of the greatest assets a company can have is its reputation: the trust that it has from the markets where it does business. As a consumer, there are products and services from certain countries or companies that I would not buy, even if they cost less than their competitors, because I don’t trust their quality. At a micro-level, I exercise that choice in my local stores; at a macro-level, I voice that preference as an investor and a voter. I have divested from companies that have lost my trust, and I have refused to invest in certain companies and industries altogether. I want my medication, food, car, house, highway to come from manufacturers, sellers, and builders I trust. Consumers and investors today are increasingly expressing their preferences with their business and their money. Therefore, I believe it is far more sustainable and reliable to compete on trust and reputation.
In your experience, what are the most common obstacles to an effective compliance system?
By far the most common and fundamental obstacle to an effective compliance system is the lack of financial and operational discipline in a company. If a company does not have the ability to track its spending and operations consistently and in real time across the enterprise, it would simply not be able to institute meaningful controls and achieve timely detection of problems. Sometimes I feel the most important compliance officers are not in compliance: they are in finance and procurement.
The other obstacle is often how the compliance function is perceived by the rest of the company: as a bureaucratic function that adds burden but brings no value. This is reinforced when compliance officers devise unnecessarily burdensome processes, fail to understand the business, or can only articulate their contribution as some form of insurance against enforcement penalties.
Finally, lack of commitment and support from the senior leadership is an obstacle that undermines many programs.
How can you tell when a company has implemented a real compliance program as opposed to a window dressing exercise?
Data. What kinds of data a company chooses to collect, track, and analyze, as well as the data itself, tells me about the reality of the program. For example, if the only data a company has about its training is completion rate, it would suggest to me that its only reason for doing training is to be able to say they have done it. Sometimes, a company tries to show its “tone from the top” by counting the number of pro-compliance messages delivered by its CEO, but its employee engagement surveys tell a different story. By the way, I believe counting only pro-compliance messages as a way to measure commitment is like counting calories only when you eat vegetables: it’s not a valid measurement if you only count what you want to count.
Companies like to show their policies, but their audit and disciplinary data will indicate whether these policies are enforced. Hotline posters might be nice, but data on the actual usage, test calls, and follow up investigations would be the indicators about whether it actually works as a reporting tool. A flow chart for third party due diligence processes may look nice, but data on the due diligence results as well as payment and activities monitoring would tell whether a company is actually managing its third party risks.
What advice would you give to a compliance officer who is having a hard time convincing the board of the importance of compliance?
Stop selling compliance as an insurance and start using data and measurement to make your business case. Instead of arguing third party management “might” help the company “in case of” an enforcement action, present how much cost-saving would result from anticipated streamlining and fraud reduction. Instead of saying you need a reporting tool for whistle-blowing, consider how a reporting tool can become an employee engagement tool that helps the company spot problems early.