Compliance: how to address the issue of costs?
The question of which budget should be allocated to anti-corruption compliance is a difficult one for any company. For top management, compliance has a cost — undoubtedly necessary — whose expenditure can’t be reconciled in a tangible manner or with a physical receipt. The impossibility of defining return on investment often results in the compliance budget being kept to a minimum. The compliance officer, on the other hand, is aware of the potentially dramatic effects an act or allegation of corruption could have and views a compliance budget as a kind of insurance policy which should cover the company’s identified risks to an appropriate degree.
In addition, as I mentioned in my previous blog, a compliance program with an inadequate budget could be viewed by enforcement authorities as a mere window-dressing exercise. There is the real possibility that an underfunded, inappropriate program could engage the responsibility of the Compliance Officer. Thus, the debate over the compliance budget continues. Ultimately, the final decision will be taken by top management whether it pleases the Compliance Officer or not.
A compliance program with an inadequate budget could be viewed by enforcement authorities as a mere window-dressing exercise.
It is my view that the question of the compliance budget is ill-posed quite simply because questions on the role of compliance vis-à-vis business operations are ill-posed. There are two reasons for this. The first is because too often compliance is perceived as a supplemental process tacked onto existing structures instead of the support function to commercial operations it is intended to be. The second stems from the fact that the cost of compliance is often considered after the initial analysis of a new project. Thus, when its cost is examined later, it can appear to threaten the project’s financial viability.
- Include the costs of “operational compliance” in the overall compliance budget
As I repeat frequently in this blog, a Compliance Officer must remain independent of operations. It is essential that major compliance decisions be taken absent of any potential conflict of interest with business operations. Decisions pertaining to risk assessment, the organization of due diligence on business partners, joint venture partners or acquisition targets must be free from any conflict with commercial output.
Having said this, there are a certain number of actions that can — and in some cases, should — be undertaken by people other than compliance officers, or, at least jointly with them. Anti-corruption training with human resources, verification of anti-corruption clauses with the legal department, risk assessment with operations, involvement of the IT department in the collection of compliance data, verification of the execution of contracts in conjunction with financial controllers or internal audit, awareness-raising throughout the company with the support and active involvement of the managing directors, etc.
These actions involve real expenditure which must be calculated and integrated into the compliance budget. The objective is not to inflate the compliance budget artificially but to evaluate the real cost of compliance. It is therefore important to identify the costs borne by each entity and to integrate these decentralized costs into the overall budget. This will give a more realistic view of compliance costs, and ultimately will increase buy in for the compliance objectives from every entity’s manager.
It is imperative that companies treat the risk of corruption in the same manner that they treat the risk of accidents.
2. Integrate the costs of compliance immediately into any project cost benefit analysis
All new projects are subject to a detailed analysis of the risks and possible costs vis-à-vis expected profit. Go-no-go or bid-no-bid processes exist precisely to provide as much assurance as possible on the financial viability of any project relative to identified risks.
I am struck by just how many companies do not incorporate the costs of compliance into their initial project analysis even though the importance of compliance has been front and center for years and its importance continues to grow.
If the cost of compliance is not considered at the initial stages of an acquisition, a joint-venture or any new project, when it becomes obvious that some kind of compliance mechanism is needed, compliance is seen as merely an additional cost that will impact the return on investment. It is tempting, therefore, to limit compliance costs to a minimum even if it affects compliance efficiency.
Not including the cost of compliance at an early stage of project management precludes the possibility of appreciating the project’s real worth and profitability. Each project presented to either the management or risk board should include a line item for the compliance budget. This line item should include i) the cost of the compliance resources needed for the project i.e. participation in the corporate e-learning ii) the cost of the compliance resources which will be required specifically for the project i.e. the appointment of either a full-time or part-time Compliance Officer.
Similarities between budgets for safety on a new worksite and compliance budgets on a new project.
It is imperative that companies treat the risk of corruption in the same manner that they treat the risk of accidents. I have often referred to the similarities between corruption prevention and workplace accidents. The issue of budget illustrates the similarities once again. When creating a budget for a new work site it is standard to detail very explicitly how much will be allocated to issues of job safety. The same consideration should be given to compliance when drafting budgets for new projects.