Once a year compliance professionals from around the globe gather to discuss developments in anti-corruption, compliance and ethics at the Society of Corporate Compliance and Ethic’s Annual Institute (SCCE). CIPE’s Frank Brown, Value Chain andAnti-Corruption Program Team Leader, and Anna Kompanek, Director of Multiregional Programs, presented at the SCCE’s 14th annual gathering with a workshop titled Carrots Before Sticks: Motivating Mid-Sized Businesses in Emerging Markets to Launch Compliance Programs. Leading experts across a variety of industries discussed recent developments in compliance, ethics, and enforcement and share practical advice and insights based on their experience.
Following the conference, Professor Ryan Meade, Director of Regulatory Compliance Studies at the Loyola University Chicago School of Law, identified ten key takeaways from the event in an engaging webinar. He identified ten key takeaways from the last year made by compliance professionals. Those points include the recent Yates Memo issued by the U.S. Department of Justice; the importance of effective compliance training; rising concerns involving e-discovery and IT security; compliance hiring trends; and the importance of due diligence with regard to foreign transactions, mergers & acquisitions, and vendor and contract management. Here, we take a closer look at the takeaways most relevant to international SMEs (small and medium enterprises) engaged in international supply chains.
- Education methodologies
Employee training is consistently described as an essential element of an effective compliance program. While many companies have made great progress in creating and conducting compliance training programs, frequently, too little attention is given to the style and nature of these programs. It is not enough to inform employees of the laws in place or lecture employees on the language of regulations in lengthy seminars. Increasingly complex regulatory frameworks make understanding the details and caveats of regulations challenging – even for trained professionals. When the regulations are understood, it still can be difficult for employees to see how compliance requirements may influence their day-to-day tasks. Interactive formats, which engage employees and encourage active participation, too, can be far more effective than traditional presentations. By drawing a clear line between the intent and impact of a regulation and an employee’s routine tasks, emphasizing commitment to high standards as an essential component of corporate culture, and leading by example, managers can encourage employees to believe in compliance standards instead of just obeying them.
- Vendor and Contract Compliance
Third parties and vendors are increasingly being brought into investigations of non-compliance, and the penalties for non-compliance can be directed not only toward the vendor itself, but also to the engaging company. Vendors may be treated as “regulated actors” either by being directly included in laws regulating companies they service or by “push down” through service contracts with those companies. Companies engaging third party entities should carefully balance the risk of vendor misconduct with more standard strategic considerations such as cost, quality, and efficiency when selecting companies to work with. Vendor companies, in turn, have strong incentives to develop effective independent compliance programs, which complement those of their clients, both in order to lessen their own liability and to make themselves more attractive to larger companies seeking their services.
Given the potential for non-compliance to impact both vendors and the companies that engage them, compliance officers should be involved in reviewing and managing company contracts. Areas of contract management that compliance officers may need to address include: notice provisions of breach of data protection; subpoenas and discovery requests; obligations related to a myriad of regulations now often cited in services agreements; foreign jurisdiction implications and obligations; amendments to regulations that impact service agreements; and compliance audits by other compliance programs.
- Listen before you leap
Strict adherence to legal obligations and ethical standards is vital to a company’s operations, but compliance programs, which emphasize rigidity or risk aversion to the detriment of primary business interests may limit a company’s ability to remain competitive or encourage employees to circumvent compliance officers when making key decisions. Compliance officers should be partners to strategic officers who strengthen the company by identifying and mitigating future legal and reputational risks. Being viewed as an obstacle to commercial concerns will limit the effectiveness of the entire compliance department. Compliance officers must therefore ensure that their reactions to potential risks and reported infractions are appropriate responses to the severity of the situation.
- Doing business outside the U.S. requires knowing the local regulatory landscape
Many companies that do not think of themselves as doing international business are increasingly engaging in non-U.S. transactions. Companies that engage foreign vendors or have operations involving sales, outsourcing, or data management abroad, for instance, may fail to adequately consider international regulations. If any aspect of your operations takes place outside of the U.S., you must make sure that you can accomplish your goals under local laws and manage variations in law between locations within which you operate. For instance, certain EU privacy laws differ from U.S. variants, which in some circumstances means that a company may be able to send information from the U.S. to the EU but not able to reimport that information from the EU to the U.S. The exact regulations vary based on the countries in question, the type of data, and the industry within which the company operates. Considering these aspects and including compliance professionals knowledgeable about specific regulations when making strategic decisions regarding international operations can prevent future problems.
- Compliance due diligence
While compliance risks should not necessarily be considered deal-breakers, awareness of the risks and attention to steps that can be taken to mitigate them from the earliest stages of negotiation, can greatly enhance a company’s understanding or risk/reward considerations. Proactive steps that can be taken in merger and acquisition transactions include conducting thorough risk-based due diligence; implementing the acquiring company’s code of conduct and compliance policies as quickly as practicable; conducting compliance related training for the acquired entity’s directors, employees, third party agents, and partners; conducting a compliance-related audit of the company as soon as practicable; and disclosing to the relevant authorities any compliance infractions discovered during the due diligence process.
Morgan Dowd is a Program Assistant for South Asia, Central and Eastern Europe at CIPE.