In our experience, compliance professionals spend a significant amount of time and resources focusing on the “how” – designing, implementing, sustaining, and improving effective compliance programs. This focus is no doubt warranted given recent emphasis by enforcement authorities on the need for corporates to test the effectiveness of their compliance programs. However, we believe it is critical for compliance professionals and their business clients not to lose sight of the “why” behind their compliance agendas, including how to best articulate the business case for investing in a robust compliance program.

When asked why a particular compliance initiative or resource is necessary, compliance professionals may have the urge to rely on guidance from enforcement authorities, framing their response under the rubric of “the regulators’ expectations.” While pronouncements from enforcement authorities can, and should, be a part of such a conversation, relying solely on such pronouncements may not be fully satisfactory to business stakeholders who are not experts in compliance. Worse, it can give business stakeholders the impression that the compliance professional’s response to the “why” question is effectively “because I said so.”

Regardless of the maturity of a company’s compliance program, the ability to effectively articulate the business case for the program can be a vitally important item in a compliance professional’s toolkit, and critical to the overall effectiveness of the program. Among other things, achieving buy-in and support from employees, executives, and directors, as well as external stakeholders, such as business partners, will depend in large part on whether they believe that compliance initiatives are ultimately actually worth the time, resources, and effort.

With this in mind, we briefly outline below some of the key aspects of the business case for investing in a compliance program. As the business case will vary depending on the risk profile, operations, and culture of the organization, there is no “one size fits all” solution here.

  • The Insurance Policy

A number of international legal regimes provide powerful incentives for the development and implementation of effective compliance programs by offering the prospect of more favorable resolutions in enforcement actions. Most notably for companies with potential exposure to U.S. law are the U.S. Sentencing Guidelines, under which a company can receive substantial discounts to criminal fines where it can demonstrate the maintenance of an effective compliance program. Along similar lines, under the U.S. Department of Justice’s (“DOJ”) Foreign Corrupt Practices Act Corporate Enforcement Policy, a company may be entitled to the presumption of a declination of prosecution altogether, or considerable discounts on applicable fines, if, in addition to voluntarily disclosing misconduct and cooperating in DOJ’s investigation, it demonstrates the “[i]mplementation of an effective compliance and ethics program.” In both cases, the ability to put a dollar amount on the value of an effective compliance program, at least as regards the costs of resolving an enforcement action, can be quite powerful in making the case for additional compliance resources.

The UK Bribery Act takes a different approach, providing an affirmative defense for the corporate offense of failure to prevent bribery where a company can demonstrate that it has put in place “adequate procedures.” And even in legal regimes where such incentives are not hard-wired into the enforcement framework, enforcement authorities may consider the strength of a company’s compliance program as a matter of prosecutorial discretion, e.g., as a mitigating factor in the assessment of penalties, or a reason to decline to bring an enforcement action altogether.

  • The Security System

While the potential for more favorable resolution of enforcement actions is, in our experience, one of the most compelling aspects of the business case for investment in a compliance program, compliance officers should also focus on the potential for effective programs to detect and prevent potential fraud, corruption, and other compliance breaches either before they happen, or soon enough for companies to take meaningful mitigation actions. In this sense, a company’s compliance program functions as an early warning detection system.

The potential cost savings in this regard can be substantial. In its 2018 Report to the Nations, after analyzing over 2,600 cases of corporate fraud, the Association of Certified Fraud Examiners estimated median direct losses of USD 130,000 per case, with more than 20% of cases involving losses of USD 1 million or more. Moreover, given that these estimates do not include indirect downstream losses such as loss of business, legal fees, or costs from personnel turnover, they likely understate the true cost of compliance breaches, and, correspondingly, the true value of effective compliance programs in avoiding or reducing such losses.

  • Avoiding Bad Deals

Along similar lines, when it comes to investment transactions or other transactions with business partners, a robust compliance program can help companies avoid bad deals. For example, robust integrity due diligence on potential business partners and investments can help a company identify significant fraud and corruption risks before the ink is dry and deals are consummated, thereby reducing the risk of follow-on investigations and/or enforcement actions. Additionally, robust pre-investment compliance measures can reduce the risk of adverse operational and financial consequences, such as overpayment for assets, the need to unwind problematic relationships with business partners, or exiting markets or business lines altogether due to compliance concerns.

  • Enabling Business and Creating a Competitive Advantage

While much of the foregoing discussion focuses on avoiding losses, compliance professionals should also make the case for compliance efforts as activities that affirmatively create value for a business enterprise.

At the highest level, an effective compliance program provides guardrails that help a company to achieve business objectives while mitigating compliance risks. Good compliance officers are “business enablers” who do not say “no” reflexively, but instead work with the business to fully understand risks and business objectives and devise tailored, fit-for-purpose mitigation measures.

A company with an effective risk-based compliance program may be able to function successfully in a high-risk market, whereas a company with a weaker compliance program may decide that it is not up to the challenge of operating in such a market, or worse, may go into the market unprepared for the compliance challenges it will face. This dynamic is particularly noteworthy in Africa, where we sometimes encounter companies who perceive the compliance risks of certain markets as too high, leading them to pass on opportunities that could be realized if they had sufficiently robust compliance programs. Realization of efficiencies from well-run compliance programs, e.g., streamlining vendor diligence and on-boarding processes with the use of technology, can also impact the bottom line by freeing up valuable resources.

The ability to operate efficiently in higher-risk environments can give companies a significant competitive advantage, but they are by no means the only competitive advantages that companies can realize from maintaining robust compliance programs. In the procurement context, for example, many of our clients evaluate the strength of their suppliers’ compliance programs alongside traditional commercial criteria such as price and quality of services. In addition, lenders and investors are increasingly factoring compliance considerations into their decision-making processes. Finally, in an environment where issues such as sustainability and human rights are driving consumer and employee choices, companies should be prepared for integrity issues to become increasingly relevant to consumers and employees, who may vote with their feet if they are unsatisfied with a company’s commitment to compliance.

*           *           *

The factors outlined here are by no means exhaustive, and the framing of a business case will be informed by the information available to a company. It may go without saying that companies that are better able to capture and analyze information that quantifies the return on investment from their compliance programs are better able to articulate a compelling business case. This provides additional reason for companies to focus on the use of metrics in designing, implementing, and evaluating the effectiveness of their programs.

If you have questions about corporate compliance matters, please contact Ben Haley at bhaley@cov.com, Sarah Crowder at scrowder@cov.com, or Mark Finucane at mfinucane@cov.com. This article is intended to provide general information. It does not constitute legal advice.

 

© 2019 Covington & Burling LLP. All rights reserved.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Benjamin Haley Benjamin Haley

Ben Haley leads the firm’s White Collar and Anti-Corruption Practice in the Middle East and Africa and is a chair of the firm’s broader Africa Practice. With deep experience representing clients before regulators in high-profile white collar and disputes matters and a history operating on…

Ben Haley leads the firm’s White Collar and Anti-Corruption Practice in the Middle East and Africa and is a chair of the firm’s broader Africa Practice. With deep experience representing clients before regulators in high-profile white collar and disputes matters and a history operating on the ground in emerging markets, he helps clients assess and mitigate a wide range of complex legal and compliance risks.

Complementing his investigations and dispute resolution practice, Ben has a broad-based compliance advisory practice, helping clients proactively manage compliance risk in areas including anti-corruption, trade controls, anti-money laundering, fraud, and data privacy.

Ben represents corporate and individuals clients in a wide range of investigations and disputes, including:

  • Investigations under the U.S. Foreign Corrupt Practices Act (“FCPA”).
  • Investigations into anti-money laundering, financial crimes, anti-terrorism, and sanctions and export control issues.
  • Securities fraud and accounting matters.
  • Board investigations and shareholder litigation.
  • Insurance recovery.

Ben also regularly advises clients on a range of regulatory compliance and corporate governance issues. His compliance advisory practice includes:

  • Performing risk and compliance program assessments.
  • Leading compliance reviews on business partners and assisting companies with third-party risk management processes.
  • Conducting forensic accounting reviews and testing and enhancing financial controls.
  • Advising on market entry, cross-border transactions, and pre-acquisition diligence and post-acquisition integration.
  • Assisting companies in designing, implementing, and maintaining best-in-class compliance programs.

In recent years, Ben has steered a number of clients to successful resolutions and declinations in complex FCPA and corporate fraud matters with the U.S. Department of Justice and Securities Exchange Commission. In his advisory practice, Ben has served as lead compliance counsel on a number of major M&A and investment transactions. He has developed special expertise assisting clients in leveraging technology in their compliance programs, including assisting one of the world’s largest consumer goods companies in the design and implementation of an award-winning compliance data analytics and monitoring system.

Ben has been described by the Chief Compliance Officer of one of his clients as “[a]n outstanding senior lawyer and advisor,” and “a guiding light for all things compliance advisory in Africa,” whose “advice is crystal clear, covers all angles and is business friendly.”

Photo of Mark Finucane Mark Finucane

Mark Finucane specializes in representing institutions and individuals in sensitive government and regulatory enforcement matters. He has also conducted numerous internal investigations involving issues relating to bribery, fraud, business and human rights, money laundering, and other matters presenting significant risk. In addition to…

Mark Finucane specializes in representing institutions and individuals in sensitive government and regulatory enforcement matters. He has also conducted numerous internal investigations involving issues relating to bribery, fraud, business and human rights, money laundering, and other matters presenting significant risk. In addition to Mark’s investigations practice, he regularly advises clients on compliance program obligations under the U.S. Foreign Corrupt Practices Act and other U.S. laws.

Mark was included in Global Investigations Review’s 2020 “40 under 40” list of the world’s most accomplished young investigations and white collar lawyers. Clients have praised Mark as having “thorough, substantive knowledge of the applicable law and excellent strategic judgment in dealings with governmental agencies.”

Photo of Sarah Bishop Sarah Bishop

Sarah Bishop is a U.S. and UK-qualified lawyer who advises companies on ethics and compliance programs, compliance with anti-corruption and anti-money laundering laws, business and human rights (BHR) and environmental, social, and governance (ESG) matters, white collar investigations, and suspension and debarment.

Sarah’s…

Sarah Bishop is a U.S. and UK-qualified lawyer who advises companies on ethics and compliance programs, compliance with anti-corruption and anti-money laundering laws, business and human rights (BHR) and environmental, social, and governance (ESG) matters, white collar investigations, and suspension and debarment.

Sarah’s compliance advisory practice includes helping multinational corporations develop and test the robustness of ethics and compliance programs, conducting risk assessments, conducting transactional and third party due diligence, supporting post-acquisition compliance integration projects, and delivering compliance training. She has particular expertise advising on the U.S. Foreign Corrupt Practices Act (FCPA) and UK Bribery Act and has advised companies in the energy, mining, pharmaceutical, healthcare, technology, and consumer goods sectors, among others, on anti-corruption compliance risks and program development.

As a member of Covington’s Business and Human Rights practice group, Sarah advises companies on the developing legal and enforcement landscape related to the corporate responsibility to respect human rights. She advises on enforcement risks under Withhold Release Orders (WROs), the Uyghur Forced Labor Prevention Act (UFLPA), and the Trafficking Victims Protection Reauthorization Act (TVPRA) in the United States, as well as developing ESG due diligence and reporting requirements in Europe. Sarah has helped multinational corporations in the healthcare, technology, automotive, energy, mining, and consumer goods sectors develop human rights due diligence programs, navigate human rights-related enforcement matters, and report on human rights due diligence efforts.

Sarah has extensive experience conducting internal and government-facing white collar investigations. Sarah has conducted investigations involving allegations of bribery, money laundering, export control and sanctions violations, fraud, human rights violations, and other forms of misconduct. She has handled matters before major international enforcement authorities and has been recognized in the Global Investigations Review Women in Investigations survey.

Sarah also assists clients in suspension and debarment matters before the World Bank and other international financial institutions.