Shall we comply with the law?
20 March 2012
18 September 2013
23 June 2014
31 January 2014
18 October 2013
9 December 2013
The compliance team is often seen as the poor relation to the in-house legal team in a business, but I suspect this is all about to change.
Imagine asking any board director: “Would you please specify the laws and regulations that apply to your business that you will be choosing not to comply with in future?” The answer, of course, would be an incredulous: “No”. It is the shortest answer any question can have, but in this case ’no’ is packed with consequences.
First and obviously it indicates that the board expects to comply with all applicable laws and regulations. This must be the position of all boards and a completely uncontroversial statement, but if this is the case then all boards must also be interested to understand:
· What exactly are the applicable laws and regulations in every jurisdiction in which we trade?
· How do those laws and regulations apply to our business?
· How do we track how any new laws will impact our business?
· How do we then comply with all these laws in a way that is proportionate to the risk, but which is also assuredly within the law?
· Then, how do we know we are actually complying with these laws so that we have the evidence to back up our desire to comply? And, finally;
· What do we do if we sense that we are not complying and what do we do when we find out that we are definitely not complying?
And so for any significant and mature business the compliance function is born.
In-house legal teams might once have been a little sniffy about compliance work - it was, after all, for the ’box tickers’ down the corridor. But in fact compliance is of far more interest to a board than most of the work a legal department undertakes. It is directly relevant to the duties of directors, goes to the heart of personal and corporate reputation and is always on the formal business agendas.
It is very hard to outsource compliance and not lose empathy and proportionality. In addition, a compliance failure will often be brought to the attention of a regulator. This in turn can impact reputational risk and the ability to trade in addition to having financial penalties. In extreme circumstances directors may even face personal sanctions in a way that most legal work does not entail.
On the other hand, nearly all legal work can be outsourced and in any event does not usually impact every policy, process and person in the business. Legal work, in this context, is frankly not that significant. Indeed, I will go so far as to say that if in-house teams do not embrace compliance and bring to it all their creativity and expertise, then they are putting at risk their own value to their businesses and missing a significant opportunity to become strategically important.
The opportunity to do so, however, is very much alive. This is not a closed shop and there is much work to be done for lawyers and compliance professionals alike. For many organisations compliance is something of a mystery, while for others it is very much a maturing function. The compliance journey has really only just begun.
It would be easy to make compliance bureaucratic, insensitive to business priorities and superficial. Not only should it be the opposite of these failings, it should also encourage better risk management, help to raise standards in the conduct of business and mitigate the consequences of any failings that are probably inevitable in any large scale operation.
Importantly, businesses must also come to appreciate that they have a duty of care to help all their employees avoid the consequences of inadvertent breaches of rules and regulations. In this context, if a company is true to its values then it will invest in ensuring compliance requirements and responsibilities are evident in the recruitment process, induction, training and appraisal. Compliance is part of everything.
Compliance might not be sexy in the way that some lawyers think an M&A deal sets the pulse racing or a high-profile dispute plays out in the courts, but it is an essential assurance function and a crucial link in the governance chain. Indeed, it is one of the few areas that provide everyone from board member to the lowest operational grade with a common objective.
Legal work will continue to be important - obviously - and if it is done well it will always be of significant value. Compliance, however, can be and should be part of the DNA of a business. It is an unsung function, but one that I predict will become increasingly significant, increasingly valuable and increasingly strategic.
External advisors and in-house lawyers look out: this may be your best opportunity to make a very big difference to your business, so don’t be sniffy about it and don’t leave it to the box tickers!
Paul Gilbert is chief executive of management and skills training consultancy LBC Wise Counsel