GIVING DILIGENCE ITS DUE
By Karen Kroll
Companies are using outsourced service providers, bringing in experts, and making use of new technology solutions to stay compliant with the increasingly complex global regulations.
Despite some of the headlines over the past few years, more companies are working diligently to comply with the laws that govern their operations, such as the Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act. What's more, the heightened focus on compliance cuts across industries and includes those sectors, such as manufacturing, that have been less in the spotlight than financial services.
"Companies are being more proactive and taking a closer look at their anti-bribery and -corruption programs," says Jay Perlman, director of the global investigations and compliance practice with Chicago consultancy Navigant.
One reason for companies' increased attention to anti-bribery and corruption regulations is the steady upward trend in enforcement. According to the 2012 Mid-Year FCPA Update by law firm Gibson Dunn, the Securities and Exchange Commission and the Department of Justice undertook 48 enforcement actions in 2011, up from five in 2004.
At the same time, shrinking coffers at many government entities have prompted some to take a more aggressive approach to levying any fines or penalties that might apply, says Sanjay Jindal, global process leader, finance and accounting outsourcing with consulting firm CapGemini. "Governments are all short of cash, so they're looking for as much money as they can collect."
Although most executives want to be reasonably confident that their firms are complying with all the regulations they need to, "the FCPA still is the number-one focus for most companies as they build and develop their anti-corruption programs," says Bill Pollard, principal in the FCPA practice with Deloitte Financial Advisory Services. And the UK Bribery Act is also demanding attention.
The FCPA is one of the strongest and most highly enforced pieces of legislation. Complying with it means companies have covered many other regulations, Pollard notes, which is one reason it is being prioritized.
In developing effective compliance programs, more companies are taking a centralized approach in order to pool knowledge and create a center of excellence, Jindal says. Plus, visibility into potential issues improves when the processes are centralized, he adds.
A centralized model means pulling together information from disparate systems, says Mark Reed, chief executive officer with NAVEX Global, an ethics and compliance firm from Oregon. For instance, a dip in sales in a particular region may prompt an executive to examine both the customer and human resources databases, revealing an inordinate number of workplace incidents in the area. The incidents are leading to higher turnover and affecting sales. And, of course, they can indicate a compliance issue.
STRATEGIES FOR EVALUATING THIRD PARTIES
Ask business partners for documentation on their business practices.
When possible, review published reports of vendors or business partners.
Use technology to screen vendors.
Still, even as many experts say they've seen a trend to centralize compliance functions, Perlman of Navigant says he's seen both centralized and decentralized approaches to compliance. Key to an effective decentralized program: The compliance department can't be a silo, he says. "There has to be communication from the corporate level to make sure people are doing things in a consistent fashion."
Reed, NAVEX: New technology solutions are helping companies to screen vendors
Many companies are also standardizing business processes, such as their vendor due diligence procedures. This trend makes it more likely that the function is handled in a consistent and appropriate manner, no matter who has responsibility for it, Pollard says.
Another critical element of any effective compliance program is its strategy for preventing corruption done without the company's knowledge, but on the company's behalf, by third parties. "You can't hire someone and take an ostrich approach" when they break laws, Perlman says. A company that does can be penalized. For instance, earlier this year, the Department of Justice announced penalties against several companies and the intermediaries they had hired as business partners, when it was discovered that the intermediaries had bribed Nigerian officials in order to win contracts to build liquefied natural gas facilities. The penalties and forfeiture orders between the firms topped $1.7 billion.
Despite the importance of effectively managing third parties, this function still is evolving at many companies, Pollard says. As a starting point, a growing number of firms are asking their business partners for documentation on their business practices, Jindal says. When possible, companies also review published reports of their vendors or business partners, he adds.
In addition, some are using technology as part of an overall program to manage their vendors and agents, Reed says. For instance, software can provide the third party with online training on relevant regulations, and also provide a medium for the agent or supplier to document its compliance with regulations.
TECHNOLOGY AND OUTSOURCING
Technical tools are becoming increasingly necessary, given the complexity of compliance regimes, says Derek Schwartz, vice president of global financial services with Axway, a provider of technology solutions to manage and govern business interactions. Key is the ability to proactively analyze information and develop more extensive audit trails.
Pollard, Deloitte: Standardizing business practices makes it more likely that compliance is handled in a consistent and appropriate manner
A few companies are leveraging technology to address both fraud and corruption, Pollard says. For example, they might install software to detect fraudulent transactions undertaken to remove money from the company for a bribe. Another application: using technology to review T&E reports for red flags on inappropriate payments to government officials.
Hiring outside experts can also help ease the compliance process. Although a company's employees usually—and not surprisingly—have the greatest knowledge about its inner workings, they may lack the expertise needed to, for example, "understand how risks materialize into improper payments," Pollard says. For instance, what transactions could an employee use to get money out of the company to pay bribes? An outside expert should be able to shed light on this type of question.
Technology and specialist advice may require some investment, but it can pay off in more than just an ability to avoid fines. Looking more broadly, rooting out corruption across the business environment should not only improve the health of the economy overall but also benefit those companies recognized as playing by the rules. The potential damage to an organization's reputation, should its shareholders or customers find that it's been out of compliance with applicable regulations, weighs on executives' minds, says Ian Goldsmith, financial services solutions architect with Axway. With increasingly gun-shy investors evaluating their portfolios more closely than ever, any whiff of wrongdoing can cause share prices to drop like a rock. Goldsmith notes: "The big deterrent is the reputational risk."
CREATING PEACE OF MIND
Most corporate loans come with numerous covenants borrowers must meet to avoid default. Violating one, even inadvertently, can trigger a cascade of negative consequences. For instance, a default on one loan may lead to defaults on any other lines of credit a company has, increased fees and penalties and negative publicity. In the worst case, a bank may decide to demand immediate repayment. Despite the risks, few companies give loan compliance the attention it deserves. It's not difficult to understand why. "The debt agreements are densely worded, legal agreements that run maybe 50 pages," says Jeff Wallace, co-founder of Debt Compliance Services. Some covenants may reach deep into an organization. For instance, one might stipulate that any asset sales over a certain amount need to be approved to the bank. That means a plant manager who sells old equipment for thousands of dollars without notifying the bank puts the company at risk of a technical violation. "To the bank, he sold collateral," Wallace says.
Debt is one of a number of niche areas in which vendors are looking to take away the pain of staying compliant. New technology solutions, such as those offered by Debt Compliance Services, can help reduce the time and manual effort needed to meet covenants or requirements.
"It's a huge benefit," says Christine Sacco, chief financial officer and treasurer with Smart Balance, a $365 million food products company. If the company didn't work with Debt Compliance, it would have to keep a paper copy of a credit agreement in a central place within the firm, Sacco says. Moreover, it wouldn't be unusual for the document to sport dozens of sticky notes detailing, for instance, a conversation with the lender to clarify a specific provision. "Other people at the company that might benefit from knowing that don't find out," Sacco says.
Now, anyone who needs access to the document can get it electronically, even if he or she is away from the home office. Instead of paper sticky notes, the software allows for the inclusion of comments, ensuring that everyone is looking at the same information.
And, the hyperlinks allow Sacco or a colleague to easily find any provisions they're looking for. Say the company is considering an acquisition. Sacco can query the application to find all covenants that might impact the acquisition process. "It gives CFOs peace of mind," Sacco says.