As the US has extended its regulatory reach beyond its own borders, other jurisdictions have followed its lead. Global corporations face an ever-growing burden in maintaining compliance with increasingly complex regulatory and reporting regimes. This is affecting their budgets, their structuring and also their strategy.

Hassan, CNH: In terms of corruption enforcement alone, we have only reached the tip of the iceberg.
Fuentes, Security Bank: The Philippines central bank issued a whole new compliance rating system.


Unsurprisingly, the catalog of companies that have ended up in regulators’ sights is long and getting longer. Just in March in the US, Commerzbank, global oilfield services company Schlumberger, and Paypal all agreed to pay hefty fines (respectively $1.5 billion, $237.2 million and $7.7 million) for allegedly violating a mix of anti-money-laundering laws and sanctions. More famously, BNP Paribas settled US sanction-related charges for $8.9 billion in 2014, the year that Credit Suisse was fined $2.6 billion for abetting tax evasion. Wal-Mart is under investigation for bribing officials in Mexico, a probe that has already cost it more than $400 million, before any penalty is assessed. Since 2008, Siemens has paid more than $1.6 billion in fines in four jurisdictions—the US, Germany, Turkey and Greece. And last year GlaxoSmithKline was fined nearly $500 million by the Chinese government for paying bribes to doctors.

The costs are manifold, and include legal fees, hiring outside investigators and then hiring consultants to build up a remedial compliance program and monitor it for a period of time (in Siemens’ case, all of this came up to approximately an extra $1 billion).

But the full damage to a firm from an enforcement action goes beyond monetary levies. A recent Thompson Reuters report listed other farther-reaching penalties, like the negative impact on a firm’s share price, stricter liquidity requirements, and criminal convictions for executives. Not to speak of the longer-term impact on a company’s brand, particularly in the age of social media, when bad news spreads at lightning speed. Axel Klappstein, head of compliance at Berenberg Bank in Germany, notes: “Above all [noncompliance may result] in a loss of or damage to the [firm’s] reputation.”

The flip side, though, is that compliance also represents an opportunity for a firm to improve its credibility with the public while allowing it to safely enter markets that, otherwise, it might have to avoid altogether.

“At the bank I used to work for, after we set up our sanctions and export controls program, we could offer clients services that others would simply say no to, because of their inability to manage the sanctions risk,” says Martijn Feldbrugge, owner of Business and Sanctions Consulting Netherlands. “Compliance generated business and therefore money.”


Motivated by both the stick and the carrot, companies have been ramping up their dedicated spending. In a 2014 Deloitte survey, 50% of respondents said their company had a stand-alone chief compliance officer, compared with 37% in 2013, while three-fourths reported that their compliance budgets had increased over the previous year. “We have tripled the number of compliance staff at holding company level compared to what we had five years ago,” says Thomas Loesler, chief compliance officer at Allianz. “And this is only a fraction of the increase in the overall cost of compliance across the entire organization.”

With compliance staff and budgets also increasing, CNH Industrial has appointed a stand-alone chief compliance officer. “We did historically have someone in charge of compliance, but it was a dual role held by the general counsel,” says Hassan. “It has become increasingly clear... based on enforcement activities and opinions from different government agencies, that for a public company, it is a best practice to have a separate compliance function with direct access to the corporate audit committee.”

But, givien the skyrocketing costs, one key objective is ensuring the best use of investment dollars, which is where technology come in. “In traditional financial services, compliance is more of a manual process,” says John Beccia, general counsel and chief compliance officer at Circle, a consumer finance company that works in bitcoins. “We are finding ways to automate things and leverage technology to give us more information on our customers.” According to advisory firm TechNavio, the global AML software market will grow around 11.5% annually until 2018.

Once a degree of regulatory rationalization is achieved and more consistent staffing and budget levels, and technology, mature, compliance could become less a source of stress and more a point of pride. The pharmaceutical industry provides an interesting, if somewhat unlikely, example: “Banks are going through what the drug industry went through 10 years ago,” says Rady Johnson, chief compliance and risk officer at Pfizer.

“For us the impetus was to address the perception that Big Pharma was misleading people. So we put in place a stand-alone compliance function, and we now have a whole division that did not exist then.” Reportedly, that investment is paying off in terms of reputation, with the industry having regained some of that lost trust back, and money. “In the last couple of years we have been able to reduce our budget, not because we are cutting back but because with ten years under our belt, we have learned to do it more efficiently,” Johnson concludes. “I’d be remiss if I didn’t talk about changing a firm’s culture. Because it doesn’t matter how many systems you have in place, if your culture is not the right culture, you’ll always be pushing a rock up the hill. It is fundamental that each and every employee owns compliance.”