We have been involved in the compliance industry since 2003, soon after Sarbanes-Oxley was passed. At the time, companies were scrambling to be compliant with the new laws. Most were figuring out what the laws meant and what was necessary to meet the new standards. It wasn’t strategic — the goal was to get in line with the laws and regulations so you didn’t get fined, end up in the headlines or get thrown in jail. Some companies took compliance more seriously, but largely compliance existed in a vacuum — it was provided little in the way of clout, resources or a seat at the business table to determine the direction for company operations. Some of this changed with enforcement at Adelphia, Enron and others, but most companies weren’t ready to embrace compliance wholeheartedly and see it as more than a roadblock.
Budgets at compliance departments were not defined, best practices did not exist, policies were in their infancy and there was an immense gap in terms of industry expertise. There weren’t many dedicated chief compliance officers in most cases, and the internal audit office or the general counsel was suddenly given new tasks, perhaps finding themselves in charge of a hotline or compliance training.
There was no obvious value proposition at the time either — compliance was viewed as a necessary task and generally wasn’t given much budget or headcount, if any. What we found during this period in compliance was that it was a reaction to the government, and that was about it. ComFeing innovative or going above the minimal legal requirement was not justified. The government was only starting its compliance enforcement effort and companies were seeing for the first time that it paid to be compliant, with reduced fines or deferred prosecution agreements as a reward for effective compliance programmes.
A compliance-innovation revolution
After a couple of years, the reality started to sink in that compliance wasn’t going away anytime soon. Leaders at some companies, realising this early on, tried to make lemonade out of lemons and change the view that compliance was a hurdle. To get value out of compliance and have an element of credence in their efforts, they needed to show the value to the business and build up their capabilities.
In short, they began looking for ways to turn compliance into a competitive advantage.
Service providers popped up all over the country, providing hotlines, online training, and due diligence to help companies do a better job. There were over a hundred companies that seemed to spring up overnight that were innovating and delivering different perspectives on how to be more efficient or to provide more comprehensive services. Some of these companies grew quickly over the next five years, and solutions evolved as compliance departments became more sophisticated. Many other companies folded as they discovered that providing a single service is not the same as providing all necessary solutions to compliance issues.
In-house compliance professionals started to see more companies marketing their compliance programmes, and they saw financial gains — in profit and shareholder returns. Independent studies showed that companies with a strong compliance culture were more profitable. Thinking started to shift from viewing compliance as a cost centre to seeing it as a revenue producer. Compliance professionals started to get a seat at the table when a company looked at entering new markets, acquiring another company or growing a new product.
Stakes now vs. then
At the same time, in 2007, the US government ramped up its Foreign Corrupt Practices Act (FCPA) enforcement with over US$150 million in fines from 15 different enforcement actions. By 2010, the number rose to US$1.4 billion in fines. This raised an entirely new risk; even though FCPA had been in place since 1977, it had been seldom enforced. With the fallout from corporate scandals in the early 2000s, the government put companies on notice. Corruption and bribery weren’t exactly at the top of lists of risk topics, but they quickly shot up to the top spot.
The stakes are even higher now in terms of enforcement and risk. We have recently seen the Serious Fraud Office in the UK undertaking its largest enforcement ever, and it would appear that bad actors are getting more sophisticated. As fraudsters and criminals are becoming more intricate in their evasion tactics, compliance departments and government enforcement agencies are keeping pace on detection methods. The world seems to have taken a turn for the complex. New data-privacy regulations and strengthened anti-corruption regulations are the new norm, and governments are working together to stop corruption.
There are huge paydays for enforcement agencies that ferret out corrupt acts. Not only are companies subject to disgorgement of profits but they also may face huge fines. Government regulators, at this time, were fairly quiet about defining the exact compliance controls, policies and processes that needed to be in place at companies. It was up to in-house counsel, outside law firms and compliance vendors to make sense of the vague guidelines that would trickle out with each enforcement action. Companies needed help with what constituted best practices, and compliance vendors could often produce quality advice for a fraction of what law firm would charge. The compliance consulting industry grew rapidly as enforcement increased and the budget of the compliance departments were increasing as well.
Compliance vendor consolidation
By 2012, we began to see consolidation in the compliance consulting industry as venture capital firms became major players, acquiring compliance-related businesses after identifying this as a high growth and profitable industry.
For the chief compliance officer, it was a difficult time because compliance programmes and the technology to support them had come a long way, however then many compliance technology vendors stopped their focus on innovation instead focusing only on profitability, shareholder value, appeasing investors, and earnings. Of course this is important for any business, but the unintended consequence of this led to a stagnant market where the tools were the same as in 2008 while the risks continued to become increasingly complex.
What used to be a niche market had gone mainstream. What used to be a place where you could call your support or sales rep and get meaningful advice was now a memory, and in its place stood an eager person with great intentions to serve their company but no practical experience or knowledge of compliance. Some vendors stopped understanding the challenges companies faced and no longer had experience to share how others had solved similar problems. It became more measured, more dichotomised, less service oriented and more frustrating for the compliance officer.
This was the time of the financial crisis surrounding mortgages, banking and housing. Some companies were on the verge of bankruptcy, markets were in a tailspin, investors were panicked, employees feared for their jobs, opportunities were drying up and pressures were greater than ever to meet quotas. These factors produced an environment ripe for compliance failures, with a desire to cut corners and turn a blind eye to unethical practices.
It becomes more challenging to do the right thing when the economy is down and companies see
When we speak with compliance offices around the world today, they want better service, more automation, innovative ideas and technology and someone to talk to whom they can trust. It is hard to accomplish this along with making a huge profit, which is why many of the private equity firms failed in this space. They are responsible first for shareholder return, then the customer, and then their employees. There is a balance, and it certainly isn’t easy.
We have our challenges here as well. We strive to innovate, think outside the box, deliver clever solutions that make our customers better and more efficient at their jobs. These are not always easy to achieve, however, and sometimes we can’t meet our aspirational goals, or we spend way too much to ensure we don’t fail. However, it is in working towards obtaining the goals that great lessons are learned, and we strive to be more than just a service provider but instead a trusted adviser. I think when you push the envelope and strive to deliver great things, there are bound to be setbacks, but we persist.
We understand the challenges you face; we have been there through thick and thin, and we continue to invest in our people to ensure that when you talk to us, you talk to someone who will add value to your program. We continue to invest enormous amounts of time and money into innovation. We know there are new challenges you face — some because the compliance industry stopped innovating, and some because the world continues to become more complex. Our approach is the same today as it was the day that Scott Lane, The Red Flag Group’s CEO and chairman, opened the doors over a decade ago. What can we do smarter, more effectively, with less resources? How can we drive innovation that will make not only your compliance department better, but your company safer and more profitable?
You will continue to see new solutions from The Red Flag Group. We know the industry needs innovation, and we recognise those areas in compliance that haven’t changed for far too many years.
We also receive a massive amount of feedback about the quality of our work and how the information and advice we provide is second to none. This is no accident. We are on version 6.2 of our due diligence reports, and this offers a very different take from the previous version. We will continue to push forward to develop better ways to present the data to you in a compelling and informative format.
You need better tools, more automation, more efficiency, and faster processes to keep up with the changing times. CCOs are expected to bring value to the business, to mitigate risk, to help the business make responsible decisions to grow and serve the shareholder. This is the case today and will continue to be in the future. It is critical and expected that the CCO is not just a cost centre but a business enabler. If you look back over the past 10 years, that is quite a leap.