How can the CCO and the CEO build a profit-making relationship?
The Chief Compliance Officer’s job is to ensure that company business is conducted with a complete respect for all relevant laws. This priority often results in a challenging relationship between CCOs and top management. Too often the CCO can be perceived as the person who inhibits growth in the business. Through our experience with businesses in a variety of industries and sizes, we are convinced that there is a direct correlation between the relationship quality of the CEO and CCO and the sustainable growth and solidity of a company’s profits. Philippe Montigny explores the conditions that need to be created in order to see this relationship flourish into a profit-generating tool for your company and how this can be supported by ISO 37001.
For the CEO, the necessity to carry out business legally goes without saying! But it is necessary to go further….
When we meet chief executives, and this is the case the world over, two things always stand out. The first is their ability to get to the heart of the matter and make decisions quickly, regardless of the complexity of the situation. The second is that conducting business legally is a given for CEOs, including the requirement that every employee conducts himself or herself in an ethical manner.
This can often create a lack of understanding of the importance of the CCO’s role within a company. It is not easy for a CEO to differentiate that it is one thing to believe that respect for the law is fundamental, but another to ensure that all laws are respected. In other words, it is easy to follow instructions when the law states what it is necessary to do, but much more complicated when the law states what must not be done.
Take corruption as an example: it is forbidden to confer, directly or indirectly, anything of value to obtain an undue advantage. What is “anything of value”? What is “indirectly”? What is “an undue advantage”? It is the Compliance Officer’s role to clarify these questions, and to implement procedures that will ensure everyone understands the stakes and respects the proscription of corrupt activity.
The CEO should view the Compliance Officer as the person whose expertise will ensure that the CEO’s desire to conduct business with integrity is understood, respected, and executed by every company employee. Trust needs to be built and nurtured between the two which will allow the CCO to build the best compliance program he or she can.
For the CCO, the risk of corruption is omnipresent! But it is necessary to go further…
Compliance officers are made aware of new cases of jurisprudence on an almost daily basis. They see the sanctions, the prison sentences and, most importantly, they see the growing complexity of the mechanisms used to corrupt. For example, practices including awarding internships to the children of public officials for the attribution of a contract or trips for prospective clients had been viewed as insignificant, but they are now being judged much more harshly. Compliance officers also get daily first-hand accounts of how many grey areas there are in every commercial operation, as well as how different staff members perceive these grey areas depending on their history and experience.
It is tempting therefore to implement a very strict policy and avoid situations considered high risk. However, to paraphrase a proverb, just as it is easy to have clean hands if you have no hands, it is easy to avoid corruption risk if there is no sales activity. The first responsibility of the CCO is to identify corruption risks as precisely and with as much detail as possible. The second responsibility goes further: which policies need to be implemented to control these risks in an appropriate manner?
The following illustrates the point: if you are going to drive in an area where there is a high likelihood of snow, you equip your vehicle with snow tires. With this precaution in place and by adapting your driving habits, it is possible to travel safely. If 50 centimetres of snow falls overnight, the driver, made aware of the conditions, will wait for the snow plough to pass.
It is the role of the Compliance Officer to support those in operations by providing them with the tools necessary to conduct business with integrity, even in the most challenging environments. This practice highlights the value that a set of standard practices like those comprised in the ISO 37001 can have for the CCO. The standard’s requirements give compliance officer the specific controls that need to be in place to avoid and report any corrupt activities. The ISO 37001 helps CCOs to improve the ability of operations staff to evaluate risks autonomously and to determine when the risks are too high to control reasonably, and therefore necessitate a withdrawal from the project.
The CCO facilitates the CEO’s objective of company growth even under difficult conditions. If you consider the impressive growth of emerging markets, where risks are higher, it is apparent that compliance is an essential function in the healthy development and expansion of any business in those markets.
CEO – CCO: building a profit-making relationship
The CEO and the CCO have a common objective: the company’s sustainable growth. The CEO’s success will be as great as their CCO’s ability to manage risks, enabling the company to operate in riskier areas where profits are potentially much higher.
Beyond mastering business risks, the CCO provides the CEO with a particular asset that is often overlooked: encouraging innovation. Traditionally, the higher risks are perceived to be the more restrictive compliance procedures tend to become. Companies are more comfortable working on development and innovation than bureaucratic management. This tendency has led many companies to simplify their sales procedures by reducing the number of sales agents and focusing on a smaller, but highly effective, group. Companies have also left certain sectors that are known to be risky, and instead focus on less risky areas for the very same reason: they can encourage innovation and product superiority while minimising exposure to acts of corruption.
Another innovation within the business community that has changed the way companies throughout the world have structured their compliance programs was the creation of the aforementioned ISO 37001 standard on anti-bribery management systems. Created with input from compliance industry leaders throughout the world, the standard requires that organisations implement certain policies and controls in line with international best practices to limit bribery risk and grey areas. CCOs are then able to have their program audited and certified by third-party agencies/bodies like ETHIC Intelligence. An ISO 37001 audit and certification proves an organisation’s commitment to compliance and sustainable development to all stakeholders. This commitment can then be communicated internally and externally and act as a differentiating factor in the marketplace. To be certified against the standard, the company and therefore its CEO need to provide its CCO with full access to the Executive Committee, access to the Board, and give the compliance team all resources needed for the execution of his duties in relation with anti-bribery. It is therefore likely that companies whose CCO has a bad relation with the CEO will encounter difficulties implementing an efficient anti-bribery management system, making their odds of certification improbable.
Over the past ten years there have been multinationals that have been convicted for corruption, have paid the fine, undergone the monitoring, invested significantly in compliance, and come out as some of the best in class. What is the secret? These companies always include compliance in their strategic planning and encourage a great relationship between the CEO and the CCO. These companies demonstrate that compliance is first and foremost a strategic, not legal consideration.
by Philippe Montigny
President, Certification & Impartiality Committees