Compliance programs fail without support

Export-controls violations at United Technologies and Raytheon and the ongoing bribery investigations at JP Morgan and Wal-Mart are just some notable examples from the steady pace of stories in the news media concerning corporate compliance issues.
These types of problems are, of course, very costly to deal with, in terms of penalties and fines paid in settlements, and as a result of the costs to investigate and remediate any problems. With that backdrop, companies of all sizes and in all industries should understand by now the critical importance of having an effective compliance program.
The U.S. Federal Sentencing Guidelines expressly reflect the need for corporations to have an “effective compliance and ethics program.” Similarly, the Bureau of Industry and Security of the U.S. Department of Commerce preaches that exporters must have an effective export management and compliance program to avoid violations of the Export Administration Regulations.
Despite this guidance, a common mistake is to have nothing more than a generic, “off the shelf” compliance program consisting of little more than standard, boilerplate policies and procedures. Policies and procedures are undoubtedly vital pieces to a compliance program, but they, and the entire compliance program, generally, must be risk-based and tailored to address the specific risks of a given entity, based on the nature, scope and location of its operations.
One particular source of risk for companies is its relationships with third parties, particularly the sales representatives, distributors and consultants used in international business operations. Managing those risks begins with performing meaningful due diligence on those third parties before the relationship has commenced and then continues with the need to manage those relationships from a regulatory-compliance perspective. Once the risks have been identified and prioritized, and the policies and procedures drafted, they must be thoroughly implemented. The program is worthless if those policies and procedures are simply put away on a shelf and ignored.
Effective implementation requires communication of the policies, procedures, guidelines and expectations, and there must be sufficient personnel to carry out those procedures. Those individuals must receive meaningful and regular training, and training should ideally extend to the third-party intermediaries the company works with, so that they are clear as to the company’s expectations.
After the program is up and running, it still requires attention.
There should be periodic reviews and audits to check if the program is working as intended and whether there are changes needed. Changes in the program could be required as a result of unforeseen gaps or inadequacies found, or because of a change in the nature of business or operations, such as the opening of a new manufacturing or sales territory, or the introduction of a new product line.
It is clear that such a program entails many elements and that someone must have oversight responsibility for these activities. That person must also receive adequate support, at both the senior management level and in terms of personnel to assist in implementing the compliance program.
It is vital, therefore, that resources, both human and financial, sufficient to effectively implement the compliance program globally, are made available.
The sentencing guidelines expressly state that the individual given oversight of the compliance program “shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.” The FCPA Guide also notes these requirements and emphasizes that the individuals with oversight responsibility of a company’s compliance program “must have . . . sufficient resources to ensure the company’s compliance program is implemented effectively.”
Not to be outdone, the very first element in the BIS Core Elements of an Effective Export Management and Compliance Program is “Management Commitment: Senior management must … commit sufficient resources for the export compliance program, and ensure appropriate senior organizational official(s) are designated with the overall responsibility for the export-compliance program.”
Balancing these requirements with practical realities, one must of course recognize that to achieve their growth and profitability targets and compete in the global economy, companies must operate in a lean and cost-conscious manner. Compliance personnel recognize those constraints and understand that they, like every other corporate function, must operate efficiently with finite resources.
Still, limited or finite resources do not mean a complete lack of resources, and effective compliance requires some level of resources. Without them companies are unlikely to have a program that reduces risk and protects assets, and it will certainly not meet the expectations of regulators.
The level of resources for a given company’s compliance program will depend on the size and complexity of the company and its operations, as well as the industry in which it operates. •


Eric J. Rudolph is president of Rudolph Export Consulting, Inc. He can be reached at eric@rudolphexport.com.

No posts to display