Compliance – a business imperitive
3 February 2016
Many organisations see compliance as a ‘necessary evil’ and in many cases try to ignore it hoping it will go away. Whether we like it or not compliance is here to stay and it’s not only getting more and more complex in an increasingly complex and connected world but is having a bigger and bigger impact on business.
The effects of non-compliance / unethical behaviour:
Just a few examples that highlight the impact of non-compliance and / or unethical behaviour:
- Just look at what MTN is facing right now relating to the so called non-compliance with the Nigerian Communications Act (NCC). MTN was fined $5.2 billion by the NCC late last year for failing to disconnect five million subscribers, who were not properly registered, as required by law. The fine was subsequently reduced to $3,9 billion, which MTN is challenging in court. MTN has just been granted a lifeline to settle its $3,9 billion fine out-of-court with Nigerian authorities. On top of this, imagine the cost of all the legal fees! At least the lawyers will be happy! At one stage MTN’s shares declined by about 20% when the news of the fine broke out and on November 2nd 2015 the Johannesburg Stock Exchange briefly suspended trade in MTN.
- In December 2015, Standard Bank’s London unit was ordered to pay about $33m in fines, compensation and refunds relating to bribes paid to the Tanzanian government to secure a $600m contract. Standard Bank was punished for the sins of its subsidiary because it did not conduct “know your customer” and due diligence checks on Enterprise Growth, despite the possibility of bribery, said Justice Leveson.
- The U.S. Justice Department sued Volkswagen late last year for up to $48 billion for allegedly violating environmental laws – nearly four months after its emissions scandal broke.
- Who can forget the Newscorp scandal in 2011 /12 which brought a major media conglomerate owned by billionaire Rupert Murdoch to its knees after it was uncovered that one of the company’s most successful newspapers, News of the World, hacked the mobile phone of a murdered school girl.
- And the list of corporate failures and fines related to unethical behaviour and non-compliance to regulations goes on and goes on and on and will continue to go on whilst organisations continue to flout or ignore compliance. Some of the more notable scandals such as Enron (2001), WorldCom (2002) and Lehman Brothers Scandal (2008) and their affects can be found at http://www.accounting-degree.org/scandals.
- And if you as an SMME (Small, Medium and Micro Enterprise) think that compliance only applies to large corporates you will be surprised; you can have the best product and service in the market but just try winning a tender if your compliance documentation of which there is plenty is not up to date.
The State of Governance in South Africa
The institute of Internal Audit South Africa (IIA SA) recently conducted their Corporate Governance Index 2015. The survey was directed at Six hundred (600) Chief Audit Executives (CAEs) on the IIA SA database, which took the form of a self-administered web-based questionnaire. CAEs at professional services firms were specifically requested to report on a typical client, rather than on their own firms. Typical topics and questions rated were:
- Ethics: Are ethics an important part of your organisational culture?
- Compliance: Does your organisation comply with relevant legislation, regulations and standards??
- Leadership: Is your executive team functioning optimally in delivering the strategy of the organisation?
- Operation Risk Management: Is the process of managing risks within your organisation adequate?
- External Risk: Does your organisation utilise scenario planning to mitigate against unexpected external risks that may arise well beyond the boundaries in which the organisation operates
- Performance: Is ICT aligned to the strategic objectives of your organisation?
- Performance: Are your human capital resources are optimally utilised?
- Internal Audit: Does Internal Audit within your organisation have a sufficient degree of independence to enable it to execute its duties without undue influence or interference?Significant findings amongst others were:
- “Despite it having retained its Index score of 3.0, Compliance was noted as an area of concern by respondents, particularly as a significant emerging risk within organisations”
- “…. the adequacy of risk management within organisations continues to receive low percentage scores from respondents. This should be considered a high priority”
- Relating to ethics: ”Corruption increases the cost of business, leads to waste or the inefficient use of public resources, excludes poor people from public services and perpetuates poverty, erodes public trust, undermines the rule of law and ultimately delegitimises the state (OECD). The ultimate cost of corruption should encourage leaders to proactively promote ethical cultures in their organisations and ensure that the right tone is set at the top”
- “The top 5 areas of focus over the next few years are, in order of priority: Human Resources, Compliance, Macro-Environmental Economic Risks, ICT as well as infrastructure collapse and stability of essential services.”You can find the full survey at: http://c.ymcdn.com/sites/www.iiasa.org.za/resource/resmgr/PDF_Brochures/2015_Corp_Gov_Index.pdf
Getting the most out of Compliance:
On a more positive note, whilst compliance has many negative connotations of penalties and fines there are also tangible benefits to having an effective compliance function. Organisations that have effective compliance functions can create a competitive advantage for themselves:
- enhanced client satisfaction and confidence: There is a direct link between high levels of client satisfaction and confidence for businesses that are perceived to be compliant,
- management of reputational risk: An effective compliance function is important in the monitoring and mitigation of reputational risk,
- enhanced investor confidence: Organisations that have an effective compliance function demonstrate transparency and business integrity, thus enhancing investor and stakeholder confidence,
- enhanced access to capital and financial markets: due to improved disclosure and investor confidence,
- higher market value for the organisation: as result of increased investor confidence,
- better organisational performance: by ‘running a tight ship’ with good internal controls,
- enhanced social and environmental standing: by demonstrating ‘good corporate citizenship’,
- ability to operate in a global business environment: An organisation requires an effective compliance function demonstrating good corporate governance in order to survive the accelerated dynamics of a global market (‘village’).
So the moral of the story is that compliance, whether you like it or not is here to stay and is critical to the survival of any business. The trick is to find a balance between meeting regulatory requirements that demand compliance without impacting on the business imperatives of the organisation negatively. Another trick is to empower your compliance function to operate effectively without over complicating things. For example, by implementing the right software one can greatly enhance your compliance function whilst reducing the administrative burden of compliance. BarnOwl GRC software for example is fully integrated with the South African acts (provided by Lexis Nexis or EOH legal services) allowing you to identify and prioritise which acts and provisions you need to comply with, assign ownership and automate the ongoing monitoring of your compliance environment, providing an early warning system of non-compliance.
You can find out how to manage your compliance function effectively using The BarnOwl software by downloading the BarnOwl buyers guide below.
Article written by:
Director – BarnOwl GRC and Audit software solutions
BarnOwl is a fully integrated governance, enterprise risk management, compliance and audit software solution used by over 200 organisations in Africa, Europe and the UK. BarnOwl supports best practice risk management, compliance and audit frameworks (e.g. COSO, ISO31000, Compliance Institute’s handbook, International Professional Practice Framework), whilst offering a highly flexible and configurable parameter-driven system allowing you to configure BarnOwl to meet your specific requirements. www.barnowl.co.za
Download our Compliance software Buyers Guide to learn more