Going beyond perfunctory compliance practices through proper internal control can create a market advantage.
Compliance has evolved from a ”box ticking” approach to regulators demanding business leaders create “compliant cultures” within their organizations. While it can sometimes be a financial and resource drain on the business, a comprehensive compliance and risk framework can create strategic advantage.
FEI Daily spoke with Thack Brown, general manager and global head of Line-of-Business Finance at SAP, about the elements of a well-designed compliance initiative.
FEI Daily: What are the missing elements in the compliance programs you see today?
Thack Brown: They way companies have traditionally reacted to compliance-related topics, has always been about ticking the box. We have to be able to show the regulator that we’ve met the specific rule, or we’ve managed to do what it is they’re looking to have done. It’s viewed as an onus and as something else that’s taking up time and investment that’s to be minimized. We’ll get it done, but at the lowest level of cost in as little time as possible so that we can tick the box and make sure we’re covered.
The problem that you have today is there are so many regulatory requirements that are coming out on a global level, at a national level, even at a local level across. It requires you to now approach it with a different mindset. Just getting it done no longer works. It’s demanding a different kind of strategy from organizations to think about this a little bit more holistically.
To be able to respond in a more automated way, and to be able to respond in a more comprehensive way that gives you agility, that doesn’t layer spreadsheets, upon spreadsheets, upon spreadsheets and become unmanageable.
What specifically makes an effective compliance and risk program?
There are a couple of elements to it. One is starting with a different mindset. How can we use the regulatory requirement to our advantage? Or what is it that the regulation is asking us to do, that’s good for our business?
A really good example would be all of the new revenue recognition standards. For a lot of companies, it’s challenging them to better dissect their contracts and understand their contracts in a greater level of detail. But the really smart ones are looking at that as an opportunity to better understand their customers, to better understand the products, and the revenues associated with the products. To use that as the foundation for getting better customer level profitability or product level profitability. Of course I have to meet these accounting standards, but in doing so it actually gives me the excuse to look in to my business in more depth.
The second element is thinking about how they put the underlying system capability and flexibility in place so that they can better respond to any incoming compliance requests in a more timely, accurate manner, and at a lower cost. How do they get systems in place that will provide granular, real time information, a good solid digital platform that will allow them to do more automation so that, as new regulations come up, they can respond to them quickly. As opposed to lots of data dumps, breaking out the Excel spreadsheets, all of the things that they traditionally do.
Recognizing that you’re going to have a long-term compliance challenge – because it’s only increasing, it’s not decreasing – how do you use the technology and the capabilities to your benefit?
How often should companies be reexamining their compliance programs?
I don’t know that it’s a matter of reexamining. I think that companies need to be on a program of continuous improvement. Setting goals around how to understand the evolution of the business and how compliance can continue to evolve with that.
The first thing is, make sure that the compliance program is adding value, in terms of insight to the business. The second is having a competitive advantage. For example, in suppliers, it’s a lot about knowing your customer, your third party, your supplier legislation. The companies that can do better, who can get more comfortable, more confident, more accurate in understanding their customers or understanding the third parties that they are dealing with, have a market advantage.
Third is the cost of it. How are you going to manage the cost and keep the cost low? How are you going to drive up automation and continue to drive automation over time? And how are you going to make sure that compliance work also comes up to the speed of the digital environment? If you’ve got 24/7 transactions taking place, is your compliance capability embedded in to that transactional processing so that you’re all real time with those transactions? Or as your business model is evolving, is your compliance function ready so that when the business model changes, you’ve got the compliance in place? The third element is making sure that you can do it in an automated, cost effective way.
Obviously, the approach to fraud is evolving. How are compliance programs addressing fraud concerns?
We already know that there’s a very real cost to business from fraud. It also has reputational cost. It’s becoming harder and harder to manage. And people are getting more and more creative. They’re using technology to perpetrate more and more fraud. There’s no doubt that the ability to include fraud in any compliance program is critical.
In many cases it’s known that there’s some level of fraud within organizations. There are plenty of studies out there that show levels of revenue are typically lost by companies to fraud or other issues. There is typically some level of hard dollar that can be put against programs and you can help justify the returns on your investments, by bringing those fraud levels down.