Stay current on changes and developments in corporate law with a wide variety of resources and tools.
By Amy Matsuo and Richard Girgenti
Amy Matsuo is a Principal and the National Leader of KPMG LLP’s Regulatory Risk Practice, which advises companies on enterprise-wide compliance, safety and soundness, broker/dealer, asset management, consumer compliance and other regulatory risk management issues. Amy also leads KPMG’s multi-industry compliance transformation solution and is on the firm’s Women’s Advisory Board. She has substantial experience leading and coordinating regulatory advisory engagements across an array of industries.
Richard Girgenti is a Principal in KPMG LLP’s Risk Consulting Group and a former Board Director for KPMG LLP where he Chaired the Ethics and Compliance Committee. He previously served as National and Americas Leader for KPMG’s Forensic Advisory Services. He has more than 40 years of experience conducting investigations and providing risk management and compliance services to clients in the public and private sectors.
The Trump administration has often stated that it plans to roll back regulations in an effort to create a more business friendly environment. Even if that comes to pass, boards of directors will continue to have their work cut out for them in safeguarding their company against regulatory and compliance risk. Indeed, the boards’ responsibilities may just have gotten more challenging.
While the current administration has said it is committed to reducing regulations by 75 percent (as reported in a Jan. 23 Business Insider article “ Trump: We’re going to `cut regulations by 75%’ and impose a `very major border tax’”) companies will face increasing regulatory demands, not merely at the federal level, but also at the state and global levels where it is likely that there will be more, not less, regulatory and enforcement activity.
With an uncertain and evolving regulatory landscape, and the ever increasing cost of compliance, boards need to be confident that the company operates in a safe and sound manner. They also need to remain vigilant that the business, risk and compliance functions are addressing current, as well as emerging, risks in a timely manner.
In addition to overseeing business strategy and performance, boards are responsible for ensuring that management is doing all that it can to manage risks. For example, recently the independent directors of Wells Fargo commissioned a review to examine the root causes of sales practices and associated management oversight.
To help ensure that management is adequately managing risks, boards should do the following:
In fulfilling its responsibilities in a changing regulatory environment, there are a number of questions that a well-informed board needs to be asking:
In the current environment, it is possible that the Trump administration may deliver on its promise to ease regulations. And because of a more business-friendly environment, enforcement agencies, like the Securities and Exchange Commission (SEC) and Department of Justice (DOJ), may take a less proactive and aggressive posture with regard to corporate misconduct than we have seen in recent years.
However, while federal regulations may be reduced, they will not go away. And to the extent that regulations are reduced, a company will still need to check and see that its compliance processes are not outdated and costing more than they should. Further, while enforcement priorities may shift, the federal government will certainly remain committed to ensuring that misconduct is prosecuted.
Moreover, many states, including California and New York, are likely to fill any real or perceived gaps in federal regulations and enforcement. In many areas, ranging from investor and consumer protection to environmental and employment and labor law, states have overlapping or parallel jurisdiction.
What’s more, companies conducting business in foreign jurisdictions will need to keep abreast of changes in global regulations, especially considering the Brexit situation. They must also be attentive to increasing global enforcement efforts in places like the European Union, Latin America and Asia.
So keeping track of federal, state and global regulatory and legal obligations will become even more challenging to companies and their boards. To this end, the foundation of a more effective compliance programs will begin with:
Unfortunately, most companies rely upon manual and patchwork processes for tracking regulatory change. In a recent KPMG survey, “The compliance journey: Boosting the value of compliance in a changing regulatory environment,” most CCOs noted that the process for managing regulatory change is an area in need of improvement. Specifically, only 22 percent of CCOs surveyed know whether there’s a process in place for the board to review regulatory changes and just 27 percent strongly agree that the compliance function has a change management process in place. Less than a third of those surveyed said they had a change management process in place to identify and incorporate changes in laws and regulations. And over 60 percent were unsure whether their technology infrastructure was adapted to align with regulatory change.
These findings should raise alarms for boards and spur them to focus on ensuring that management is adequately addressing the risks created by regulatory change.
Culture is perhaps the most challenging, and most critical, component for creating an effective compliance program and achieving organizational integrity. For most organizations, culture is the “soft stuff”—the hard to define and measure component of a compliance program.
In the KPMG survey of CCOs, strengthening governance and culture was one of their top three challenges. Yet, nearly 40 percent of respondents did not know if, or disagreed that, their lines of business management took ownership of the compliance culture and agenda. Nearly one-third said they either didn’t know, or in fact, their respective companies did not communicate conduct and culture lessons across their organizations.
These are not results that boards can afford to neglect or ignore.
When evaluating the effectiveness of a company’s compliance program, regulators are increasingly focused on whether the organization has a strong culture for integrity and compliance. Their finding can have a significant impact on whether they decide to file charges against a company, and the extent of the sanctions they’ll impose for corporate misdeeds.
Nearly every guidance issued by regulators references the importance of culture, whether they’re promulgated by the DOJ, the Financial Industry Regulatory Authority, the various stock exchanges, or any one of dozens of other agencies. Regulatory authorities universally view culture as an overarching control against misconduct.
For example, recently issued guidelines by the DOJ focus extensively on culture (see “Evaluation of corporate compliance programs” issued by the DOJ’s Criminal Division). The guidelines raise questions about the “words and actions” of top management, how senior leadership has modeled proper behavior and communicated the company’s position when misconduct is identified, and whether adequate guidance and training has been provided to key gatekeepers.
Here are some questions that should guide the board’s discussions with the CCO and senior management:
Inevitably, regulators will ask whether the compliance function has adequate resources and appropriate technologies to track and report key performance indicators (KPIs) so it can ensure that programs are operating effectively. Without the right resources and technology, compliance can’t be expected to do its job effectively in today’s business environment.
Nearly every component of the compliance function—from gathering and analyzing regulations, to monitoring and testing, to reporting and investigations, to managing third-party risk—is data driven. Critical compliance data resides throughout the company—in procurement, HR, finance, operations and elsewhere. Compliance must be able to access this data with the right platform in order to analyze it and generate meaningful and useful reports.
Cognitive technology and robotic automation are some of the key technology innovations that can augment the manual processes and human judgments required to transform the compliance function. Harnessing these advancements can allow compliance to move from retroactive to real-time and predictive analytics, turning its efforts from rearview mirror exercises to ones that are forward looking.
While compliance would clearly benefit from the innovations in data capture and analysis that are being used in the operational and finance side of the business, it lags behind far too often. That’s because the compliance and risk functions are frequently—and unfortunately—viewed as cost centers.
The better view is that significant investments in technology for the risk and compliance functions are not just warranted, they’re essential. These investments will generate substantial returns in terms of direct compliance cost savings, as well as fines and penalties that will be avoided or reduced. This ultimately leads to a stronger fiscal foundation for the company and better alignment with a board’s mandate.
In today’s rapidly changing environment, a board’s role in managing risk and compliance has never been more challenging. Yet, there are sensible measures that a well-informed board can take to effectively meet these challenges while, at the same time, helping the company meet its business objectives.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)