John MacKessy, writing in the Finance Professionals’ Post, in a piece entitled “Knowledge of Good and Evil: A Brief History of Compliance”, noted that the FCPA and Environmental Protection Act (EPA) “prompted companies to develop internal resources that would actively monitor compliance with the laws, rules, and regulations of their industries.” The next step in the evolution of the compliance profession was the defense procurement scandals from the 1980s, where the industries sales of “$400 hammers and $600 toilet seats” to the US government led to the Defense Industry Initiative (DII). This industry led initiative created “a set of principles endorsing ethical business practices and conduct” within the defense industry for its dealings with the US government.
The next step in the evolution of the compliance profession was the 1992 US Sentencing Guidelines which, for the first time, set out what the government would consider for credit in sentencing of organizations. Many tribute these 1992 Sentencing Guidelines for the creation of the modern compliance profession. These guidelines included credit for “the specific elements of an effective compliance and ethics program. Companies that embarked on such programs would be eligible for more lenient sentences. To qualify as “effective,” a company’s compliance program would not only have to establish standards and procedures to prevent and detect criminal conduct, but would have to actively promote a culture encouraging ethical conduct and compliance with the law. The implementation of those guidelines in 2004 reflected the need for corporate boards to demonstrate knowledge of compliance programs and fulfillment of oversight responsibilities as part of monitoring the effectiveness of companies’ compliance and ethics programs.”
The next major step was the financial accounting frauds and scandals of the late 1990s and early 2000s including Enron, WorldCom and Tyco. These scandals were so wide-ranging, with senior executive participation, if not directing of the corporate fraud that a new legislative response was required and this response was the passage of the Sarbanes-Oxley Act of 2001 (SOX). Aaron Einhorn, writing in the Denver Journal of International Law & Policy, in an article entitled “The Evolution and Endpoint of Responsibility: The FCPA, SOX, Socialist-Oriented Governments, Gratuitous Promises, and a Novel CSR Code”, said, “sections 302 and 404 of SOX together require corporate executives to state their responsibility for designing internal controls, to create such controls, to assess and evaluate these controls, and to draw conclusions about their effectiveness…” SOX specifically charges executive officers with internal controls duties.” Einhorn ends this section by noting, “internal controls have been transformed from a recitation of general duties lodged upon the corporation as a whole to a statement of specific duties imposed on corporate executives in particular.” This strengthened the compliance professional who was called upon to design these internal controls.
The next major legislation which enhanced the compliance function was the Dodd-Frank Act of 2010, passed in response to the 2008 financial crisis. MacKessy pointed to the downfalls of Bear Stearns and Lehman Brothers as drivers of more compliance because they both “demonstrated the degree to which external risk events can create a loss of confidence resulting in permanent reputational damage and impaired shareholder value.” The legal and legislative response has been that companies should design effective compliance programs which use risk based programs as a basis to design, create and implement effective compliance programs. Joe Howell, Executive Vice President (EVP) for Workiva Inc., has gone further, drawing a straight line from the FCPA to SOX to Dodd-Frank in the development of the compliance function.
All of this means compliance is not going away, no matter what the law enforcement priorities of the new administration. Companies understand that compliance and business ethics have a role in not only driving business strategies and initiatives but that more compliant companies are better run companies and at the end of the day more profitable because they have better controls. MacKessy ends his piece by stating the compliance programs “can provide multiple rewards – from risk mitigation, to reputational enhancement, to business strategy development.”
The compliance discipline is where the harmonic convergence occurs in a corporation. Whether it be specific tasks of making sales, vetting relationships or the spade work of creating policies and procedures, it is compliance that drives the discussion of how we should do business. The corporate compliance profession fulfills the business obligation in doing things the right way for, at the end, it will be the compliance profession which implements the requirements of compliance whether those requirements are anti-corruption laws such as the FCPA, the UK Bribery Act, Anti-Money Laundering (AML), export control, anti-trust regulations, or any other regulation that you can name. Equally importantly, the compliance profession is teaching corporations how to evaluate risks and the compliance profession leads that discussion. It is the compliance profession that is the most innovative in not only protecting corporations, but actually helping corporations do business, do business more efficiently, and do business more profitably.
Three Key Takeaways
- Doing compliance is Doing Business.
- Properly accomplished, compliance makes a business more efficient and more profitable.
- Use the Robert Gates as a great example of how the FCPA means more business for US companies.
For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.