By John Palmiero – Vice President at MetricStream
Corporate governance failings can be catastrophic. Not only can they greatly impact the business, sometimes fatally, but they can also have effects on the economy surrounding them.
For instance, the 2007-2008 subprime mortgage scandal, where banks were selling mortgages to people who couldn’t afford them, led to the bankruptcy of Lehman Brothers Holdings, the bail out of the Royal Bank of Scotland and the global crash. Due to the huge impact the events had on economies across the globe, regulators introduced acts, such as Dodd-Frank and Basel III to guide financial institutions along the path of best practice and reduce the chance of a recurrence.
Since then, strict regulations and overseeing bodies, as well as the financial punishments for non-compliance, have helped to keep sectors in check. Yet, the question now is whether companies have become too dependent on these factors to guide them towards good governance and compliance processes.
Fuelling the need for self-governance
Merriam-Webster defines self-governance simply as ‘control of one’s own affairs’ – a short and sweet summary. In a business sense, this means conducting operations in a way considered ethical and socially responsible, without being forced to do so by external pressures, such as regulations. Indeed, as regulatory easing begins in post-election United States, it will not be enough for companies to be seen just to follow regulations. They must actively move to implement their own culture of compliance, or risk irreparable reputational damage.
2016 saw both Trump’s election and the Brexit vote shake the US and the European Union, creating a new political landscape that will shape future corporate governance requirements and expectations. While nothing will happen overnight, the Trump administration is aiming to drastically scale back regulations to make things less onerous to businesses. The Dodd-Frank act has been specifically targeted, with some experts believing that removing some of the shackles will give a boost to the economy.
Similarly, in voting to leave the European Union, Great Britain leaves itself vulnerable to massive regulatory change. While the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO) and other UK regulators will have their own agenda, it’s unknown how they will operate without the involvement of Brussels and what impact this will have on laws governing organisations operating in and with the UK. In light of these progressive changes, businesses must prepare for more responsibility to be passed to themselves.
Eastern corporate governance culture
Businesses operating in Asia, particularly those within the Orient, have traditionally found themselves facing the opposite challenge. Undeveloped corporate governance and a general lack of focus from governments and regulators means organisations have needed to instil their own self-governance measures. Yet, the recent unravelling of the Samsung corruption scandal, which includes the heir to the company, Lee Jae-Yeong, being charged with bribery and embezzlement, highlights that some companies aren’t and have been given little reason to. The scandal stretches beyond Samsung and incorporates President Park Geun-hye as well, meaning the outcome of the upcoming trials will have significant impacts on the company, political space and South Korea’s economy.
“In today’s age of transparency, demand for corporate responsibility and governance isn’t coming exclusively from regulators, the normal person expects more”
Such examples may force more Asian governments and regulators into action, and increasingly they are becoming more and more influenced by western regulators. In order
to attract investment from the West, UK and US businesses are demanding proof, metrics and measurability of a strong corporate compliance culture, which helps to mitigate the risks of investments being lost due to scandals or links to unethical activities. However, creating and passing new regulations is a long process, and ensuring that businesses are compliant drastically increases the timeline. Eastern companies must, therefore, want to instil a strong self-governed governance, risk and compliance (GRC) culture, taking it upon themselves to respond to the requirements western firms are governed by, and incorporating the measures into their processes.
Pressures from the street
In today’s age of transparency, demand for corporate responsibility and governance isn’t coming exclusively from regulators; the normal person expects more, too. They think ‘if I pay my taxes, I want Starbucks to pay its taxes’. Traditionally, customers would vote with their feet, boycotting companies and industries that they believe are acting unethically, but social media and social lobbying sites have provided new platforms. Hundreds of thousands, or even millions, of individuals can apply pressure onto organisations directly, regardless of whether they’ve actually ever been a customer. Non-makeup wearers can lobby against cosmetic organisations and animal testing, or vegetarians can voice their concerns against the meat industry. Firms are now consistently in the firing line.
Should businesses ignore appeals from the public and relax alongside regulatory easing, it will be a great risk to their own survival. Take the 2015 Volkswagen scandal for example. The lack of internal corporate governance encouraged an environment of malpractice and cheating the diesel emissions test. On discovery of the scandal, the company suffered an immediate £22billion fall in company valuation. This amount was generated through the cost of reclaiming the vehicles and clean-up, however, it is the loss of customer respect that cost the company dearest.
Similarly, an example of how companies can benefit from listening to public sentiment is the American pharmacy chain CVS. Once it made the high-profile decision to stop selling tobacco products, its reputational value soared after an initial profit loss. Placing itself in a favourable position in the market allowed it to recover from the short-term profit loss with new customers who respected and trusted its new business programme.
How self-governance can drive business value
Companies are starting to understand the benefits of self-governance from both a preservative and reputational stance, and there’s a few reasons why.
Companies who have acted to establish a self-governing culture are able to streamline internal processes for maximum efficiency. Having every process – internal audit, compliance, legal and risk management – working together under the same umbrella and focussing on the same aims enables accurate and fast reporting to the board and other strategic decision-makers.
Furthermore, businesses – particularly those in the finance sector where regulators are heavy on the ground – have found that if there is a measurable culture of compliance and the internal business capability for change management are all readily available, regulators tend to leave them alone to self-discipline. In this sense, companies have already seen the value of self-governance and opening themselves up to a more transparent relationship with regulators. In the eventuality of regulatory easing, it is those companies used to implementing their own culture that will find it easier to cope in the new environment.
Self-governing organisations also harbour a culture of trust and values throughout employee ranks. This means everyone knows how their role fits into the bigger picture
and they are less likely to act in ways that are self-serving. This commitment breeds innovation, with collaboration driven by the enterprise-wide goal of constant improvement as well as higher employee and customer loyalty and retention. Companies with strong employee and customer bases are more resilient to changes in the landscape, giving them greater breathing space to react.
Instilling a self-governance culture
As the likelihood of deregulation draws near, and consumers continue to lobby businesses directly, it is time that companies established an internal culture of self-governance. Corporate culture is hard to amend and implement, but there are certain actions an organisation can take in order to streamline the process.
Establish a tone at the top The success of self-governance is reliant on the right tone being set and enforced from the top. Every employee should be participating and know how their role helps to achieve the business’ objectives, but their buy-in requires them to also believe that upper management is truly behind the new approach. This means management acting in ways deemed to be ethical and held accountable for the times when they don’t.
Encourage employee participation Offering a recognition scheme to reward employees who spot flaws or potential improvements in the systems can help forge culture. Any self-governed GRC programme should be evaluated at regular intervals and combining a rewards scheme with process evaluation is a win-win. This will include testing to see if potential risks are being identified and mitigated, compliance standards are being met, and appropriate actions are taken when red flags arise.
Centralise the compliance function Organisations must unify any siloed and disparate GRC operations across multiple geographies and business units, and align them with the overall business strategy and objectives. This will help to create an enterprise-wide and integrated view of the risks and compliance requirements across multiple regulations that are affecting the organisation.
Implement holistic and integrated GRC processes Implementing a holistic and integrated GRC approach will help businesses to standardise compliance management processes, taxonomy and operations. This will reduce many of the redundancies created through multiple control tests, policies, risk assessments, audits, and reports configured for meeting different regulatory requirements. Each regulation will be mapped to the organisational objectives, business processes, risks, controls and policies, which will help identify similar patterns across multiple business units and areas of compliance.
Track regulatory intelligence and consumer sentiment To stay abreast of the numerous regulatory updates and consumer feelings toward relevant topics, organisations need to refer to a variety of intelligence sources. Regulatory agencies and trade associations are useful sources of regulatory content, followed by trade industry publications, and national and specialised media. Regarding social sentiment, businesses should monitor social media feeds, particularly ones belonging to change influencers, as well as relevant sites and media, in order to analyse whether there will be demonstrations or other actions that are likely to impact processes.
Instead of having to track all these sources individually, which will be time consuming and inefficient, a single and centralised content repository can route the content to specific business units and professionals for their analysis and review based on pre-defined business rules, streamlining the whole process.
Ensure consistent and efficient data flows There has been a data overload in some organisations because of the various compliance requirements that they need to cope with. Regulators are constantly demanding more information to be submitted, which is getting accumulated in data warehouses. The information created through self-governance streams will simply add to the noise, so businesses need to streamline collection and analysis to ensure actionable intelligence isn’t being ignored. In fact, according to Deloitte, data analytics and reporting are among the top three challenges.
Maintaining a centralised and uniform data library, which connects to the other elements in the GRC framework, ensures that each employee is seeing the data that is relevant to them. Furthermore, it will help to keep costs under control. Standardising data across the board will also help create directly comparable metrics.
Utilise technology Companies must adopt technology that allows employees to actively or passively, engage with GRC processes and, increasingly this means turning to tools that have been consumerised. Self-governance requires GRC to be imbedded into all processes, but corners are more likely to be cut if workloads are drastically added to. Technology that can enhance productivity and create new ways of working, without impacting employees’ ability to carry out their responsibilities, will drive business value.
Technology plays a critical role in strengthening monitoring and management of both internal and external procedures. Integrated technology solutions offer a common platform to provide greater visibility into risks and compliance issues. They also automate processes, streamlining and reducing costs of admin and data-heavy processes as well as storing any important or relevant information in a centralised database for easy access.
Ultimately, it is not enough for companies simply to follow and implement new processes based on regulations. They have to want to adopt ways of working that encourage good governance and ethical responsibility. Whether it’s in response to deregulation or social movements, self-governance can ensure consistency and resilience in any organisation, no matter what external pressures they face.
About the Author:
John Palmiero has sat at COO and board level positions in multiple software companies, which led him to his current position at MetricStream, which makes governance, risk and compliance applications for businesses. He has 25 years’ experience growing sales and revenue in complex software businesses globally, particularly in the US, Europe, Middle and Far East.