Most read articles
| 1 | Mentoring – Sponsoring – Coaching: What are the differences? |
| 2 | Are Lawyers Risks and Crisis Managers? |
| 3 | Of truffles and truffle pigs – Seven steps to data-based value creation |
At a time when compliance was still a nascent discipline, we at the University of St. Gallen initiated 15 years ago the first yearly cross-industry conference in Switzerland dedicated exclusively to the “how” of compliance.
Regulators and companies in Switzerland and elsewhere were trying to figure out how best to prevent the kind of governance and ethics failures that befell even leading enterprises of the time. Some saw those failures as having contributed to the global financial crisis of 2008-2010.
Since then, our understanding of what makes for effective compliance approaches has grown considerably. For instance, it is now clear that at its core compliance is not primarily a legal or even a “controls” challenge. Above all, it is a leadership, operational, and cultural challenge.
We also better understand compliance’s relation to governance and to stakeholder trust. This includes the aim of making companies overall more responsible (such as in an ESG context).
We also have made gains in recognizing how behavioral science, including incentives, can be used to stimulate compliance performance.
All of the above have profound strategic and managerial implications. For example, they help inform who in a company needs to be involved in the compliance agenda, what kind of activities a compliance function should pursue, and what types of talent a compliance function requires.
Progress but Illusory?
But as the discussion at this year’s CMD illustrated, we need to question how far we really are on the compliance journey. The former heads of the U.S. FBI and the UK Serious Office reminded us that at best the progress is spotty.
For instance, while boards of directors now better accept their obligation to provide compliance oversight[1], numerous international enforcement cases continue to expose serious shortcomings at their level. Recent cases in Switzerland also reveal similar flaws.
Moreover, the results of our annual CMD survey suggest that most compliance officers still feel insufficiently supported by senior management and lack adequate access to the Board of Directors.
Equally troubling is that we may not be pausing enough to question our compliance assumptions. For example, compliance literature often points to the essentialness of “tone from the top” for compliance. Positive senior management messaging on compliance is indeed exceedingly helpful.
But can there be a risk in over-relying, for instance on the CEO, to provide compliance leadership?
- CEOs’ schedules are typically overburdened. Do they have the time and know-how to do what it takes to drive an integrity agenda?
- The tenure of CEOs in companies is getting shorter. Since some studies suggest that the average now lies under 5 years, what happens when a new CEO, perhaps with different priorities, arrives?
- Market evidence shows that those in the highest roles in a company are not exempt from wrongdoing. If a CEO or CFO makes, even unintentionally, a wrong ethical call, won’t this have a correspondingly higher adverse impact on the company? And wouldn’t the compliance mission be undermined if such a person had been positioned as the company’s top compliance voice?
The above suggests that there is value when we question even prevalent practices. For instance, is it the best technique to have the code of conduct branded or associated with current management? Should it not instead be communicated as an institutional and transgenerational commitment?
But is it Science, Art, or Quackery?
Two distinguished panels at the CMD—one composed of chief compliance officers, another of Board members—saw a nuanced picture.
They consider certain techniques, such as the skillful use of smart data for due process and risk analyses, as scientifically consistent. But they see other compliance activities (such as training, communications, and strategy-setting) as an imperfect art, where we may still be beginners.
Some do see a risk of quackery. For example, many companies have built elaborate compliance machineries. But could these become expensive window dressing if not accompanied by hard work on culture and on influencing how decisions, including at the very top, are made? Others defend what has been implemented thus far as unavoidable, partly driven by regulator demands and legal risk.
What is Ahead?
With the costs of compliance escalating, compliance officers will need to lead the charge to achieve higher compliance operational efficiency. Digital solutions, including artificial intelligence, will be part of the mix, even when these themselves can be a source of risk.
Boards of directors will continue to need help in better supervising management. In this context, compliance functions will have to more skillfully demonstrate why they are effective partners to the board and part of the company’s essential checks-and-balances. Compliance officers will also have to show why their voice belongs among the key leadership voices, including for engaging and motivating employees.
Editors Note: The 2025 HSG Compliance Management Day will take place on September 25. Click here for further information.
[1] See, e.g., G. S. Varges, «Engaging with the Chief Compliance Officer: A New Board Skill”, in Ethical Boardroom, December 2021.