A few years ago it seems like compliance was limited to a few heavily regulated industries. But over the last decade it has exploded in size, and an ever increasing number of companies in Singapore and around the world have implemented compliance programs. Why have so many companies made the investment?
Two key factors are at play:
Let's start with enforcement. Decreasing global tolerance for corruption and increased prosecutions, especially by the US, have led to several very costly settlements. The top ten Foreign Corrupt Practices act settlements alone total US$4.65 billion.
Even the allegation of bribery can be prohibitively expensive. Walmart has reportedly spent over US$600 million on its investigation of allegations of corruption in Mexico. These expenses will be in addition to any fines or settlement, should wrongdoing be found.
Singapore, despite its impressive and well-earned reputation for a clean government and business environment, is not immune to this risk. In a recent survey, 86% of Singapore board-level executives reported finding bribery or corrupt business practices.
And it must be noted that FCPA is just one area of regulation and potential enforcement. Anti-competition, data privacy (including Singapore's own Personal Data Protection Act), and a host of other laws and regulations are making it more and more expensive for organisations to have a compliance failure.
A well-constructed compliance program can help mitigate this risk by preventing problems from occurring, or by identifying the issues early. The earlier issues are identified the easier they are to mitigate.
Compliance programs can also help after an incident occurs, since often the law provides companies with the opportunity to use the presence of a strong compliance program in its defense. The US Sentencing Guidelines provide for a reduction in fines of up to 95% if a company has an effective compliance program. Spain, Brazil, and the UK all enable, to one degree or another, companies to mount an affirmative defense on the basis of having a compliance program.
That's, obviously, good news. Better news is the consistency in compliance requirements around the globe. Whether you look at the US Sentencing Guidelines, the UK Bribery Act, or even the OECD Good Practice Guidance, the expectations are remarkably similar and just as remarkably reasonable. They call for companies to identify their key risks, put reasonable plans in place to mitigate those risks, discipline consistently, and to give the compliance program adequate support.
Nothing is counterintuitive.
But even with more and more companies creating new compliance programs or investing more heavily in existing programs, great risk remains. That's due to both human factors – people will be people and try to bend the rules – but also due to the nature of global business.
Companies are increasingly relying on outside third parties to handle everything from sales to office management. The danger is that, under many enforcement regimes, a business is liable for the actions a third party takes on its behalf.
The US Sentencing Guidelines recognise this enormous risk and call upon larger corporations to help the smaller organisations that they work with develop compliance programs. But, even without the need to worry about US law, it is just prudent these days to ensure that suppliers have adequate compliance programs in place.
Recent modern slavery incidents in the seafood industry have brought this risk area to light in a very dramatic fashion, with several companies discovering that their vendors were allegedly involved in modern slavery.
This is a vexing business and moral problem, as well. It's also one that Singapore companies need to be aware of. May 2016 saw the first charges under Singapore's Prevention of Human Trafficking Act.
The net effect is that more and more companies within the supply chain are developing compliance programs. Their customers are demanding it, or they are recognising that it is a means to win business.
As a result, compliance programs are becoming an integral part of business in Singapore and globally. The business community has increasingly embraced compliance as a way to mitigate legal and regulatory risk, expensive settlements, and even to get new customers. As a result, few companies today can afford not to have an effective compliance program that meets global standards.
The views expressed in this column are the author's own and do not necessarily reflect this publication's view, and this article is not edited by Singapore Business Review. The author was not remunerated for this article.
Do you know more about this story? Contact us anonymously through this link.
Debbie Troklus is Managing Director at Aegis Compliance and Ethics Center. She advises clients on topics including compliance program implementation, compliance program effectiveness reviews, audit, education development and delivery, and investigations. Debbie currently serves on the board of the Society of Corporate Compliance and Ethics and Health Care Compliance Association. She also is the current president for the Compliance Certification Board.