Does your organization invest in compliance, or just pay for it? This is not a rhetorical question. There’s a big difference between merely covering the expense of a program and investing in it. Investment decisions are strategic. They are based on a business case and cost/benefit analysis. Expense decisions are more tactical, and are often associated with things an organization must do to keep running – like meet a regulatory requirement so they can check the box.
If this sounds like your organization, read on for some suggestions on how to frame compliance as the strategic program it is.
Start with the knowledge that when you ask for a strategic investment, your CEO and board want to see the business case; what’s the return on the resources committed? Return can be measured in several ways, but all boil down to one of the following three areas:
- Reduce risk and protect reputation
- Improve efficiency and effectiveness
- Increase revenue
How to frame compliance’s strategic value
1. Reduced risk & reputation protection
For most compliance officers, risk reduction is the best place to start. Preventing unnecessary loss or expense is traditionally compliance’s strongest argument for investment. Address this head-on by framing your budget “ask” as it relates to reducing legal, financial and reputational risk. Hopefully you have been able to complete an ethics, compliance and reputational risk assessment to identify priorities and show how each request fits into an overall business strategy. Use benchmark data to quantify the risk (and costs avoided) wherever you can. Legal fees for employee bad behavior can run into six figures, even if successfully defended. If this doesn’t work, bring the day’s newspaper showing the damage to the latest “headlining” organization’s reputation. I guarantee you that those boards wish they had a chance to take it back and do it over. Directly address the misguided belief CCO’s often hear that “it could never happen here.”
2. Improved efficiency & effectiveness
Consider how your program saves money across the organization. Try positioning compliance in the context of how these program promote a healthy workplace culture in addition to meeting regulatory compliance requirements. This in turn could reduce the administrative overhead other departments must commit to compliance investigations, rather than conducting the core business. Find ways to shift these joint activities to a more proactive approach with shared goals, resources and responsibilities. Boards and CEOs will recognize and appreciate cross-functional partnerships as strong alignment and as creating organizational efficiencies. Having multiple functions involved adds credibility to the “ask.” How much would your organization save in administrative overhead if workplace compliance investigations were to drop by 10 percent due to better training and awareness? Finally, here again, demonstrating that your program is directly tied to a work plan developed from the above mentioned risk assessment, demonstrates priorities, efficiency and best use of resources.
3. Increased revenue
The days of saying that investing in culture and compliance are just “sunk costs” are over. Estimating the revenue-generating power of a healthy, compliance-risk aware culture and strong brand protection has never been easy, but consider this: how much productivity improvement would your organization realize if a culture of respect and integrity was reinforced thorough effective compliance programs? Productivity improvement can be calculated many ways. For example, your HR department likely has estimated the cost of employee turnover and likewise knows how much it costs the company to recruit and onboard a new employee. The Legal department can demonstrate the cost of the average lawsuit/settlement. The entire compliance team, including Compliance, Audit, HR and Legal can demonstrate the cost of conducting investigations as well as the disruption that these investigations can bring to a workplace which directly impacts productivity.
Customer acquisition and retention is an often overlooked area where strategic compliance can affect revenue. Increasingly, compliance requirements are written into business contracts. Cyber security and data protection are the most visible of these at the moment but other issues can cause a customer to take their business elsewhere. A growing number of customers and clients will simply not do business with organizations that do not have robust compliance practices in place and many are assessing this prior to placing a contract. Savvy clients know that third parties can be their weakest link and are taking actions to ensure that these partnerships protect the brand.
Other parts of an organization may be spreadsheet-driven and more readily able to project ROI than compliance. But this should not dissuade you from building your case for strategic investment. As a CEO myself, I have seen what compliance can do for our employees, workplace morale, internal efficiently and the business overall. Our clients expect us to have a strong program and so do our employees. I have also seen what harm compliance lapses can inflict on an organization’s reputation, finances and workforce.
My final words of advice: Assume your CEO and board are enlightened and present to them accordingly. They will see the case for an investment in strategic compliance.
By Bob Conlin
- Impact of digitized environments & modern workplaces on internal investigations - April 15, 2020
- Whistleblower hotlines decrease the cost & duration of corporate fraud schemes - March 18, 2020
- Entering the era of operational resilience - February 27, 2020