By Blandine CORDIER-PALASSE, Revue RH&M, N°70, p.46-47
It is well known that compliance is there to preserve and protect companies. It is less well known that it can contribute to their performance. How can it do this? On the one hand, by adopting a risk-based approach that is integrated into the strategy and governance of groups. By becoming an integral part of the company's culture.
Some managers are well aware of this. They tell us that compliance has become a real weapon in international economic warfare. It has also become a strategic factor in competitiveness. Others tell us about their concerns regarding financial, tax and non-financial risks. They even add the risk of criminal prosecution, without having made the link between protecting their company - and its employees - and compliance. The most visionary companies are asking us to recruit a Chief Compliance Officer. This is a true orchestra conductor who is both an expert in compliance and capable of adapting to new cultures.
Protecting creates value - over the long term
Brand awareness is an asset when it comes to winning public tenders, canvassing customers or partners, attracting them or building their loyalty. It is also an asset for retaining the confidence of investors and shareholders. Preserving a group's brand - one of its most important intangible assets - is a way of creating value for shareholders. Keeping this objective in mind enables management to make the right choices. It also enables them to withdraw from certain risky markets in order to penetrate new ones and win over new customers, consumers, partners, investors and shareholders. Generally speaking, it encompasses all stakeholders.
Compliance goes hand in hand with competitiveness to attract and retain talent.
Whether they are millennials or seniors, more and more employees want to do "the right thing". We're seeing this with candidates. They want to join groups with values that are not just openly declared, but embodied on a daily basis. Indeed, a recent study revealed that groups that had experienced ethical or compliance crises had to increase salaries by 10 %. The aim is to attract new recruits. Not to mention the fact that some talent will never want to join these groups, regardless of the remuneration on offer.
Compliance is a form of risk management
Risk management and control are undergoing rapid change in industry, services and finance. As a result, they are becoming a major challenge for senior management.
Managers are increasingly aware that they can be held individually liable in the event of non-compliance. The principle of "it only happens to others" or "not seen, not taken" is a thing of the past. The risk management culture must be integrated into risk monitoring and compliance systems. It must also be integrated into the company's decision-making and incentive systems. Our experience is that the best risk managers have three areas of professional expertise. In short, they know how to :
-identifying, analysing and assessing risks
-informing and disseminating the risk culture to management and operational staff
-managing crisis events and risks.
Increasingly complex profiles
In order to meet all these objectives of protecting the company while effectively supporting its growth, compliance has become a very cross-functional function that is much more operational and organisational than regulatory. It is fully integrated into management systems. It permeates the matrix organisation, with regard to both top and middle management, depending on the most significant risks - be they financial, antitrust, anticorruption, OFAC, fraud, money laundering, conflicts of interest, conflict minerals, cyber security and information security, personal data, trade compliance and export control, third parties, CSR, discrimination, human rights, social and environmental, etc. - or any other type of risk.
As a result, compliance officers need to be able to understand an increasingly wide range of subjects. This depends on the geographical and geopolitical exposure, the sector, the culture, the history of the group...
On the one hand, they must be skilled in setting up, rolling out and managing the programme. They must be able to coordinate in a coherent, cross-functional and multi-disciplinary way with the risk, audit, finance, legal, sales, HR, purchasing and other functions. The aim is to contribute to risk mapping. Then there is the third-party management system and the deployment of procedures. The aim is to communicate to everyone about the usefulness of the programme, its impact on the business culture and the way the company operates.
It is also essential that they have the technical skills. They must be able to use appropriate data analysis and predictive analysis tools, and to detect and trace anomalies. It is also a question of unethical or non-compliant behaviour that is adapted to the company's risk culture.
Compliance reviews and audits will enable a remediation plan to be put in place. Management support is also required, and corrective actions must be monitored. This will make it possible to identify the short- and medium-term impact on the way the activities and operations concerned operate.
Finding competent managers with courage and leadership is a challenge. We regularly rise to the challenge, to the great satisfaction of our customers.
The compliance culture also needs the Board of Directors or the Supervisory Board to infiltrate the company
Compliance functions cannot, on their own, impose a strong risk management culture on a reluctant organisation. However, they can play a crucial role. They help the Board of Directors or the Supervisory Board to assess management performance. The aim is to ensure that compliance risk management practices are sound at all levels of the company.
The aim is to "be good" and not just to "look good". The positioning of the function within the organisation on the one hand, and its influence on the other, are fundamental to ensuring the effectiveness, legitimacy and credibility of the approach.
What role for human resources?
Somewhere between the architect and the conductor, HR managers have a vital role to play in building and promoting a compliance culture within the company. Everyone must take ownership of this culture and understand that ethics and compliance are genuine competitive tools. They also create value, fostering the company's development and ensuring its longevity.
In these unstable times, building a strong risk management culture has become a priority for the Board of Directors, Executive Management and Human Resources. Working together to make this 'intangible' tangible is the best way to achieve it.
Background: Blandine Cordier-Palasse is President and founder of BCP Executive Search, a strategy and recruitment consultancy specialising in strategic protection functions such as Compliance, Risk Management, Legal & Tax and Governance. She has extensive professional experience as a lawyer, then as a legal director and board secretary in listed groups.. This gives her a "think out of the box" approach. She is also a Doctor of Law and co-founder and Vice-President of the Cercle de la Compliance.
For more information: bcpsearch.com and lecercledelacompliance.com
