By Blandine CORDIER-PALASSE, Revue RH&M n°83 p.33
More and more managers are realising that compliance is not just another constraint. Rather, it is a powerful lever for organisational efficiency and business performance. It is also an asset in a globalised world where trust is key and transparency fundamental.
Hot topics such as business integrity, manager effectiveness, data management, investigations, the impact of the pandemic, the company's ethical culture and many others need to be addressed. They can have a major impact on the sense of belonging to the company's community among both employees and other stakeholders, on the attractiveness of talent, on access to suppliers, customers and markets, and therefore, more generally, on the company's extra-financial rating and development.
Compliance is no longer an option
In 2001, I was secretary to the board of directors and corporate legal director of a French company listed in Paris and on Nasdaq. We had to implement the Sarbanes-Oxley Act (or SOX). And we were already amazed that an American law could be imposed on a foreign company.
In 2021, the situation has changed around the world. In France, laws such as the Sapin 2 Act of 9 December 2016 on transparency, combating corruption and modernising economic life have accelerated companies' awareness. They have put compliance and good governance at the heart of the corporate ecosystem, from the board of directors to stakeholder management.
Compliance is not an abstract concept, but a set of concrete measures
Compliance covers all operational and cross-functional processes. These processes ensure compliance with rules, standards and the processes themselves. They also instil an ethical spirit in the organisation. The result is corporate compliance.
The RGPD in 2017 and other French and international legislation have broadened the scope of these compliance programmes. Companies must assess third parties, whether suppliers, customers or other stakeholders. They are also subject to enhanced reporting obligations on their extra-financial commitments, in particular on traceability, controls, the environment, climate commitment, parity and fair treatment, etc.
These extra-financial risks very often have a financial bottom line. They may involve conflicts of interest, embargoes and international sanctions, cyber attacks or fines linked to active or passive corruption. Risks can also include antitrust and human rights issues, etc.
Another trend is emerging, with investigations opened by NGOs with the judicial authorities on suspicion of acts of corruption, the granting of undue advantages, influence peddling, complicity and concealment of corruption.
Compliance is a matter of governance
Under article 225-35 of the French Commercial Code, "the Board determines the strategic direction of the company's activities and oversees its implementation. It deals with issues concerning the smooth running of the company". It is therefore the Board that sets the pace by declaring "zero tolerance for non-compliance". The Board thus gives senior management the means to implement a robust compliance programme. This must be accompanied by effective monitoring. The aim is to ensure that the processes put in place are efficient and that ethical conduct and business development are respected.
We are finding that more and more of our clients' boards are assessing and monitoring - with the help and independent advice of the compliance and risk functions - the strength of the risk management culture and the extent to which compliance programmes cover all the company's issues. It is essential that the board looks for these attributes in the company's culture. It is also important that it identifies weaknesses and ensures that management takes responsibility for correcting them.
What can you do to preserve your company's brand, image and reputation?
The aim is to identify the risks, assess them and put in place action plans to reduce or even avoid them. But we have seen that this is not enough. The authorities have punished certain groups for cheating or failing to establish a real counterweight.
The risk of a pandemic was identified in a number of risk maps. Yet few groups had put an action plan in place. Some groups have a strong ESG culture. They were quick to turn their factories to the service of society (production of hydroalcoholic gel, financing of millions of masks). They have also been able to telework their staff.
Compliance is based on 3 P's: " Preserve, Protect, Perform "
The next step is to integrate this risk management culture. It needs to be embedded not just in risk monitoring and compliance systems, but also upstream, in companies' thinking, decision-making and incentive systems. Compliance functions alone cannot impose a strong risk management culture on a reluctant organisation. But they can play a crucial role. They help the board monitor and evaluate management's performance in developing sound risk management practices throughout the organisation.
The Chief Compliance Officer rises to the top
20 years ago, Anglo-Saxon groups in particular were forerunners. First, regulated sectors such as banking, insurance and pharmaceuticals appointed a chief ethics & compliance officer.
Today, we can see this development in France in our dealings with senior management when recruiting Chief Compliance Officers and their teams, or when conducting assessments of boards of directors or management committees.
Governance bodies have become aware of the critical nature of these issues. Some have even decided that this function should report directly to the CEO or Chairman, with a dotted line to the Chairman of the Audit Committee. The aim is to ensure the independent reporting of highly sensitive information. This is the very essence of a robust compliance programme.
The Chief Compliance Officer, agent of the transformation of the internal culture
In today's business environment, it must have the ability to help preserve the integrity of the company. It must also protect the brand and reputation, and drive organisational performance. Leadership requires a clear definition of the values and objectives to be achieved. It also requires a sustained and unwavering commitment to support it in its role of transforming the way the company does business. Implementation also requires a thorough understanding of the company's activities. Above all, it requires a clear understanding of the issues at stake and a proper appreciation of the risks. The aim is to avoid gold-plating and to anticipate the very rapid changes in regulations.
Compliance, a strategic tool for tomorrow's business
In these unstable times, establishing a solid risk management culture is an absolute priority for the board of directors. It should soon become an essential parameter in the definition and deployment of the company's strategy. To this must be added the analysis and assessment of risks from a global perspective. Added to this is an international and holistic approach to the organisation. And compliance will have infused the culture to such an extent that it will no longer be mentioned.
There is still a great deal of awareness-raising and educational work to be done. The aim is to change the company's culture in favour of ethics, inclusion and other social imperatives, and thus ensure the company's competitiveness, performance and longevity. It's encouraging!
BLANDINE CORDIER-PALASSE
Chairwoman of BCP Partners, a human strategy consultancy specialising in recruitment for Finance, Legal, Risk & Compliance and Board functions, and in advising senior executives on governance and Board and Executive Committee assessment.
Company director, Doctor of Law. Co-founder of the Cercle De la Compliance, former General Counsel and Secretary to the Board of Directors of listed companies.
French 
English