Compliance for Multi-National Corporations: A Very Different Game (Part One)

By Duncan McCampbell, J.D.

From his upcoming book The Four Dimensions of Global Business

Every business in every country finds itself, to one degree or another, under the watchful eye of the government. The government of every country, of course, is different. Indeed, a country’s form of government, together with its culture, language and geography, are the differences which distinguish one country from another. If this seems obvious, consider the impact of these differences for a company that operates in many countries. Unlike such common corporate commercial processes as sales, revenue collection, accounting standards, employees or commercial relationships, compliance cannot be replicated across national borders. With few exceptions, successfully complying with the regulations of one country is completely meaningless to government regulators in another country.

But while every country has a different form of government, all countries have units of government with authority to regulate people and companies at different levels: usually local, state/provincial, national. Regulatory authority also exists at the supra-national level in the form of regional bodies and multi-lateral economic agreements, like the European Union, ASEAN and the World Trade Organization. Sometimes the authority of one level of local, national or supra-national regulation overlaps with the authority of another level. Sometimes it is difficult for a person or a company to know what the government requires. Sometimes that opacity is benign; sometimes it is deliberate. Corruption wrapped in the clothing of regulation, especially (but certainly not exclusively) in the developing world is a daily reality for businesses. 

Most units of government, especially at the state/provincial and national level, have divisions which specialize in the regulation of certain industries (such as agriculture, financial services, food, pharmaceuticals), or have responsibility for managing or protecting certain public resources (such as mining, land, forests, fisheries, the environment). Compliance is the corporate function of assuring that the business follows the rules and regulations of all relevant government and supra-national regulatory authorities.

One of the greatest governance and risk management challenges for multi-national corporations is assuring regulatory compliance in all of the very different places where the company does business. Despite all of the resources and capabilities at the disposal of enormous multi-national companies, many of them struggle to perform the function of cross-border compliance competently. Why is this? There are five main reasons, which we will discuss in detail later in this chapter. 

1. Each Country is Culturally, and thus Legally and Politically, Different

The corporate function of compliance is driven by the three non-commercial dimensions of the Four Dimensions of Global Business: legal, political, and cultural. So, in a multi-national company, the function of compliance should look very different across countries, owing to the unique characteristics of each country’s culture and political system, and the legal and regulatory regimes which result from them. 

That statement doesn’t sit comfortably in the culture of most large companies. Keep in mind one of the key competitive strengths of a large corporation—and something which is pounded into the head of every successful corporate executive: scale. A big part of a large corporation’s competitive advantage is its ability to effectively scale: standardize functions, promulgate global product platforms, and drive efficiencies (lower costs) across its enterprise. The basic elements of the commercial dimension (products, customers, sales, operations) all scale nicely and transfer readily across national borders without significant alteration. So senior managers might be forgiven for assuming that compliance, also, should scale and look the same in every country. But as every business leader who enters a new national market soon learns, the unique legal, political and cultural characteristics of every country make it impossible for a company to pursue—except at the very highest levels of process--consistent, scalable global approaches to compliance. 

The political dimension provides an apt illustration of my point. Most western business leaders can comfortably spend all of their time in the commercial dimension, paying little attention to the political dimension in their home countries. But in some places this can have catastrophic results. In China, for example, it is simply impossible to divorce business from the compliance-impacting dimensions of politics. In China and other countries that have a single center of political power (Party), here are no bright (or even fuzzy) lines separating public and private sectors. Units of government and powerful government officials are in business—often as competitors to private businesses. Chinese business leaders are often Party members, which gives them access to powerful government regulators. Foreign companies can find themselves shut out or shut down if they compete successfully with a politically-connected domestic company. In such places, compliance with the requirements of local government is often more a matter of a company’s correct political actions than of understanding and following the relevant regulations. Business leaders must be political. 

Even in countries like the U.S. where business and government tend to occupy largely separate spheres, there are instances when business can become very political. Consider the controversy that ensued in April of 2017 when United Airlines personnel dragged a paying passenger off an over-booked domestic flight. Shortly after that fiasco, the CEO of United found himself summoned in front of a very hostile Congressional hearing in Washington.

Why is the United situation important for our discussion on global compliance? It is important because United’s legal and political problems illustrate the challenges facing leaders of every global company. Though United is itself a very global company (if only in the sense of its commercial reach), its senior business executives are formally trained to operate almost exclusively in their company’s domestic market and commercial dimension. In the case of United’s CEO Oscar Munoz, though he is acknowledged as an excellent communicator, his business experience is in finance and operations—and all in the U.S. Although there are exceptions among multinational corporations (UK and European executives tend to have more cross-border experience than North American or Asian executives), U.S. CEO’s, like Japan’s and now China’s, often have limited experience living and working anywhere outside their home country.

Graduates of their home country’s business schools, multi-national CEO’s are usually not formally trained in any of the non-commercial spheres of global business: political, legal, cultural. In the case of United, the passenger problem occurred in Chicago. Imagine, however, if the flight was not a domestic U.S. flight, but an international flight departing from any of the many foreign destinations served by United. Keep in mind that when a United aircraft is in Beijing or Tokyo, its personnel are subject to Chinese and Japanese laws. An incident like the one that occurred in Chicago would certainly have local, even national, legal, regulatory and political implications in those countries. Would the company’s leaders be prepared for an incident in Japan, in China?

2. Compliance Under-Investment

Companies tend to under-invest in compliance because it doesn’t make money or sell products (a notable exception, of course, is a business that must achieve regulatory approval for a product before it can be marketed, such as a drug company). So compliance is often seen as a non-commercial expense on the company’s balance sheet.

Some companies and business leaders grudgingly fund compliance as a bothersome cost of doing business (until they are fined--or worse), so they under-resource their compliance functions and departments. Compliance, of course, when competently performed, results in silence. While there is no sale to count or deal to announce in the world of compliance, doing it well means that there is no damaging news to manage, fines to pay, products to recall, or expensive PR consultants to retain. Companies that under-invest in compliance almost always end up paying more for their non-compliance—in terms of reputational loss, fines and direct commercial impacts--than if they had resourced this function responsibly. 

3.  Ethical Lapses

Related to compliance under-investment are corporate cultures that do not view compliance as a core responsibility of the company’s leaders and board of directors. One needn’t look very far or think very long to conjure up a list of multi-national companies that have had major compliance problems because of the deliberate and unethical actions of the company’s leaders. Volkswagen, for example, deliberately altered diesel engine emissions data required by regulations of the U.S. Environmental Protection Agency. It will cost Volkswagen tens of billions of dollars to deal with the problem and will seriously curtail the company’s ability to invest in new product development for years to come. Would a stronger compliance function in Volkswagen have prevented the situation from occurring? Since it seems that the Volkswagen ethical lapses pervaded the entire product development chain of command, one questions whether a stronger compliance function would have led to a different outcome. A culture of compliance, had it been present at Volkswagen, may have produced a different outcome.

4.  The Corporate “Homelessness” of Compliance

Companies still struggle to find the right place(s) for the function of compliance. Where compliance is housed in a company is a largely structural issue, and varies considerably across companies and industries. Companies in heavily regulated industries, such as financial services or medical devices, increasingly appoint Chief Compliance Officers (CCO’s) reporting directly to the CEO. Centralizing the compliance function can be expensive and bureaucratically cumbersome, but it is usually the most effective construct for the standpoint of risk management. One step below central alignment places compliance under different “C-level” executives, most frequently the General Counsel or the Chief Financial Officer. However, in most companies, major compliance functions are scattered across the business, with responsibilities housed in the legal, financial, intellectual property, facilities, human resources, product development, manufacturing or even merchandising chains of command. This dispersion of compliance responsibility can weaken a company’s ability to effectively manage compliance risk and result in expensive and embarrassing compliance failures. 

5.  Compliance as a Discipline and a Career

Finally, the “professionalization” of compliance is a work in progress. Clear career paths in compliance are evolving, with most people entering compliance horizontally—from roles in departments or corporate functions (e.g. legal, accounting, product development, H.R., import/export) that brought them into regular contact with the company’s unique regulatory burdens. Universities have only recently begun offering advanced degrees for people aspiring to executive roles in compliance management. Compliance certification organizations are achieving greater influence. But because the regulatory regimes in any given industry are very specific to that industry, cross-industry standardization in compliance education and certification is elusive. Lower and mid-level roles in compliance still require detailed knowledge of two things: the regulated industry to which the company belongs (or function, or even product line) and the regulatory regime under which it operates. 

Next Week: Anti-corruption compliance programs: the reasons they're not working