Compliance, a rising function!

The growing importance of issues related to compliance is at the origin of the rise in power and the professionalization of the compliance function within companies.

The landscape has changed radically in the space of fifteen years. While compliance issues have long remained confined to a handful of sectors (banking, the pharmaceutical industry, construction, defense) and companies subject to foreign legislation such as the American Foreign Corrupt Practices Act, the proliferation of laws and regulations setting new requirements in this area has drastically extended the scope of the companies and materials concerned. And while the references were originally essentially Anglo-Saxon, it is now local and European legal and regulatory provisions that govern a large part of the current requirements.

“Compliance is no longer an option”

The diversity of challenges faced by Italian companies today in terms of compliance is disproportionate to that which prevailed ten years ago: the fight against corruption and conflicts of interest, compliance with competition rules, the fight against money laundering and financial fraud, duty of vigilance, protection of personal data, compliance with economic sanctions, export control, rules on internal alerts, cybersecurity, GDPR, etc.

This increase in the risk of non-compliance has been accompanied by a marked increase in the penalties incurred. Criminal sanctions often come on top of administrative sanctions and aggravate both financial and reputational risks. In listed companies, the importance taken by questions of governance pushes the members of the boards of directors, whose responsibility can be engaged, to be more and more demanding on extra-financial reporting.

Today, compliance is no longer an option. It is an obligation for certain companies from a certain turnover and workforce threshold, but also, by capillarity, for other companies that work with partners who need to show that they are good students.

Between specialization, versatility and outsourcing

The scope of the function having the particularity of being variable in geometry depending on the business of the company and its exposure to risks, there is a great diversity of internal organization methods. With a clear tendency to specialize in large companies.

In large companies, the compliance function is now entrusted to increasingly specialized people, in charge of a given area of compliance.

The configuration is very different in smaller companies. In SMEs, we especially need very versatile lawyers to take charge of several or even all aspects of compliance. This is also what makes the material interesting.

These companies operate in project mode on assignments with teams that can bring together people from HR, finance, IT, etc. The team relies heavily on the financial department for the audit, on the IT department for IT, and on the lawyers in the subsidiaries. They call on law firms for ad hoc expertise needs and for anything that cannot be done internally for lack of staff – such as risk mapping – as well as to benefit from professional secrecy of the lawyer on certain subjects, such as internal investigations.

The use of external service providers remains a default choice because compliance does not lend itself well to outsourcing because the programs must be as adapted as possible to the profession and the culture of the company. It nevertheless remains essential for companies that do not have the critical size to recruit the necessary skills.

What place for lawyers?

It was the lawyers who seized on the subjects of compliance at the start because the regulations had to be dissected and no one wanted to appropriate them. Now the teams are growing. You always need sensitivity to legal issues, but to do financial or industrial investigation, for example, it is useful to have an additional auditor or engineer profile in the team.

The law and regulations remain fundamental, but the implementation of policies and their control are part of the process, and this aspect of the activity corresponds to profiles that are more financial than legal. Lawyers are used to analyzing and evaluating risks, but they do not have enough real training in risk management.

A plurality of stakeholders and skills

Responsible for driving and steering these policies, the compliance officer must demonstrate a certain number of skills and qualities. You need an experienced profile, who knows the business well to be able to offer compliant solutions to operational staff. It takes “courage, being a diplomat and a very good communicator, and inspiring confidence so that managers and operational staff come and discuss sensitive subjects with you. And it is desirable that the compliance officer be attached to a member of the executive committee, or even to the risk committee in order to have the required legitimacy, internally and externally.

These are all requirements that tend to favor senior profiles. We can also measure the maturity of the function within a company by the yardstick of the experience of its compliance officer, even if it can happen that a confirmed profile is limited in its action and its influence, lack of resources allocated to the function.

A market under pressure

This experienced compliance officer profile is not easy to find on the market. There are not many people who have acquired a solid experience yet. What is more, the profile of candidates to be sought must be adapted to the maturity of the company, to the more or less transposable sector of activity, to the culture and values of the company and of the candidates.

Their experience is more or less valuable depending on whether their company had – or not – used law firms experienced in these matters. It may not have much value if law firms did it all, or if the compliance officer was faced with disbelieving management or devious operational staff.

This difficulty in finding the right profiles extends to all levels. Which raises the question of talent retention, given the market value of someone who already has two or three years of experience.

This gap between supply and demand should decrease as training, initial and continuous, develops and professionals in post acquire experience. It is a function that is maturing and rising in all organizations. The challenge today is for managers to understand that compliance contributes to the company's performance and to give it the human, financial and technical means – that is to say the tools – to deploy and monitor an effective program and instill this culture throughout the organization.

For further information, contact : Bruno Abbate, Board Member – Mobile : (+39)/375.5499443 – Mail : bruno@gubernantia.eu.