Minimizing Compliance Risks

Natalie De La Cruz Valdes, managing director with Computershare Governance Services, UK, discusses how corporate governance and regulations may affect risk and the role outsourcing plays in budget management.

CCBJ: Todayʼs corporate governance and regulations have become more and more complex. How has this affected an organizationʼs ability to manage its processes and minimize risk?

Natalie De La Cruz Valdes: Thatʼs something we see many of our multinational clients grappling with. Most multinationals are struggling to keep on top of the changing regulatory landscape, where new compliance rules and requirements are introduced at an ever-increasing pace. It’s particularly challenging to manage underlying process-es and minimize risks in terms of clients showing their businesses are fully compliant across multiple countries. Itʼs not an easy task, but it’s a basic requirement for groups with international subsidiaries. Itʼs almost always more expensive and time consuming to return to good compliance than it is to comply with the obligation in the first place.

And if we look at the actual requirements and take each one in isolation, theyʼre not particularly complicated. But when clients have multiple entities spread across multiple territories, and youʼre looking at each country’s specific obligations, deadlines, and the introduction of new requirements, very quickly it can become overwhelming. The pace is difficult for in-house teams to keep up with, and thatʼs where you see the risk of compliance failures.

In recent times, subsidiary governance moved up the agenda linked the fair tax debate, tax transparency, and associated reporting requirements from regulators. As a result it is no longer an option for multinationals to have inadequate controls and visibility over their subsidiary compliance status. This can result in four main categories of risk: legal, financial, reputational and operational risk. If we think about legal risk, thatʼs where youʼve got the headache of trying to stay on top of changing regulations, from ongoing statutory obligations for subsidiaries to ad-hoc transactional requirements that crop up in the normal course of business. It also means staying on top of the processes required to implement those changes on the ground. This can be particularly challenging for organizations with a decentralized structure and often results in a lack of visibility and control.

Historically, legal risk has been considered in the context of corporate governance within the realm of the parent company, the boards, additional committee meetings, etc. But as globalization has increased, the corporate governance agenda, challenges and risks have also broadened in scope. The requirements for sound governance are now a must at the subsidiary level as well as the parent company level.

When we look at financial risk, to give an example, we see directors receiving threats of imprisonment for not filing financial statements on time, and local registries or regulators initiating actions against non-compliant companies. Historically, these have been theoretical risks, but now regulators and registries have become more aggressive in taking these actions. Penalties and fines can be levied against companies for non-compliance, which creates not only a financial but also a reputational risk. The penalties are typically nominal, however some fines accrue by the day until the company is put back in compliance and can therefore become more substantial. And if fines are happening on an ad-hoc basis, it adds an element of unpredictability to the budgeting process.

As previously mentioned, reputational risk is also linked to financial risk, because it can have a significant impact on an organizationʼs bottom line. Itʼs often overlooked when we talk about non-compliance, but reputational risk can affect things like new business opportunities and so it can have a disproportionate effect.

Operational risk is a pretty big one for multinational organizations. Relying on local resources to discharge compliance obligations is fraught with risk. Compliance activities are often deprioritized, which creates an operational risk to the business. There must be a robust Compliance and governance program in place if business disruptions are to be minimized and resources are able to focus on the right tasks. When organizations try to manage day-to-day subsidiary compliance in-house, it eats up a huge amount of time and distracts in-house resources from concentrating on higher value tasks. Legal functions are under increasing pressure to do more with fewer resources, and thatʼs where competing priorities come into play and create unsustainable situations. Whether it’s a market lawyer with an appreciation for the importance of compliance, or someone from the local finance function who inherited compliance obligations as part of their job, in both scenarios the compliance burden is placed on busy individuals already wearing multiple hats at a local level. And typically, we see clients using spreadsheets or silo technology systems, which provide very little control around the quality of information, or the accuracy and maintenance of that data.

With tight budgets and limited resources, how can outsourcing play into budget management for compliance initiatives?

Typically, we ask our clients two key questions: Do they understand how much theyʼre spending on subsidiary management today, and do they know what theyʼve spent on subsidiary management in the last 12 to 24 months? Pretty much universally, the answer to both questions is no. Itʼs really difficult for clients to quantify spend, particularly when theyʼre operating in a decentralized model. And the single most effective way to deal with that is through service provider consolidation and fixed fees.

That’s the difference between a reactionary and a proactive model. Reactionary is the scenario where you have in-house teams to manage subsidiary compliance. Itʼs not really their day job, it creates constant fire drill scenarios and it distracts them from what they should be doing. The proactive model is typically the outsource model, where a trusted provider consolidates everything into a single vendor who can provide knowledge, methodologies and processes. It allows a clear line of sight of upcoming deadlines and obligations and a buffer to mitigate risks when potential issues occur.

The proactive model removes the need for internal resources to spend hours triaging un-expected issues. There’s also less reliance on the key individuals and thereby reduces the risk of business disruption if a team member leaves. In our experience, clients who consolidate down to a single service provider model can save upwards of 20 percent on standard compliance costs, as well as freeing up internal resources to focus on more strategic and value add activities.

It's more expensive to return to non-compliance than it is to comply in the first place.

What advice do you have for a corporation considering global enterprise legal management solutions?

It is critical for multinational organization to have the right technology in place, as we move into an increasingly virtual world. But technology itself is not the solution. For technology to be effective, it needs to be managed carefully and used thoughtfully with the right underlying processes and controls in place. Whether youʼre using a spreadsheet or a technology platform, knowing whoʼs responsible for entering information into the system, and how the information is maintained is key to building the integrity of data as well as trust and confidence in the system.

Most multinationals struggle to achieve a robust and reliable single source of truth without the help of a trusted partner like Computershare, who have the knowledge and methodologies to help drive discipline into the system set-up and ongoing maintenance. This also enables organizations to benefit from best practice recommendations and critically to leverage the system to its full capability.

The deployment of global entity management software is no longer nice to have, but instead it has become a must for businesses where thereʼs an expectation that technology is utilized across functions to mitigate risk, business disruption and create efficiencies. The production of meaningful MI and insights generated by effectively leveraging technology and data is also critical to achieving enhanced governance.

As one might expect, there has been an increase in the uptake of technology as a result of COVID-19. This has accelerated the existing trend to modernize governance and created a need for a platform that enables global governance activities to be dealt with remotely, as the need for transparency of subsidiary operations increases. In this context, the solution is therefore the considered use of the right technology platform, providing the ability to access accurate, real-time corporate data from anywhere at any time. In addition, having access to knowledge, insights and procedural requirements can help save internal teams time and aid faster decision-making. This can be taken one step further by leveraging technology to help turn insights into action, using that to report on and mitigate key risks.

There is also the trust element linked to the effective use of global entity management solutions. If there is a loss of faith in the integrity and accuracy of the data in a system, people will move away from relying on it as a trusted data source. This is often when organizations discover they have multiple siloed systems tracking the same information. For example, finance, tax, legal, all holding their own versions of the truth, rather than utilizing a single accurate data source. Having a single source of truth enables internal teams to work more efficiently and to share information with other functions and stakeholders across the business, safe in the knowledge that the data is accurate. It also reduces overall costs of and time spent on compliance. As we know, a general lack of visibility of local requirements, which can often shift, is an ongoing problem for most multinationals. Therefore, having the ability to tap into procedural information in a single technology platform has potentially massive benefits for most organizations.

Another area where technology may be better leveraged is to provide greater transparency of spend patterns for compliance and corporate change activities. This is information that most organizations simply do not have access to, making budgeting more challenging that it needs to be.

In summary, working with a trusted partner to properly implement a global platform such as GEMS, can create many efficiencies, increase overall governance and visibility and provide meaningful data to mitigate risk and drive better decision making.

For technology to be effective, it needs to be managed carefully and used thoughtfully.

How you are anticipating the pandemic impacting compliance workflow and other issues with so many people working from home on personal devices?

As the pandemic gathered pace, itʼs been necessary for organizations to contend with the swift adoption of remote working and all its associated challenges and disruption. For many itʼs probably exposed gaps or vulnerabilities in previous working practices. If we add that to the trend of increasing regulation, and the expectation for legal and secretariat teams to do more with less, it becomes the perfect storm. Now more than ever businesses have to focus on steps they can take to effectively manage their global substitute governance practices. How do they future proof the business to ensure good governance and compliance across those subsidiaries going forward?

Technology is critical. As we shift to working in a virtual environment, some big, credible companies have confirmed that their employees will have the ability to work from home in the long term. So, this is really a seismic shift and something we simply werenʼt used to before. Relying on having information in a filing cabinet by your desk, or being able to turn to a colleague to ask for information – how do you make that shift to working at home in an isolated environment and not have access to those resources?

Technology has to be the answer to that. Organizations need to look at their plans around technology. Have they got a robust platform in place? Can they consolidate? There are solutions out there and partners like Computershare that help clients and advise them on that. So, itʼs not something they necessarily need to do alone, organizations can bring in relevant expertise to support them.

With the pandemic, the goalposts have shifted. What weʼre seeing is that a blend of human and digital resources is critical to making sure organizations can achieve an effective governance program, and functions are fit not only to meet todayʼs challenges, but future proofing and keeping pace with constant changes happening all around. The best way to do that is through technology and working with external partners that can help supplement internal resources.

So again, it comes down to consolidation outsourcing, and the governance and control piece. Making sure you have the relevant governance and controls in place as people are working remotely. Making sure they have access to the information you need, that you have consistent global processes and methodologies in place, and place less reliance on individual resources. Making sure you’re thinking about potential risks from a business disruption perspective. It really is critical because the world has changed. And businesses and teams that are not mindful of that and donʼt have a plan in place to keep up with that change, well itʼs going to be very difficult for them.

To register for Computershare's March 11 webcast, Virtual Annual Meetings: New Industry Changes and How to Meet Expectations in 2021, click here.

Published .