Don’t be Afraid to Say It: Good Compliance is Good For Business

02 July 2019 - 10:12 am UTC

By Michael F. Savicki, VP, Compliance - The Americas for American Express Global Business Travel
 
In April 2019, the US Department of Justice (DOJ) issued its updated “Evaluation of Corporate Compliance Programs” which provides prosecutorial guidance on relevant factors to consider concerning the effectiveness of the corporation’s compliance program.   The guidance analyzes whether the compliance program is
  1. well designed;
  2. implemented effectively; and
  3. works in practice.
The guidance also provides an insightful template for in house legal & compliance personnel to self-assess and evaluate their program and highlights the importance of establishing “incentives for compliance and disincentives for non-compliance.”  
 
Go Beyond the “Stick” & Highlight the “Carrot”
While much is made of the numerous examples of punitive monetary damages and potential for individual liability stemming from non-compliance (i.e. the “stick”), there is less focus on the quantitative benefits stemming from effective compliance and strong corporate governance programs (i.e. the “carrot”).  For internal legal and compliance professionals, who are often resource restrained and looking to illustrate the importance of an effective compliance program beyond showing pictures of executives in orange jump-suits and hand-cuffs, the question becomes:
 
How can I best use the DOJ guidance to illustrate that an effective compliance program can create accretive value to the business and that appropriate investments into the program results in a positive return on investment?
 
Clear Corporate Purpose – Potential for Outsized Returns 
There is an increasing trend in the investing and corporate governance community highlighting the proposition that strong corporate governance and an emphasis on Environmental, Social & Governance (ESG) principles will lead to outsized investor returns and sustainable shareholder value.[1]  Indeed, the past few years has witnessed dedicated investment strategies focused on the principle that companies generate higher returns when they invest in their workers, protect the environment, treat their customers well, and engage with local communities.[2]
 
Investor focus on corporate purpose, and ESG principles via strong corporate governance and sustainability presents an incredible opportunity for legal & compliance personnel to highlight how strong internal controls – good compliance – can result in increased shareholder value.   Passing on questionable deals in high risk jurisdictions becomes a much easier message to convey internally when the tone at the top is laser focused on long-term growth of the business and not short term quarterly numbers to ward off hedge fund investor activism.  
 
Moreover, corporate control functions such as legal, compliance, and human resources are typically assumed to be an expense center and cost on the balance sheet.  However, if companies with better governance and controls result in higher investor returns, then the analysis shifts and the first level thinking that control functions are solely cost centers is replaced with the knowledge that a strong internal control environment can be a vital part of the corporation’s overall value proposition to its constituents and stakeholders.  In other words, ESG like investing principles demonstrates that effective compliance programs can indeed be good for business.
 
 
An Effective Compliance Program Is Tailored to the Business and Incorporates Regulatory Developments
Having established that strong internal controls and effective compliance programs can result in quantifiable benefits to the corporation, the question then shifts to designing an effective compliance program and securing appropriate investments to achieve that result.  This is where the DOJ guidance provides an excellent roadmap for internal legal and compliance personnel.  As noted by the DOJ, a well-designed compliance program will:
 
  • assess the business from a commercial perspective including its “industry sector, the competitiveness of the market, the regulatory landscape, potential client and business partners” among other factors; and
  • have sufficient resources and staffing to effectively manage the program based on the size, complexity and scope of the business. 
 
Here, at American Express Global Business Travel, we developed a tailored compliance program based on our products and services offerings as the world’s largest business travel and meetings & events service provider.  We maintain a dedicated compliance function with a direct reporting line to the Board and CEO.  Our 360-degree compliance program is focused on mitigating our key risk areas – anti-corruption, sanctions, privacy, information security and third party oversight - and continual improvement with learnings from recent regulatory developments.
 
Such developments, particularly within your specific industry, can be incredibly impactful learning and promotional opportunities to illustrate the value and purpose of implemented controls.  For example, earlier this month, the US Department of the Treasury’s Office of Financial Asset Controls (OFAC) entered into two separate settlement agreements with travel service providers for providing Cuba-related travel services in apparent violation of the Cuban Assets Control Regulations.  The root cause of the violations was due to a failure to effectively and promptly integrate an acquired foreign subsidiary and a failure to train personnel on the extraterritorial reach of US sanctions to foreign subsidiaries.  
 
These settlement agreements make clear that (i) all travel companies must be keenly aware of US sanctions law requirements; and (ii) these requirements must be hardwired into the online technology and effectively implemented and expanded into any foreign based acquisition. 
We highlighted these regulatory findings internally with special enterprise-wide and Board level communications as they underscore the importance of:
 
  • effective compliance training,
  • timely integration of acquired entities into the existing compliance framework;
  • complying with all our internal policies & procedures; and
  • the investment case for building sanctions’ compliance controls into all systems.
 
Such teachable moments are not limited to regulatory developments but can extend to front page headlines.  One recent example was the announcement by the US Customs & Border Protection office that it experienced a data incident as a result of its subcontractor failing to comply with contractual requirements and subsequently experiencing a cyber attack.  The resulting data breach highlights the criticality of an effective third party oversight program from onboarding to ongoing oversight.  Here again, we developed an internal communication plan around this development to illustrate the:
 
  • importance of our robust third-party oversight program;
  • need to conduct vendor due diligence via risk assessments and sanctions and reputational screening,
  • requirement that our vendor agreements contain explicit contractual requirements and independent audit rights and certifications requirements for vendors that access, store or process our data; and
  • investment case for funding a comprehensive third-party oversight program.   
 
In an in house environment with scare resources it is imperative to use these developments as learning and training opportunities to not only stress the importance of an effective compliance program but the need for appropriate funding of such programs which can benefit the bottom line. 
 
ESG like investing principles focused on long-term growth and sustainability has created an exceptional opportunity for in house personnel to no longer cower as a cost center and to highlight a strong ROI from appropriate funding of a well-designed and continually improving compliance program.   In other words, do not be afraid to say it:  good compliance is good for business.
 
Michael F. Savicki is American Express Global Business Travel’s Vice President for Compliance - The Americas where he is responsible for all risk and compliance disciplines throughout the Americas region and Commercial Compliance globally.  Prior to joining American Express GBT, he was Senior Attorney – Compliance & Corporate Governance at Sikorsky Aircraft Corporation, Secondee Counsel at Deutsche Bank’s Litigation and Regulatory Enforcement Group and Senior Litigation Associate at Fried, Frank, Harris, Shriver & Jacobson, LLP.  He began his legal career as a law clerk at the United States Second Circuit Court of Appeals.  He is a graduate of Tulane Law School and Connecticut College and a member of the Connecticut, Massachusetts and New York state bars.  The views expressed within this article are entirely his own and not those of his current or former employers.
 
 
 

[1]  For a detailed analysis and discussion on this concept, see Some Thoughts for Boards of Directors in 2019 (Including the New Paradigm: A Roadmap for an Implicit Corporate Governance Partnership Between Corporations and Investors to Achieve Sustainable Long-Term Investment and Growth), Dec. 14, 2018, available at
[2]  See Just Capital, June 2019 Report JUST Business, Better Margins, available at  https://justcapital.com/reports/just-business-better-margins/