Corporate compliance is an engaging subject at board meetings as the new Companies Act, 2013 now casts very specific responsibility on the directors of companies to ensure effective compliance management system. An increasing trend towards governmental regulation, the quest for transparency by various stakeholders, and the proliferation of social networks mark the next step in the evolution of compliance management. In the past as well as today, major cases—from Enron to Satyam—serve as drivers and catalysts for further emphasis.
Most of the developed countries have adopted ‘the stick and the carrot’ approach to create an incentives for thousands of corporations to create or modify their compliance programs. In November, 1991, an innovative piece of legislation was enacted in the United States which had a profound effect on corporate America. The Guidelines were developed by the United States Sentencing Commission, a new governmental body which came into existence in 1984. Judges were being asked for the first time to consider whether the convicted corporation had established an “effective compliance program” prior to the violation taking place, in other words, whether the corporation had taken appropriate steps to prevent and detect violations of the law. Since the enactment of the law, hundreds of corporations have been prosecuted under the Guidelines, some suffering fines and penalties in the tens and even hundreds of millions of dollars.
Although key compliance areas like taxation and corporate law are handled by subject matter experts, we note that Indian companies have still not made significant investment in proactive compliance management. Most often, the compliance management function is reactive; only when a potential non-compliance is identified – either by internal parties (e.g. Process owners) or external parties (e.g. Auditors, government authorities etc) – does the regulatory function step in to respond.
The need for effective compliance management is far greater for Indian IT (Information Technology) companies which are now going global by having presence in multiple countries. A preference for organic growth has led to IT companies establishing a slew of overseas branches and subsidiaries. In addition, business activities are started by deputing significant number of employees from the home country to these respective locations. These expatriate executives, although well versed with the business models of their respective companies are often not conversant with local laws and regulations. Underinvestment in understanding local requirements before starting up operations could expose the company to significant regulatory and reputational risk. A single critical non-compliance in a country having insignificant contribution to the global revenue of a company may also have a criminal liability reaching all the way up to the Board of Directors.
Complexity of the regulatory structure and constrain of foreign languages also multiplies the risks associated with compliance management in some foreign countries. With the recent trend of growing presence of the Indian IT companies in Europe and Latin America, compliance risks and challenges have become more real than ever. Most of the countries in these regions have very stringent employment law requirements and high cost of social security.
The penalties associated with non-compliances with these regulations are also high and sometimes can impact the very existence of a company in these countries. Such stringent compliance requirements not only impact the administrative cost of doing business but at time may also impact the operational cost of doing business in such countries. For example, even top management is subject to laws governing overtime and bonus / increments in some regions of Europe and Latin America. Hence employee deputation costs could be higher than cost incurred on a similar position in USA or UK. Further, most of the Indian IT companies are setting / have set up Near Shore centres in Latin America / Eastern Europe to pass on cost advantages to their clients.
A robust compliance management mechanism would help in sustaining the cost advantage and prevent regulatory costs such as penalties and fines from eating away these margins.