The stakes of corporate compliance in the United States and throughout the world continue to rise in response to new legal requirements, public expectations of corporate social responsibility, increased shareholder scrutiny, and improved compliance tracking technology. So why is it that, despite heightened focus on corporate compliance, many firms are still failing to comply with regulation? And what can be done to curb such failures?
Robert Bird, Associate Professor at the University of Connecticut School of Business, and his colleague Stephen Park, Assistant Professor at the University of Connecticut School of Business, are developing an investment-risk model of firm compliance that addresses how firms can approach compliance as an opportunity, rather than a cost alone, in order to generate a competitive advantage and build relationships with regulators. In the below interview Professor Bird shares the details of the model, which he and Professor Park presented this October at Baruch College’s Zicklin Center for Corporate Integrity, and which they are composing a paper about titled, “An Investment-Risk Model of Firm Compliance.”
Q&A with Robert Bird
How is corporate compliance evolving?
RB: Compliance has evolved dramatically, especially over the past twenty years. Before the compliance era in which we now live, there was little systematic consideration for how and under what conditions firms met necessary standards. Many firms simply pursued ‘checklist compliance’ and did so mainly to avoid sanction. Today the field of compliance is more complicated, in part because the stakes for compliance are so much higher. Never in modern commerce has the regulatory environment been so complex and the consequences so severe. Scholars are more closely examining the forces that drive corporate compliance and how a compliance initiative impacts the functioning of the organization.
Can you explain the risk-cost compliance model you’re developing?
RB: Each decision a firm makes in regard to compliance is essentially a trade-off. Firms can substantially reduce their risk of non-compliance, but achieving a reduced risk requires significant investments in time and resources. Firms can allocate fewer resources to compliance initiatives, but that may expose the firm to a greater possibility of non-compliance and the associated sanctions.
Our paper models the effects of levels of compliance and shows that what firms seek to do is to not only engage in compliance, but also engage in compliance efficiency. For example, a highly regulated company can be technically efficient and be hyper-compliant. But technical efficiency is not enough. Technical efficiency is, in short, following compliance expectations in whatever manner is in place. The most effective firms are ones that are allocatively efficient, in that they use the most efficient tradeoff of resources relative to risk in order to achieve their compliance goals. Firms seek to not only achieve compliance in a way that conforms to the law, but also to do it more efficiently so it extracts fewer resources.
In what ways can regulators help companies to be complaint?
RB: There’s many ways that firms and regulators work together. “Command-and-control” and various forms of “collaborative regulation” are two of the most common methods. Command-and-control follows the traditional model of regulation. Regulators essentially state, “I am going to tell you that you need to do these things, and if you don’t, I’m going to punish you.” Most firms will respond to the punishment, but do so only when it’s in their immediate best interest to comply.
Collaborative forms of regulation approach compliance as a partnership. In this case a collaborative effort between the regulator and regulated exists. Firms and regulators work together in order to help the firm achieve compliance with the rules. This benefits both parties. Regulators reduce their investigation and enforcement costs. Firms receive greater certainty that their practices will not provoke sanction. When regulator and firm can achieve a partnership, it makes both entities more efficient. Our model explores under what conditions such collaborative efforts can be most effective.
You talk about firms “pushing back the compliance frontier to new levels of innovation” - can you explain that and give an example?
RB: Firms can practice compliance in a fashion that outflanks their competitors. In any industry, there are a set of best practices that are widely acknowledged and that firms seek to achieve. Firms that achieve best practices in compliance will match the ability of their best competitors. Firms that can innovate and develop even more effective best practices can push the frontier of compliance toward new levels of innovation. This produces a competitive advantage over rivals in that such firms will achieve a lower risk profile at the expense of fewer resources. Such saved resources can be allocated to other initiatives.
One way that firms can reach the compliance frontier, and in some cases transcend it, is by building a culture of integrity in their organization. A firm with a culture of integrity places ethical values as a core part of the organizational culture. Employees are empowered to build best practices in compliance and apply a high standard of integrity to firm functions. Firms that engage a culture of integrity believe in the goals of compliance not because of its costs, but because compliance is important to society and is the right thing to do.
You say that there’s a “tug-of-war” between lawyers and compliance professionals in terms of who’s going to own this space. What does this mean for future lawyers?
RB: In an earlier article, we explore the nature of compliance as an evolving function. It has not yet been established who has ultimate responsibility for compliance in the firm. There’s an emerging compliance industry that supports the prominence of the “chief compliance officer” role. Some call for a chief compliance officer who is independent from other departments and has a direct reporting line to the chief executive officer or the board of directors. An alternative perspective holds the chief legal officer as the final arbiter of ethics and compliance, with the head of compliance reporting to the chief legal officer. Who controls compliance may influence how it is perceived. The chief legal officer is typically an attorney, so compliance may have a greater focus on the requirements and consequences of regulation. A chief compliance officer may or may not be an attorney, and does not serve in an attorney-client relationship with the organization. Their emphasis may be more organizational rather than regulatory as a result.
In the long term the goal is for chief compliance officers and chief legal officers (and, by extension, compliance officers and corporate counsel who report to them) to learn to work together, because each of them has a role to play in understanding how compliance works, and when turf battles occur that hurts the entire organization. So it’s a question of which executive entity is going to be responsible for compliance, and it’s going to be a significant issue for the foreseeable future.
How do you think schools can help students of business and law understand compliance?
RB: There is an enormous demand for compliance education. Both law schools and business schools should be introducing students to the principles of legal and organizational compliance and showing how they relate to professional responsibility and business ethics. For business students in particular, even if their work does not emphasize compliance, they must be able to understand how regulation functions and apply those regulations to their immediate tasks.
Professors who teach law in a business school are optimally positioned to deliver that value. It’s time for a renaissance of lawyers in business schools, because the need for a legal education has never been greater. Lawyers in business schools have a profoundly important role in the future of corporate compliance.