Compliance through the eyes of the ECF 2019 speakers
1. Compliance has been a very topical issue in Slovakia for a number of years. However, some companies are uncertain about how to apply compliance in practice and are unsure how to proceed. What is the importance of compliance for those who have already put it into practice?
The financial and banking sectors are among the most highly regulated sectors in the region and compliance has been implemented here for a longer time period. Ján Vittek, Compliance Director at Tatra banka, explained: “I know this is not original, but for me compliance means doing things correctly even when nobody is watching. A number of leading figures have used this definition for various other terms. Henry Ford used it regarding quality, C. S. Lewis regarding integrity, and many others regarding character, and I use it for compliance.
Štefan Máj, Slovenská sporiteľňa Foundation: “I consider compliance to be a major part of corporate governance, as it ensures, in our case, that a bank follows the law and internal regulations, and ensures supervision of compliance with the Code of Conduct.”
Lucie Schweizer, Ružička and Partners: “Compliance is about compatibility. Not only compatibility of values, but also compatibility of business with regulatory requirements. For compatibility, balance is the crucial value. The more individualised reflection on compliance implementation the company undertakes, the more prepared it will be to become a 21st century company. Moreover, compliance makes it more flexible. Balanced compliance provides a company with a space for fulfilling its legal obligations, while effectively doing business and achieving its main purpose – making a profit.”
Juraj Lipka, Philip Morris, responsible for the Czech, Slovak and Hungarian markets, added: “For me compliance primarily means integrity and honesty. It is also a trustworthy and reliable system, which is a summary of legal obligations and internal rules that have their roots in the values of a given company.”
Pavla Hladká, Deloitte Forensic: “Compliance means more than just following the law. It also means following ethical values, such as fair and honest conduct, transparency and sustainability. By implementing preventive measures (training, monitoring, reviews, establishing a hotline, and whistleblower protection, due diligence of business partners and their background check, etc), compliance should prevent unethical conduct and fraudulent behaviour. A well-designed compliance program can help to increase employee integrity, reduce corporate fraud, and it can also be a tool for exonerating a company in the event of a corporate criminal liability. Top managers in Slovakia are not overly willing to invest in compliance, which they perceive more as a necessary evil than a benefit. To convince management of the importance of compliance is still mainly up to, among other tasks and obligations, compliance officers.”
2. While globally, compliance is part of an integral company management strategy, in our region it mostly only has a basic regulatory function
Dušan Kučera, the University of Economics in Prague emphasises that the current situation is partially due to historical development in the region: “CEE has an unresolved history: Marxism, materialism, opportunism, putting profit before the law, disrespect for the law, not keeping one’s word, breaking promises and disrespecting people who we are supposed to serve, rather than exploit for our benefit. Therefore, regulatory compliance is better than nothing, but it is often inadequate and we see a refusal to accept responsibility.”
Pavla Hladká: “We have dealt with compliance in many companies. I can confirm that in practice the majority of them support and place emphasis mainly on regulatory compliance. This approach increases not only financial risk, but also reputational risk.”
Lucie Schweizer: “The CEE region is still getting to understand compliance in general terms. However, increasing bureaucratic obligations will force businessmen to think in other directions and compliance will become one of the main features of management. This is due to the coming introduction of new regulations, innovations, eg in the product line, or as a result of increased pressure from inside and outside the company. ”
According to Juraj Lipka, regulatory compliance plays a major role: “This is related to the fact that acting in accordance with legislation is a basic condition for doing business. In the long term, however, company management should also focus on ethical compliance, which represents the permanent values of the company.”
3. Corporate compliance is built on three fundamental pillars: ethical, regulatory and forensic. What is their optimal combination?
Ján Vittek gives a practical insight: “I cannot say what combination is optimal. I do not perceive clear boundaries between these areas. I believe they significantly overlap. I can only judge on the basis of how much time and energy my team devotes to individual areas. I would say that it is about 20:50:30. However, this distribution may not apply to compliance at another bank and it certainly does not apply to the non-financial corporate sector.”
According to Dušan Kučera: “The most critical are ethical thinking and behaviour. The rest is just consequences in areas such as law, bookkeeping, audit, quality, etc.”
Lucie Schweizer stated: “In practice, it is often the case that only one pillar dominates at a company. In my opinion, this is the reason why compliance is usually unpopular. Every company should cover all three pillars in order to benefit from the processes – whether in terms of employee loyalty, increased profits, reduced costs or damage prevention. The combination should be tailored to meet each company’s needs. However, the key to this is balance.”
Juraj Lipka: “Let’s put aside ethical compliance for a moment and focus on regulatory and forensic compliance. One cannot exist without the other. For business compliance to function properly, it needs to be safeguarded by forensic compliance. As regards ethical compliance, I believe that it is an overarching concept that is related to corporate values. If there is strong ethical compliance, other tools may not play such an important role.“
Pavla Hladká: “All three pillars are equally important. Ideally, they should be interrelated and complementary. Their combination may differ at different companies. It depends on various factors – the scope of business, industry and its susceptibility to unethical and fraudulent conduct, the size of a company, its organisational structure, management style, corporate culture, communication, legislation, requirements of regulatory authorities, etc. It is important to have at least a basic framework in place to cover all three pillars, which should be improved to fulfil their function effectively. The most risky situation is when one of them is either weak or is missing altogether.
4. It is said that forensic compliance only applies to large companies. Can SMEs also use forensic compliance effectively?
Dušan Kučera: “It’s good to start with large corporations and groups. They have a bigger impact, greater responsibility and they could do more harm, but may also do more to help. However, morality applies to all – to SMEs and to traders on an every day basis.”
Lucie Schweizer: “It is already happening. SMEs are often not aware of it, because they do not realize that these processes are part of compliance. Forensic compliance is above all about detection. In our business terminology, we use terms such as investigation, internal detection, audit, reviews or standard preparation of documents for filing a criminal complaint. The word compliance creates a fear of the unknown. It is perceived as a complex system that is inaccessible for SMEs. This is false. Compliance is and should be tailored to meet a company’s needs. Logically, the scope of compliance is different for SMEs.”
Pavla Hladká concluded: “Forensic compliance is primarily about prevention and addressing corporate fraud. Fraud can occur at any company, regardless of its size. Fraudulent conduct depends on people and their ethical and moral values, but also on the situations in life in which they find themselves. Inducements to undertake fraudulent conduct vary – financial distress, management pressure, greed, addictions (often gambling), opportunity, an urge to buck the system, etc. A company cannot detect, anticipate or affect the majority of such inducements. The company can (and should) only affect the set up of its internal controls to reduce the risk of fraud. Implementation of effective controls and their continuous monitoring should be carried out at all companies. Fraud-sensitive companies that could potentially suffer significant damage (eg banks or insurance companies) should use a detection system to combat fraud and mitigate the risks.