Study shows that problems of not being compliant cost almost three times more than doing it properly from the start

Many companies view compliance programs as a headache — something they’re required to invest time and money in, but which produces little. A benchmark report from the United States shows that the opposite is the case. Investing in strong compliance programs saves money in the long run.

The research report by Ponemon Institute LLC in Traverse City, Michigan, examines the real costs, both of setting up a proper compliance program and of cleaning up the damage when proper programs have not been put in place. The study looked at 46 multinational organisations and interviewed 160 leaders.

The cost of compliance worked out to only about $222 per employee, while noncompliance costs averaged about $820 per employee.

“We learned that while the average cost of compliance for the organizations in our study is $3.5 million, the cost of non-compliance is much greater,” the report said. Cleaning up non-compliance problems averaged nearly $9.4 million.

Study cites 10 attributes of a strong compliance structure

The report also looked at the 10 attributes that lend the greatest support to a strong compliance structure. Many of them pertain to governance and oversight of the organization’s security initiatives.

Organizations need to anticipate how changing threats will affect their ability to comply with external, internal and contractual demands, the report said. “The implication for an organization that does not manage compliance risks with the right integrated and holistic response to data security and related compliance challenges are a decrease in revenue that results from both the loss of customer trust and loyalty and the inability to deliver services and products,” the report said.

The study, “The True Cost of Compliance,” is available online at Tripwire.com.

Thinking about it, Ímpeto, with extensive experience in software architecture, has just launched the ClickCompliance application! With simple usability, it works on SharePoint Online and allows your company to document who has accepted its policies, so if the company experiences any kind of process, it can prove to the law that it is in compliance and that Responsibility is integral to whoever committed the criminal act.

Compliance is the set of norms, regulations, policies and guidelines established by the company, which aims to avoid, detect and treat misconduct. We already know how important compliance is to your company. But in this blogpost, we’re going to understand what really matters: the numbers. How much does a compliance program really cost your company?

How much does it cost to not have a compliance program?

Before we analyze the cost of a compliance program, it’s important to understand how much more you can spend by not having one. That way, you can do the necessary comparisons to decide if the cost effectiveness is compatible with your company. 

The Anticorruption Law’s fine is the main cost for companies who don’t have a compliance program. The fine can vary between 0.1% to 20% of the company’s gross income. However, the punishment will never be less than how much the company made illicitly.  The image below shows how that math is done.

The losses that come from the fine can be avoided with a compliance program. That’s because it makes sure that illicit acts don’t happen. But better still, the Anticorruption Law forsees a 4% reduction of the fine for companies that have an integrity program. In other words, if compliance can’t avoid the illicit acts, it can lower the fine.

How much are companies investing in compliance programs?

The costs of a compliance program for larger companies, especially the ones affected by legal actions, are very high. Just Odebrecht estimated an expense of R$ 64 million on compliance in 2017, almost 6 times the amount dedicated to the department two years ago. And Andrade Gutierrez, another construction company affected by Operation Car Wash, reevaluated all of it’s suppliers and partners, and payment processes. This resulted in them blocking over 100 suppliers.

Some examples of companies that were negatively affected by their involvement in corruption cases are:

– Engevix Construction was prohibited participation in any federal bidding for 5 years after being declared inidone by the Tribunal de Contas da União (TCU), due to irregularities it comitted during the construction of the Angra 3 nuclear powerplant. It’s income shrunk by about 70%.

– The food company JBS’s rating was lowered by the risk classification agency Standard & Poors. It cited poor governance policies as a motive. The lower the rating, the more the company has to pay for credit. 

How much does a compliance program cost?

To determine the costs of a compliance program, 6 major points have been chosen. It has been determined that the costs of these 6 activities cover the total economic impact of conformity. In each one, direct and indirect costs have been analyzed. 

Compliance Policies

Activities related to the creation and dissemination of policies. The most important example is the Code of Ethics and Conduct. But the program can also contain specific documents about company trips, HR, risk evaluation, etc. The costs that surround policies are mainly from managing these documents (poor management can lower productivity significantly), as well as the legal consequences of not having them (nonconformity with anticorruption laws).

Communication

Activities and associated costs that allow a company to train or create an awareness about the organization of related policies and procedures to protect sensitive data or confidential information. This activity includes all communication to employees, temporary employees, contractors, and business partners. It also includes the required notifications for policy changes and data breach incidents.

Program management

Activities and costs related to the coordination and governance of all in-company programs and activities, including direct and indirect costs. For example, the costs of a compliance officer, a compliance team, or the cost of a team to maintain the program in general. 

Data security

All activities and technologies used by the organization to protect information assets. Activities include professional security personnel, implementation of control systems, backup and disaster recovery operations and others.

Conformity control

All activities developed by the organization to evaluate or assess external compliance, internal and contractual obligations. It includes the costs associated with internal audits, third party audits, verification programs, professional audit personnel, and others.

Execution

The activities related to the detection of non-compliance, including incident response. These activities also include remedial actions, such as corrective training of employees that violate compliance requirements, and voluntary denunciation to regulators.
In addition to the internal activities mentioned above, most companies are compromised on account of loss of opportunity as a result of non-compliance with data protection requirements and laws.

An example of a non-compliance situation includes end-user policy violations such as improper use of internet applications or the use of unsafe devices in the workplace. Other examples include contractual breaches with suppliers or business partners, organizational changes imposed by regulators, theft of intellectual property, and many others.

The cases of corruption of great visibility involve the most important companies of the country. With the unfolding of these facts, corporations have been pressured to adopt a change of attitude towards this type of event. Thus, they have realized the need to protect illicit contracts.

 

It is in this context that the good practices of conduct are highlighted, especially the so-called Compliance. An effective Compliance system is the assurance of the organization to guard against or detect attitudes contrary to the principles of ethics and integrity in business, everywhere and at all times. It is therefore necessary to create internal mechanisms for the prevention and detection of irregularities such as fraud, bribery and corruption.

 

The Compliance system is extremely useful, either to prevent the occurrence of illegal acts or to alleviate the penalties suffered by the company if the corporation or someone acting on its behalf will commit deviations. It is necessary, however, to prove before the law, its effectiveness, through a portal that maintains that the documentation facilitates this process, since it proves the cooperation of the company with the investigations.

Currently anyone who does not adhere to tougher anticorruption policies runs the risk of succumbing. It is therefore becoming increasingly vital that the company have modern tools and thus maintain greater control over what occurs in the corporate environment. The application offered by Ímpeto allows optimizing the entire structure and use of management and operational resources of the Compliance processes.

 

As a matter of fact, always thinking about being in line with the needs of the market, has created the ClickCompliance app, one of the most efficient solutions to deal with legal issues related to these acts.

 

ClickCompliance delimited offers:

– Digital signature confirming science and accepted policy

– Classification of policies by category

– Definition of policy target by category

– Version of the policies, with control of acceptance by version.

– Policy Audit Report, allowing to list

• Given a collaborator, which policies are accepted and not accepted
• Given a policy, which employees accepted and did not

– Notifies by email:

• Policy acceptance agreement
• Notice of new policy and / or version

– Configurable periodic reminders requesting the acceptance of policies

– Statistical panel showing the percentage of acceptance of all policies

– Anonymous denouncement channel and complaint handling control

– Banner configurable with the employee’s policy acceptance percentage

 

Ensure the integrity of your company with ClickCompliance!

Corruption scandals around the world show the importance of effective policies against criminal acts. In Brazil, more specifically, it is possible to follow the progress of judgments, which are becoming increasingly complex. These events culminated in the creation of the Anti-Corruption Law (Law nº 12.846 / 2013). With it, corporate accountability, whether in the civil or administrative sphere, becomes more objective when “harmful acts against the national or foreign public administration” are practiced.

An exit found to protect itself from these possible processes is compliance practices. Compliance are instructions to follow the set of rules, regulations, policies and guidelines established by the company, which aims to avoid, detect and treat misconduct.

Because it is made up of people, who have the most diverse behaviors, it is impossible to ensure that none of its employees, partners, suppliers will put the organization in reverse condition. Once illicit benefits are proven to companies, they are quickly liable to suffer penalties.

Companies are now liable for illicit practices and may pay fines of up to 20% of their billing. In order to obtain the leniency agreement, that is, reduction of penalties, it is necessary for companies to collaborate effectively with the investigations and with the administrative process. It should result in the identification of those involved in the administrative infraction, when applicable; And the rapid obtaining of information and documents that prove the infraction under investigation.

In-person training, vendor and partner visits, or even contracting companies to train these people are some of the actions corporations are taking to ensure that everyone complies with pre-established policies. However, these processes are extremely expensive, and it is difficult to prove to the authorities their efficiency and exemption from the company’s own interests in them.

The solution?

In this context, there is a need to be able to count on simple and low-cost tools like the App created by Impetus: ClickCompliance. ClickCompliance is a system in which the company has complete control over its employees, network vendors and outsourcers to be in compliance with the policies of the organization. Ensure the integrity of your company with ClickCompliance!

Rio de Janeiro engineering company warns in its ads that it refuses requests for bribes

The Barbosa brothers tell that they do not stick queues and they get angry when they see a friend put some notinhas in the waiter’s pocket to obtain a differentiated treatment. They are also shocked when they hear of someone finding a cell phone on the floor and storing it quickly so as not to return it. The same when, in a party offered by them, they notice that a guest paid the service to serve him more shrimp. “The corruption is from the bakery to the butcher’s shop,” they lament. Barbosa’s commitment to not take shortcuts comes from the cradle and turned north of the company they play together in Rio de Janeiro, a well-known engineering office dedicated to the maintenance of buildings and facades. The posters hung in each of the buildings where they work warn: “Stanley does not tip. If you want, please do not call. ” But some people call.

When what should be normal ends up being a prominent exception on a poster, there are those who may regret the point that Brazil has reached today. But the Barbosa warning has been printed on every board of the company for more than 20 years, long before the country came to grips with Janot’s lists, such as the one released on Tuesday, involving government and opposition politicians. Corruption is not of today, they reinforce. What Stanley and Ricardo tell about this microworld of civil construction, in which engineers, syndics and neighboring communities live together, has much to do with Brazil today. Bribes and cartels between companies in the industry, they say, are common, cause job overload and end up benefiting the old ones. There are no codenames to refer to trustees, as with deputies and ministers involved in the Lava-Jet, but rather euphemisms for insinuating the bribe to be added in the budget: “liking”, “technical reserve”, “commission “…

Stanley, 62, recalls the day he decided to stop the flow of calls and indecent proposals two decades ago. “It was the last straw,” he says. He had received a trustee from a large building in Botafogo who had already praised the company to announce, shortly afterwards, that the residents had decided to delegate the work to Barbosa. Grateful, Stanley spent an hour showing the trustee the premises of the company, then in Copacabana, to please him and convey confidence, until finally the visitor fired: “And what ‘spare’ do you leave for me?” The engineer did not understand, but at the time the trustee was more explicit Stanley decided to stop and institutionalize the good practices. At that time, Brother Ricardo, 67, had experienced the same embarrassment. “I went to Niterói with an engineer hired by the building to pay for a work and when I was there, doing the work, he asked me to put a 10% more for him. We were disappointed, “recalls Ricardo.

The rigor caused them to lose customers, as a million-dollar work in a building in the Recreio neighborhood, a tasty contract for any company in the industry, but conditioned to a 10% “technical reserve” for the liquidator. The brothers argue that at least they save the time they spend in doing surveys and budgets and then have to say “no”. “At first there was a discomfort at the warning, but I think it came from precisely who was in it. Honest people came to look for us more. If before, of 10 works they asked for bribes in four, now of 10 we only have one with that request “, explains Stanley, the most talkative of the brothers. “If they still take advantage despite the warning? There’s always someone who does not read, “jokes the engineer, evangelical and fan of Judge Sérgio Moro -” he gives the youth the idea that crime does not pay. “

The Barbosa, who have in the curriculum the reform and maintenance of more than 3,000 facades, do not work with the Government, in any sphere. They say that by choice. “We know that it is very difficult to get contracts if it is not with an agreement behind. We’re not going to be romantic, we know that what we see in the media today has always happened, “says Stanley, who says he has seen the parents of his children’s friends coming to prison on corruption scandals.

Children of a military man and a public defender, the Barbosa read with disgust the daily newspaper headlines. Of the corrupt plot that former governor Sergio Cabral sewn up by charging tips from companies that worked for the Government to the list of those involved in the Odebrecht scheme. Stanley, who says he has not left and has not missed an anti-corruption rally, sees an opportunity. “It’s an odd, excellent situation, and the country can turn the corruption page. It’s an expensive price because there’s a lot of unemployment, but we’ve never seen people with so many millions in the accounts being arrested. “

The Barbosa, however, do not find themselves odd – “there are many more honest people than dishonest” – but warn that the “biggest error and defect of the Brazilian is to be silent.” Ricardo, in an attempt to illustrate the way back from corruption, resorts to the construction site: “In the end, it’s not just a tip. Whoever is corrupted does not hesitate to put lime in the ink. “

Source: EL PAÍS