Stretching Your Compliance Budget
The other week I moderated a webinar on how compliance officers can stretch their budgets for maximum effect. As usual the discussion was fascinating, and since tight budgets are pretty much a universal challenge for corporate compliance programs, I took plenty of notes.
First, what struck me most was that most of the conversation did not involve specific tactics or “hacks” that compliance officers could use to stretch your dollar a bit further. Most of it was about exerting influence more skillfully — and the more I thought about that, the more I came to believe that’s the wiser course to pursue.
Probably every compliance officer has heard of the push-versus-pull dilemma: you either push your way into a business unit to talk about compliance needs; or those business units pull you into their department of their own volition, to seek your compliance advice before they undertake some project. Obviously the latter is the better state of affairs, because it implies that the business units have a better appreciation of the value that compliance programs can bring.
Well, think about that. The hacks that stretch your budget dollars further are really more about you pushing your way into the enterprise more efficiently. That’s good, but it’s nowhere near as valuable a use of your time as exerting influence to convince the rest of the enterprise to pull you in.
Why? Because once those business units start pulling you into their operations, your budget problems become much easier to solve.
Think about it: How much does it cost for you to answer a phone call from a VP or divisional head somewhere who wants to solicit your advice? A lot less than you scheduling a mandatory compliance training session for that unit, and far less than you launching an investigation because an incident happened there.
So budget-stretching hacks do have their place in the compliance officer’s toolkit; they can be valuable tactics to help you get the job done within the budget constraints you have. But the hacks are only tactics. Exerting influence is a strategy to bend the enterprise toward your compliance objectives, and that should always be the priority.
Ideas for Using Other People
Our webinar participants also talked a lot about how compliance officers can use other people to further your compliance objectives. For example…
Compliance ambassadors. This idea — recruiting people in other business departments or overseas offices to act as advocates for compliance — is not new, although I was surprised at how many webinar attendees said they’re still in the formative stages of launching an ambassador program.
Ambassadors can be a great way to extend the compliance program’s reach and to strengthen the culture of compliance. Compliance officers should, however, think carefully about what you want your ambassadors to do. For example, under some circumstances ambassadors could help with training, especially in far-flung offices you can’t easily reach. Or ambassadors could help you with risk assessments, since they’re closer to the local risks than you are. In theory they could even help with investigations, if the ambassador is trained in investigations (and ideally attached to a legal team).
Compliance enthusiasts have preached the benefits of ambassador programs for years. It’s just prudent to consider how you might put ambassadors to their best use, since that will deliver the most benefit to your budget.
Interns. Here, I don’t just mean undergraduate interns still learning how to run a spreadsheet analysis and avoid looking hungover at work. Compliance officers should also build relationships with local law schools. Plenty offer courses in risk and compliance; perhaps those students are looking for a summer internship. You could also ask your legal team whether they have any law school interns who want to try their hand at compliance.
Some schools even have dedicated “compliance clinics” for their students and look for projects those students can tackle. For example, Boston University Law School runs a compliance policy clinic that includes fieldwork with private-sector companies. (Disclosure: I went to BU as an undergraduate. Never did learn how to avoid looking hungover at work.)
Other business functions. One great tip came from a webinar listener: just ask other business functions, “What are you already doing for compliance?”
The listener put that question to her company’s learning and development team, who promptly answered, “Oh, we have a boatload of courses on compliance sitting on the shelf! They came with the package we bought. You want them?” I don’t know how much that stretched her budget, but every bit helps.
Setting Budget Priorities
Ultimately making your budget work is about deciding where to put limited resources to achieve maximum effect. So the question really is about how to decide your compliance program priorities. How does one make those decisions?
You could start by reading your last risk assessment to see what your company’s biggest compliance risks are. You could also study where regulators are focusing their attention, and make your investments based on that.
Neither of those approaches is wrong. Both, however, start by looking outside your compliance program. You could take a different approach and start by looking inside, at the program itself, at its various strengths and weaknesses.
For example, you could start by looking at the gaps in your program, and investing in those areas where your program is weak; that’s sensible enough. Or you could approach from the opposite direction, looking at your compliance program’s competencies.
That is, you could say, “We know we’re good at these specific things here” — and then decide whether it’s more advantageous to become even better at those things, or to move to other program elements that still need help.
The goal here is to develop a list of priorities that makes sense for your organization. For example, some companies might spend all their time and money on training, because they have high employee turnover. Others might spend their time and money on data analytics because they have high transaction volume. For others it might make the most sense to invest in executive communications, perhaps because they work from only a few locations and are relatively small.
It’s all about telling a compelling story — a story about why your program is the way it is, and does what it does. Telling a compelling story is how you get the board and management team to approve the budget you want. It’s also how you get regulators to give you a more favorable settlement. Your compliance program doesn’t need to be perfect; it just needs to make the most sense for the risks you face and the resources you have.