Open Password -  Freitag,

13. Juli 2018


# 401


Compliance – Compliance as an investment – Reputation – Jim Lord – Dow Jones – Aite Group – Walmart – Foreign Corrupt Practises Act – Risks – Public Opinion – Culture of strong compliance – Stakeholders – Regulators – Third party risks - PwC - Social Media - Facebook - Vertrauen - Werner Ballhaus - Online-Werbung - Datenschutzbewusstsein

 

International Corner

Compliance as an investment,
not a cost

Why investing in compliance
builds stronger reputations

An exclusive contribution by Jim Lord, Dow Jones

The synopsis:

• Compliance spending should be considered an investment, not a cost.

• Evaluating third party risk in an ever inter-connected business environment threatens to be a commercial Achilles heel.

• Compliance and being compliant as an organisation is essentially licence for a company to continue trading successfully.

• Having a robust compliance internal system is not enough - it has to be culture drive and this takes time and effort.

• Come audit time, evidence of a long term culture of compliance and die diligence will help to avoid nasty surprises.

With a number of compliance failures recently making the headlines, it is hard to overlook the importance of risk and compliance for companies. As argued in this white paper, companies that fail to adequately manage risk, can face severe damage to their revenues and reputations[1]. Given that 68 percent of compliance professionals at financial companies worldwide consider protecting their company’s reputation as their top job, according to a recent Aite Group survey, spending on compliance should be seen as an investment, rather than a cost.

______________________________________________________________________

Risk versus reward

________________________________________________________________________

Dealing with the consequences of lapses in risk and compliance costs companies far more than spending the money to prevent problems from occurring in the first instance. Organizations that suffer damages to their reputations as a result of weak compliance often see at least a short term decline in business and drops in their share prices. Walmart is a case in point. The retailer’s stock prices fell by 4.6 percent shortly after allegations that it had violated of the Foreign Corrupt Practises Act emerged in 2012. Although harm to reputation likely can be restored and mitigated if a company takes effective steps to address the problem publicly, the significant financial costs required to remediate the problem cannot be recovered. According to people familiar with the federal investigation into Walmart, by 2017, the company had spent over $820 million.

Investing in good quality compliance programs can prevent reputational damage and the financial and time-related costs associated with dealing with them. Unfortunately, however, some companies are reluctant to invest the resources they should until a problem arises that damages their reputation. Rather than investing time and resources in firefighting, organizations would be better served by spending on preventative measures necessary to sustain a robust compliance program. For example, for a minimal investment, companies can engage in a risk-based approach in vetting their third parties and then implement appropriate measures to mitigate the risk they pose. 

[1] Risk & Compliance, RANE (2017). How strong compliance can produce positive reputation. [online] Available at https://www.dowjones.com/insight/how-strong-compliance-can-produce-positive-reputation/

 

_______________________________________________________________________

Compliance is essentially license for a company to continue trading successfully.

________________________________________________________________________

As outlined above, there are financial, time-sensitive and reputational reasons related to why organizations should comply with regulations and adequately protect themselves and their customers against risks. By adhering to regulatory guidance on compliance and implementing best practices, companies can avoid scrutiny not only by regulators, but also the public. This is largely because investors often judge businesses similarly to how the public views them.

________________________________________________________________________

The culture factor

________________________________________________________________________

Just having a compliance internal system in place, however, is not enough. Regulators give no credit to companies for simply having a “paper program” that isn’t real. Given that complying with legally binding rules is the minimum that investors and clients expect from businesses, organizations must go beyond compliance systems and instill a culture of strong compliance. Such a culture can be harnessed if organizations focus on following the correct processes, and not focusing solely on results. While outcomes are important, to build a strong compliance culture, companies should focus on the quality of their compliance programs. Ensuring a culture of compliance from top to bottom (including in the middle) can yield positive results for companies. Such steps are likely to resonate well internally and externally.

One can tell the difference between a company that invests in compliance and an organization that merely has a paper program and pretends to be compliant. A high-quality compliance program can convince stakeholders that compliance is a priority for a company. When a business has a strong reputation for compliance, stakeholders are likely to see minor compliance failures as mistakes by an otherwise responsible company — the exception rather than the rule. If an investor sees a company that conveys the message that they’re doing things ethically and legally, that can send strong signals that it is company worth investing in.

Companies with a strong compliance culture will often make their compliance policies public. For example, they may publish their policies and communications from the CEO to employees about compliance to demonstrate that compliance is a top priority.

________________________________________________________________________

Should a regulator knock on the door, having a documented long-term culture of compliance will help.

________________________________________________________________________

If a regulator knocks on a company’s door, the regulator will examine the company’s compliance program. Having a good reputation and evidence of long-term commitment to compliance, can stand companies in good stead. In the event of a violation, regulators are more likely to conclude that the violation may have been the action of a rogue employee or third party rather than the result of an organization’s misaligned priorities. A robust compliance program also enables companies to stay on the front foot, ready to spot risks and remediate them before they become issues.
________________________________________________________________________

Evaluating third party risk in an ever inter-connected business environment threatens to be a commercial Achilles heel.
________________________________________________________________________

Finally, evaluating third party risk is crucial. Given the increasingly interconnected nature of business, failure to evaluate third party risks can present a commercial Achilles heel for businesses. As the adage goes, ignorance is not bliss. Companies that fail to assess and act upon threats from third parties will likely find themselves with a crisis on their hands, whether it be anti-corruption, anti-money laundering, anti-human trafficking, or data security related. Just in the area of FCPA Compliance, over 80% of enforcement actions arise out of misconduct by third-parties rather than a company’s own employees. And according to a 2017 Ponemon Institute survey, 56% or executives admitted that their business had suffered a data breach caused by a third party.

In today’s era of fast news and connected business, it has never been more important for companies to invest in compliance. The enormous costs entailed with dealing with a crisis and the damage to reputation far outweigh the cost required to implement a robust and meaningful compliance program. Spending on high quality compliance systems is an investment, not a cost.

Jim Lord is a former DoJ prosecutor who is now consultant for Dow Jones Risk & Compliance.


Provider´s Corner

PwC  

Nutzern ist kostenloses Medienangebot
wichtiger als Datenschutz 

Die Bundesbürger misstrauen den Medien. Das gilt insbesondere für die sozialen Netzwerke. Nur 18 Prozent trauen Facebook. Das belegt die repräsentative Umfrage der Wirtschaftsprüfungs- und Beratungsgesellschaft PwC „Vertrauen in Medien“ unter 1.000 Bundesbürgern. Jeder Vierte hegt generell Misstrauen gegenüber deutschen Medien, in Ostdeutschland ist es sogar jeder Dritte. Der Glaube an den Wahrheitsgehalt in den Medien ist bei einem Drittel der Nutzer in den vergangenen zwei Jahren gesunken. Den größten Verlust verbuchen dabei die sozialen Medien: 39 Prozent schenken Facebook heute weniger Vertrauen als vor zwei Jahren. Bei Twitter sind es 31 Prozent weniger, bei YouTube 29 Prozent. Am besten schneiden öffentlich-rechtliche Sender und Printmedien ab. 

56 Prozent der Bundesbürger nutzen Tages- und Wochenzeitungen als Informationskanal - aber nur 27 Prozent Facebook, Twitter und Co. 54 Prozent derjenigen, die Socia Media für News verwenden, lesen die Beiträge von Zeitungen. "Klassische Medien nutzen Social Media zur Reichweitensteigerung, gerade die Jüngeren erreichen sie nicht mehr vor dem Fernsehgerät und hinter der Tageszeitung", sagt Werner Ballhaus, Leiter des Bereichs Technologie, Medien und Telekommunikation bei PwC Deutschland. "Allerdings gelingt es klassischen Medien nicht, diese gewonnene Reichweite auch zu monetarisieren."

Die Online-Werbeeinnahmen, auch jene von Facebook, Twitter und anderen Netzwerken, steigen zwar kontinuierlich, die klassischen Medien können von diesem Trend aber nur wenig profitieren. "Um Medien kostenlos nutzen zu können, hinterfragen die Nutzer die Verwendung ihrer Daten deutlich weniger als man es aufgrund des gesunkenen Vertrauens erwarten würde", sagt Ballhaus. "Für ein Social-Media-Angebot wollen die meisten Bundesbürger kein Geld ausgeben. Wenn sie die Wahl hätten, würden sie allerdings lieber nicht mit ihren Daten bezahlen, sondern Werbetreibende die Finanzierung übernehmen lassen." 

74 Prozent der Befragten bevorzugen ein soziales Netzwerk, das sich ausschließlich über nicht-personalisierte Werbung finanziert, keine Nutzerdaten verkauft und trotzdem kostenfrei für den Verwender bleibt. Für die Nutzung zu bezahlen, damit keine Daten verkauft werden, findet hingegen weniger Zuspruch. Der Kostenfaktor spielt vor allem für die 18- bis 29-Jährigen eine Rolle - in dieser Altersgruppe sind nur 39 Prozent dafür. Unter den jungen Deutschen sehen 41 Prozent das optimale Geschäftsmodell darin, dass ihre Daten an andere Unternehmen verkauft werden, damit das soziale Netzwerk weiterhin kostenfrei bleiben kann. 44 Prozent der 30- bis 39-Jährigen stimmen dem zu.

________________________________________________________________________  

Nur 8% der Bundesbürger geben den Nutzern eine Mitverantwortung für „Fake News“.

________________________________________________________________________

Die Deutschen bemängeln allerdings das Fehlen von Kontrollmechanismen, die eine Verbreitung von Hass- und Falschmeldungen verhindern. "Aber nicht nur das Thema 'Fake News', auch Datenmissbrauchsskandale haben das Vertrauen der Deutschen in soziale Medien erschüttert", so Ballhaus.

Im Frühjahr gerieten die sozialen Medien in die Schlagzeilen: Facebook hatte die Daten von 87 Millionen Nutzern an die Datenanalysefirma Cambridge Analytica weitergegeben. Die Verantwortung für „Fake News“ schiebt die Hälfte der Befragten den sozialen Netzwerken wie Facebook zu. Nur für acht Prozent tragen die Nutzer eine Mitverantwortung. 30 Prozent halten es für die Aufgabe der Nutzer, Maßnahmen gegen Datenmissbrauch zu ergreifen. 32 Prozent sehen den Gesetzgeber in der Pflicht

._______________________________________________________________________

Nur jeder Zehnte möchte wissen, was mit den eigenen Daten passiert.

_______________________________________________________________________ 44 Prozent der Nutzer haben zwar auf den Cambridge-Analytica-Vorfall reagiert: Aber nur sieben Prozent haben ihr Profil gelöscht, lediglich 18 Prozent ihre Datenschutzeinstellungen überprüft. Bemerkenswert ist, dass vier von zehn Deutschen die Weitergabe ihrer Daten nicht stört, wenn dafür das Angebot kostenlos ist. Und nur jeder Zehnte möchte tatsächlich wissen, was mit den eigenen Daten passiert. 

23 Prozent wollen zumindest sehr sensible persönliche Daten geschützt wissen, neun Prozent nehmen die Weitergabe bewusst in Kauf, um Gratisangebote zu erhalten und acht Prozent möchten wissen, wohin die Daten genau gehen. Ein lockerer Umgang mit den eigenen Daten ist vor allem bei den 18- bis 29-Jährigen erkennbar: In dieser Altersgruppe versuchen nur 35 Prozent die Preisgabe ihrer Daten auf ein Minimum zu beschränken.

Aus dem Archiv

Push-Dienst Archiv 2017 - Alle Beiträge

Direkt per Klick - alle Open Password Ausgaben in einer Gesamtübersicht.

Mehr...

---