Second compliance truth: Organisations need a global compliance framework

A global compliance framework underpins survival for international companies

30 August 2019

When thinking about handling compliance at scale, and where possible, creating a global framework can allow the organisation to grow without limit.

This is the second part of the series 5 truths about global compliance. Read the first part here and download the paper to read the full version. 

In 1956, the cognitive psychologist George A. Miller of Princeton University published a paper called “The Magical Number Seven, Plus or Minus Two.” It became one of the most cited scientific papers of all time. Miller’s idea was that the maximum number of objects a human can keep in short-term memory is seven, plus or minus two. Beyond this, the “working” category of memory struggles to retain the information. The Magic Number therefore can hold true for digits, playing cards, and potentially where golf balls are hit on a driving range.

The Magic Number exemplifies what we know, but beyond a certain degree of complexity we need a formal system to cope.

There is a close parallel with compliance. Above a threshold of complexity an improvised approach will collapse. The mind becomes overloaded and when this happens, errors can creep in. In a multinational organisation with dozens of entities to manage, each unique, the compliance function can be soon reduced to chaos.

When thinking about handling compliance at scale, and where possible, creating a global framework can allow the organisation to grow without limit.

But what is the best way to construct this framework?

“Each company is different,” says Leila Szwarc, Global Head of Compliance and Strategic Regulatory Services at TMF Group. “There’s no one size fits all solution. However, there are universally approved principles that when applied, will ensure the global compliance function would be able to handle all demands thrown at it.”

She mentions that once a company is committed to such a review they should begin their process with an audit to understand where they are. “This may take three to six months,” says Szwarc. Depending on the organisations, some will have an audit lead by internal officers and some by an external party.  “Fresh eyes help,” says Szwarc, to map out the current ways of working and their deficiencies. It will measure the gap between the requirements of each jurisdiction, the degree of compliance and its performance.

Due diligence work must also be done on CoSec information, to ensure harmonisation and accuracy across different sources of data is checked (the company’s statutory records; the internal corporate database; and the public records).

The audit will delineate the chains of communication and action. This will reveal weak links.

Is there a method of guaranteeing the job is done precisely, and in good time?

Only once the gaps are understood a new framework to address proper principles can be drafted. For the likes of these type of organisations, the goal is to create universal processes, as far as possible within the limits of each business. And here is where the challenge lies. The perplexing factor is the sheer number of local variations. For example, 19% of countries have different compliance requirements per jurisdiction (provinces), and 35% of countries have severe penalties for legal administrative non-compliance. A global framework must empower local experts to create their own bespoke system, within a wider template and not lose track of changes in real time.

A high-quality compliance function will have strong communication processes, hard-wired in. Formal methods of notifying relevant parties of their duties, and of changes, must be scripted.

In a dialogue between Szwarc and Chanel M Bradden, Assistant Corporate Secretary of Lockheed Martin, one of the world’s biggest defence contractors, Mrs Bradden commented about their approach: “We have created a distribution group, and if there is a key change, we send an email out and everyone gets it, and then they send it to whoever else needs to get it. There are also SharePoint sites and different types of ways that companies communicate to their employees to get information out. Every company is different, so every company will have to find the best route to take when disseminating that information globally.”

It also helps to work with a single global compliance service provider to supply information and updates, rather than multiple local sources. This improves communication and ensures information flowing across an organisation is reliable.

Meetings play a role in keeping communication strong as Thermo Fisher Scientific, a global life sciences company, discussed earlier on with Szwarc. The framework introduced should recognize the speed of changes. For them, that translates into having bi weekly team meetings to figure out what needs to be done.

Software will help track the status and needs of entities worldwide. The compliance industry is benefiting from competition amongst biggest providers. Major brands include BluePrint OneWorld, CSC, Secretariat, hCue, GEMS, CAS and others. However, our experts agree that software alone simply cannot compensate for an inadequate framework. Why? Partly because many jurisdictions are still paper based.

The challenge doesn’t stop. When a company is dormant obligations carry on, when a company needs to be liquidated, another avalanche of needs flow in. Many organisations forget to formulate policies for terminating an entity, and lifecycle management needs regulating, as there are significant challenges. These include:  limited awareness of local procedures and documents to be submitted to the authorities; the need to appoint a resident liquidator in certain cases, and the need to resolve all missed statutory filings if applicable before proof of dissolution. A systematic dissolution process per jurisdiction can ensure a smooth outcome each time. This is important when a dozen or more entities need dealing with at the same time or within the same year.

Another key challenge is translating documents from local jurisdictions into a standardised format to have a consolidated overview of the compliance health of the company group.  Working with a constellation of different partners across multiple jurisdictions means the information arrives in different formats each time. It’s one reason why multinationals often prefer partnering with a single professional service provider globally that will guarantee standardised documentation and processes, a huge plus.

The best way to implement a global framework is hotly debated. Sometimes a sensitive and gradual method is optimal. For others, a radical approach will do the trick.

In the end, a global framework will still require skilled personnel to manage it. Clear lines of communication from head office to local officers and contractors is vital. “You need one person in your headquarters to be responsible for contacting the outsource partners in each jurisdiction or region,” says Priscila Westerhof-Fittipaldi, Portfolio Director of Corporate Secretarial Services at TMF Group. “Watch out for language difficulties, cultural barriers, etc. It is important for all parties to be able to speak the same language fluently and as much as possible understand the roots of the local culture, to ensure that compliance requirements and consequences for not complying with them are clearly set and understood so they can be properly implemented and executed.”

There’s no perfect system for compliance. Each company will need its own interpretation of these principles. But the golden rule is that head office should always be up-to-date with the status of all entities globally, and aware of any issues.

If errors are frequent, or information absent, it’s a sign that the process is getting weaker, and the framework needs a radical overhaul.

Download the paper: 5 truths about global compliance to learn more

Insights and updates delivered to your inbox.

Sign up now