It is no secret that key regulators such as the ACCC, APRA, ASIC and Privacy Commission have over recent years placed more and more emphasis on legal compliance systems. But how are Australian organisations handling the growing scrutiny? Mark Phillips reports
Often considered more of a burden than a benefit, effective internal control is showing itself to have a direct, positive influence on business performance. Regardless, many still claim that the simultaneous impact of multiple compliance obligations has meant boards and management need to focus on it to the extent that, in many cases, they are diverted from their strategic roles.
Meanwhile, others point to "compliance fatigue" or a kind of "compliance myopia" which prevents them seeing beyond their immediate need - complying with regulation - to a wider opportunity, which is using the investment in compliance to deliver strategic benefits. Others warn that excessive regulation is potentially fostering a risk-averse attitude to business - that while Australia seeks to be a "smart nation", the ever-increasing volume of governance reforms and obligations may result in corporate Australia avoiding risk and stifling the very innovation upon which a smart nation is built.
It is an issue that engenders widely different attitudes in a diverse range of sectors. SMEs, for example, have been particularly vocal about the cost and time requirements of compliance. Two of the most recognisable players in the compliance profession, David Lawrence and John de Groot, give their view of on the situation.
How would you compare the overall effectiveness of compliance procedures in Australia against those in place in other developed countries?
John de Groot, Australasian Compliance Institute (ACI) board member and risk and internal audit manager, Sydney Water: Clearly Sarbanes Oxley and the Committee of Sponsoring Organisations of the Treadway Commission (COSO) have failed to ensure compliance in major financial companies in the US. The sub-prime mortgage crisis meltdown there can only have occurred because of the ineffectiveness of compliance procedures in those companies. Australian firms have been less vulnerable because, on the whole, our regulators, such as APRA, have instituted effective compliance controls for the financial services sector.
David Lawrence, ACI president and general manager Participants, ASX: Well advanced, if not in front. This is because Australia has moved beyond a prescriptive and checklist-based approach. The more aware firms have moved to an integrated behavioural approach to compliance.
What are the key issues to have emerged with regards to corporate compliance over the last 12 months and what lies ahead?
John de Groot: In the water industry the key emerging issues for compliance revolve around the shortage of water, which makes it a very valuable commodity and, therefore, more attractive to steal. In the past 12 months we have seen more than 200 non-compliance issues reported to regulators - but not one successful prosecution has followed those reports.
David Lawrence: Sustainability is one of the key issues and it manifests in a number of ways. Most topical is the issue of environmental sustainability and compliance. Carbon-related compliance is the most obvious and will continue to be a key focus looking forward.
For those in sectors relying on commission-based remuneration - especially financial services - a key compliance issue will be the potential for behavioural change by individuals facing deteriorating remuneration. There is potential for increased aberrant behaviour to offset this change in circumstances.
Generally, in any sector, if the economy continues to contract, business will increasingly be unable to absorb the costs of significant compliance failures, hence prevention will become an increasingly important element of a defensive strategy.
It has been said that excessive regulation is hampering Australian business as a whole and small-to-medium-size companies in particular. What are your views on this?
John de Groot: Australian business has never been more regulated than it is today and, as such, businesses are forced to devote more resources to simply continuing their core business objectives. Innovation is becoming less and less cost-effective as the regulatory burden rises.
SMEs are subject to the same level of regulatory control as the "big boys" but do not have the same resources to throw at building effective compliance frameworks, and, therefore, little opportunity to innovate. Regulators also need to have staff who are well versed in the complexities of compliance so they are able to quantify the likely cost effect of imposing new regulatory burdens on business.
David Lawrence: The level and nature of regulation is a matter for politicians. The extent to which regulation can be readily implemented - which directly impacts on the cost of compliance - is a matter for the legislators and, to the extent they set regulation or standards, the regulatory agencies.
The position of ACI is that we seek to reduce the burden by promoting practical regulation, thereby achieving the legislators' objectives but reducing the cost to industry.
Has the cost of compliance obligations peaked or is it continuing to increase?
John De Groot: The cost of compliance is continuing to rise as regulation seeks to respond to each new financial crisis.
David Lawrence: Twelve months ago I would have said it had peaked. However, as financial crises and failings inevitably lead to regulatory soul-searching, I am sorry to say I expect a new round of regulatory responses over the next 12 to 24 months.
Are some organisations in danger of being overwhelmed by ever-expanding regulatory requirements and, if so, what do they need to do about it?
John de Groot: The answer is yes, but I am not sure what they can do about it because the organisations have no control over the requirements. Perhaps what is needed is more of a cultural change so that both the regulators and the regulated embrace a culture of proactive voluntary compliance rather than always needing to react to the tightening grip of new regulation.
David Lawrence: No doubt some are. Some tend to see compliance as a bolt-on rather than integrating it into standard operating procedures. This only adds to costs and the perception of being overwhelmed.
How can organisations best deal with the acute talent shortage of experienced compliance professionals?
John de Groot: Compliance professionals over the past 10 years have simply evolved from other professions - legal, CPAs, auditors and so on. What we need going forward is legal recognition of the compliance profession that is underpinned by appropriate and recognised academic training so that younger people can enter a profession which is respected and presents a solid and rewarding career path.
David Lawrence: Seek out an ACI-accredited compliance professional or train existing staff in quality compliance practices through ACI.
- Mark Phillips