Compliance programs require a team effort.
"What I see thematically is, all these folks -- in-house GCs, CCOs, CFOs -- they know what they know and are afraid of what they don't know."
These are the words of Todd Cipperman, founding principal of Cipperman Compliance Services, a company that offers regulatory advice. Cipperman has two decades of experience in the financial services industry and has a unique perspective on regulatory and compliance issues.
What he sees are individuals who touch the industry on a daily basis, and that is where Cipperman and company start when working with compliance departments. It's important to consider the best practices within the particular industry while taking into account a broad scope of other information, like regulations set down by the Securities and Exchange Commission (SEC). "The GC is trying to move business along, relying on people like us," says Cipperman. "They're great at what they do, but they have a blind spot, so we can come in and check."
One danger that Cipperman sees in the compliance space is a tug-of-war. Most often, he sees general counsel as hardcore lawyers who don't want to oversee compliance, though they know it has to be done. They tend to view it as something they aren't directly responsible for, but rather an operational task that needs completion. They have an understanding of transactional details and litigation but not compliance support and testing, and are leery about compliance departments reporting elsewhere.
Frequently, the GC will bring in someone for the compliance team that might not have a legal background. Likewise, the board may view compliance as a function outside of the legal team's purview, something more akin to operations, and they want to hear a direct report from the compliance department. This is the origin of that tug-of-war between legal, operations, compliance and the board.
The secret to compliance, Cipperman says, is in the compliance program. "You can get in trouble not from a violation, but because compliance is not done properly. You didn't do testing or file forms. There is a technical aspect that frustrates people," he explains. Companies may not want to do it, but they have to. He likens it to people's reaction to the weather. "You may not like that it is snowing out. You can yell about it and hope it doesn't. But all you can really do is wear the right clothing."
The companies that Cipperman works with have dealings with the SEC, are concerned about issues like bribery, money laundering and more. They know that, even if a penalty is not a company killer, it can be a career killer if something goes wrong on your watch. These companies are also concerned with reputation management and ethics, especially as related to risk management. They typically come to Cipperman not because of a bad regulatory event, but rather as a way to deal with the pain of compliance, having gone through several chief compliance officers or major changes in their compliance programs.
It all comes down to dollars, of course, and companies need to accept that compliance is going to cost money. Cipperman states that firms in the investment management space should spend 7 percent of their operating cost on compliance, and those that do not are "kidding themselves." Once they accept this fact, it's a matter of taking compliance seriously and instituting best practices. Then and only then, will the compliance war be won.
For more on this topic, check out the following: Mead Johnson investigating potential FCPA violations Compliance: Realistic regulatory reform -- then what? Compliance: Cigna v. Amara and how ERISA summary plan descriptions have changed