Scandals. Fines. Show trials. These days, just doing business can appear almost criminal. While government-imposed regulation can soothe the public’s ire, it can also create burdensome costs and competitive disadvantages. To survive, businesses must perform reputational due diligence and create self-policing organizational cultures.
The increased incidence of and reporting on global fraud and corruption in business has given rise to two dangerous myths about the cause and cure of business amorality.
The first is the growing public perception that greed is the foundation of all business. In the quest for profit, so the argument goes, companies inevitably will make unethical decisions that serve the bottom line at the expense of society. The proof for this proposition includes everything from layoffs to financial fraud. These, among other unpopular business actions, fuel the public’s belief that the phrase business integrity is an oxymoron.
Herein lies the first misunderstanding. The public doesn’t differentiate between business practices that clearly are unethical and those that are simply unpopular. For example, although layoffs can have a significant and often negative impact on people’s lives, such actions aren’t unscrupulous. Closing a factory or cutting back on unprofitable activities often is necessary for a business to survive or thrive. Fraud and corruption, on the other hand, undeniably are wrong. If companies fail to stamp out these practices, the public will clamor for — and likely get — more stringent levels of regulation that ultimately can constrain a business’ ability to compete.
The second myth is expressed in an idealized vision of globalization — increasing global connectedness eventually will foster a pervasive global standard of business conduct. For example, the immense complexity of efforts such as harmonizing U.S. Generally Accepted Accounting Principles with International Financial Reporting Standards is considered an unavoidable step along the way toward a global standard. In addition, emerging markets are grappling with stronger local anti-corruption legislation and are conducting aggressive enforcement actions.
However, arriving at a universal standard likely is wishful thinking. All the world’s cultures may never want to or even be able to adopt a universal business ethic. For instance, the giving of an expensive gift to an executive of a company to win its business may be forbidden in New York but is considered a de rigueur gesture of civility and commitment in Shanghai. The roots of this difference go further than regulations and legalities. This business practice reaches deep into culture, and, while laws can be altered easily, long-held cultural norms are famously resistant to change.
But a more potent force for improving business conduct lies in the fact that fraud and corruption can permanently damage a company’s reputation — or even destroy it. And the harm affects all related businesses, tarring them with the same brush. Wall Street, for instance, has become almost synonymous with unfettered greed, and although the damage that that perception has wrought may be hard to quantify, it would be willfully blind to deny the existence of such defamation. Customer trust is important to businesses, especially to those in the financial sector. Without trust, doubt surely enters the minds of potential clients and investors. To increase public confidence in business integrity, companies need to identify and eradicate the fruits of greed: fraud and corruption.
To enhance confidence, businesses should rely less on the hard power of investigations and punishments and boost soft power initiatives that foster transparent self-policing that can lead to the restoration of public trust. If this is not done, companies may face the untenable combination of public disapprobation and potentially profit- choking regulatory demands.
Regulation: an Answer with a Burden
Capital and regulations are allergic to each other. Financial capital will flow more readily to markets that provide the greatest security with the least amount of regulation. The more a country controls its markets, the greater the odds it will lose business to countries that impose fewer regulatory demands.
This is not to say that regulations aren’t needed. They set the standards and define the rules of the game for all players. However, regulations become burdensome when they go beyond defining rules to monitoring how businesses play by the rules. Publicly traded companies in the United States, for example, must spend millions to comply with regulations. Those millions don’t come easily to small- and mid- cap companies. Similarly sized firms in less regulated markets have a distinct competitive advantage.
But regulations keep coming. Starting in 2014, for example, the Foreign Account Tax Compliance Act in the United States will go into effect. An attempt to curb tax evasion, the act shifts the burden of proof from regulators to foreign financial institutions. These organizations will have to provide the U.S. Internal Revenue Service (IRS) with information about their U.S. customers. If financial institutions fail to do so, the IRS will withhold 30 percent of customer wire transfers. Small and mid- size banks that can’t meet the regulatory demand could lose many of their customers — which could spell the demise of some of these banks.
Businesses should take heed. The costs of regulatory compliance eventually may far exceed the costs of self-policing.
Social Media — the New Regulator
Even the most stringent regulations don’t stop people from finding ways around the rules. Social media, on the other hand, is becoming a powerful policeman. In effect, social media is democratizing the regulatory role by disseminating reports of corruption, graft and other unethical practices almost instantaneously around the globe. With 24/7 interconnectedness, news of an esoteric issue in Kazakhstan, for instance, can spread as quickly as a public indictment in Chicago.
Walmart discovered this the hard way when, in 2012, The New York Times broke the story of Walmart’s alleged efforts to cover up bribery in Mexico . What may have disappeared quickly if the company had addressed the problem head on became fodder for millions of blog posts and tweets. Social media gave Walmart a black eye.
Facing the pressures from social media, some companies are boosting the transparency of their compliance efforts and are publicly sharing what has been learned from stumbles. Compare the collapse of Arthur Andersen with the survival of Siemens.
Long before the Enron scandal emerged, Arthur Andersen was defending its accounting practices. Practically to the end, Andersen swore that it had looked but had discovered no wrongdoing. At the same time, the firm was hiring lawyers to prepare its defense. In 2002, Andersen was charged with criminal conduct. The firm lost the trust of its clients and folded in just a few months.
In 2006, 30 offices of the German conglomerate Siemens were raided on suspicion of bribery, embezzlement and tax evasion. Unlike Andersen, however, Siemens admitted its guilt and acknowledged the failure of its internal controls. By so doing, the company has managed to survive and continues to be on a path to regaining the trust of its stakeholders and the public. Just as important, Siemens publicized the idea that it learned from its mistakes and shared its considerable efforts to improve the company’s control systems.
Soft Power on the Front Line of Defense
As a consultant for more than 20 years, I have been the hard power line of defense — going to companies to conduct audits and investigations. It may seem surprising that I’m advocating soft power as the stronger deterrent. Hard power tactics serve their purpose but only after an act of fraud or corruption has been committed. To implement effective front lines of defense, companies need to build soft power techniques that foster a self-policing culture. Entities can build that atmosphere by focusing on talent, conducting reputational due diligence and establishing a whistleblower program.
The Talent Dimension
When hiring, companies usually concentrate solely on the technical skills needed. But every executive currently behind bars presumably possessed those skills. Businesses would be wise to add another dimension to the talent equation and the hiring process: knowledge and acceptance of the laws, cultural norms and ethical standards of the regions in which candidates will be working.
For example, if a company is based in the United States and conducts business in Mexico, the company still is responsible for following the U.S. Foreign Corrupt Practices Act. When hiring to staff Mexican offices, a company should make sure those employees are thoroughly familiar with the laws in the United States. By the same token, Americans engaged to work in Mexico must understand its standards and know how to manage and reconcile those regulations with U.S. expectations.
Companies also should rethink the allocation of their compliance talent. Most assign the vast majority of compliance resources to regions where regulatory demands are the highest — usually the United States and Europe. But due to cultural norms and the transparency of the rules governing business, the risks in these regions actually are much lower than in other parts of the world. One U.S. bank, for example, has some 500 compliance officers based in the United States and five in Mexico. With this vast disparity in the division of labor, the chance of uncovering money laundering, frauds and/or bribes where the risks are highest is unlikely.
Reputational Due Diligence
The 1970 Bank Secrecy Act and 2001 USA Patriot Act require that companies know who their customers are and what they are doing. Businesses are held accountable for their customers’ actions in addition to a company’s own activities. To protect a reputation, companies should conduct due diligence across their value chain, vetting everyone to whom they are connected — from suppliers to clients — in all the markets in which the company operates.
Reputational due diligence should be a central corporate process that goes far beyond examining legal structures and financial statements. The process should investigate every aspect of potential partners and acquisition targets in order to assess the risk of doing business with these parties.
In many cases, companies investigate more than the financials. However, organizations often fail to ask why an ethical issue occurred or if corrective measures have been put in place to make sure the incident doesn’t happen again. For instance, reputational due diligence would look at the source of funding for a new company. It also would scrutinize the company’s client base and examine how the firm acquires its customers. Does the company rely heavily on a few government customers? Does it thoroughly account for petty cash? Ultimately, a reputational due diligence assesses the culture. Does the company have documented standards of ethics and compliance? Do employees know and understand these standards?
Blowing the Whistle
According to a 2010 report by the Association of Certified Fraud Examiners, most frauds are discovered through insider tips. A whistleblower program is a critical part of any internal control effort. Even the best compliance program can’t prevent every attempt at fraud and misconduct. Companies must provide a means for employees to safely report — anonymously or otherwise — any unethical behavior to which they are privy. Companies cannot be a fig leaf behind which whistleblowers are ostracized or otherwise punished.
The goal is not to create a company culture of snitching. A strong whistleblower program is essential to a culture of compliance and ethical behavior. To protect that culture, whistleblowers must be held accountable for misinformation as well. Incorrectly reporting fraud can harm a company. To be effective, a whistleblower program requires employee support, proper management, oversight and training.
When a business scandal erupts, the public will clamor for more government oversight. Although regulations may help calm the waters of public opinion, as was the case after the 2008 financial crisis, there is scant evidence of real long-term effectiveness. The stakes are high. Regulatory compliance is costly and can erode a company’s ability to compete. To protect a company’s own reputation and the reputation of business in general, companies must assume responsibility for stamping out corruption in their own organization. The efforts taken will be far more rewarding than the alternative.
© Copyright 2014. The views expressed in this article are those of the authors and not necessarily those of FTI Consulting, Inc., or its other professionals.