Knowledge

Compliance (II): Is It All About Reporting?

For some people, all the buzz about compliance actually comes down to two basic facts. First, internal and external supervisory bodies require a lot of reports. Second, really bad things can happen to your company – and to you -  if you fail to deliver these reports.  (Most of the time, this supervisory body is a stock exchange authority, in particular the NYSE since the Sarbanes Oxley Act was passed. But, sometimes, compliance is about reports to other bodies.) Anyway, for these people, compliance is all about filling reports. The problem is that the people in charge of producing the reports (for example, in-house lawyers) need information from others who couldn’t care less (for example, business managers).

Compliance management become then just a sophisticated word to name the daily struggle to get that information, and to get it in time. And magic happens when, on top of that, the information is reliable, accurate, and complete.

In this 100% reporting perspective on compliance, compliance management starts by drawing the list of reports that the company must fill. You always start the list with reports to external bodies (because you can always negotiate with colleagues, but hardly with external supervisors), and you always start with reports that matter to shareholders, because nothing pisses more your CEO than when shareholders are pissed off. This is why reports to stock exchange authorities always come on top of the list.

But then, is compliance just about reporting? Getting the reports right does not necessarily imply that you get actual compliance. How do you manage the gap between what's stated in the reports and real life? And can you get compliance without a reporting bureaucracy? What about compliance as a value, as an individual responsibility, as a state of mind?

Antoine Henry de Frahan | 11 August 2007 |