This is a guest post by Ramsey Kazem, East Coast Vice President at Spark Compliance Consulting. He can be reached at firstname.lastname@example.org.
The year 2020 has been a year like no other. A year that was expected to be one of economic growth and prosperity suddenly and without warning came to a screeching halt due to a once-in-a-lifetime global pandemic. The economy shut down, people were laid-off or furloughed, and a once-promising business outlook turned grim and uncertain.
Companies across all industries have endured the hardships of this new and unforeseen reality. They are confronted with many new challenges. In particular, companies are struggling with how best to absorb declining revenues and lost business opportunities. For many, this means implementing cost-saving measures across the business.
Deciding which budgets to cut and by how much is not an easy task. Companies have competing factions within their organization and each will advocate for an “anywhere but my department” approach to cost-cutting. Some companies will implement across-the-board budget cuts where each department will be asked to cut the same percentage from their respective budgets. Others will target so-called cost centers (i.e. departments within a company that incur costs but do not directly generate revenue) for its cost-cutting measures. Regardless of the approach, the Compliance budget will be squarely in the crosshairs. As such, Compliance must be prepared to speak up and advocate against any proposed cuts to its budget.
Penny Wise, Pound Foolish?
If your company is considering cutting the compliance budget, try to get it to see the long-term implications of such short-term savings. Develop a cost/benefit analysis to demonstrate that a reduction in resources is not justified by the current circumstances. Use the following points to develop your analysis in opposition to the proposed cuts in the budget.
Compliance Risk Has Increased Substantially
While revenues may have declined and business opportunities lost, the health crisis has prompted no corresponding reduction to a company’s compliance risk. In fact, a company’s compliance risk has likely increased for two primary reasons.
First, to meet the realities of the COVID-economy, many companies were forced to implement new and untested processes, override existing procedures, and invent creative solutions to meet unexpected challenges. These new ways of doing business come with new or changed compliance risks that are likely not contemplated or addressed by existing policies, procedures, and controls.
Second, company employees like everyone else were blindsided by the pandemic and its related impact. In the blink of an eye, hours were reduced, sales goals became unrealistic, and performance bonuses became unattainable. As a consequence, employees face new personal and professional pressures to make up for these lost opportunities and improve their performance. These types of pressures create a business environment that is ripe for compliance-related misconduct.
The above-described business realities will require more – and not less – compliance reviews, assessments, and monitoring.
Your Existing Compliance Plan Will Come Back to Haunt You.
A company’s pre-cost cutting compliance budget, plan, and assessment could come back to haunt it in the event of a compliance failure. These existing plans will detail the company’s known compliance risk and provide a roadmap of what it should have been doing to manage these risks. To the extent a compliance failure can be tied to something the company planned to do but decided to cut, the company will have few, if any, defenses and may be exposed to greater penalties. That is, an enforcement agency will not offer the company any mitigation credit or leniency in assessing a penalty given that the company knowingly assumed the risk of the violation in cutting its compliance budget. This is especially true where a company’s risk exposure increased due to the current business realities.
What COVID-related Justifications?
In the coming months and years, the world will move beyond the pandemic – and, as it does, perspectives will change. Business decisions that can be justified in the name of COVID today, will not likely pass muster tomorrow. This is problematic for any company that decides to cut its compliance budget due to COVID-related challenges. Compliance failures related to these cost-cutting measures will not emerge or be subject to an enforcement action until months and years in the future. As such, these budget cuts will have to be explained in a post-COVID world when there will be less tolerance and forgiveness of the short-sighted and haphazard decisions triggered by the pandemic.
How Do the Compliance Budget Cuts Compare to Other Budget Cuts?
A company’s cuts to the compliance budget will be compared to the cost-cutting measures implemented in other departments or functions. Where else in the business were the budgets cut? What department or functions were spared these hardships? How was executive compensation and bonuses impacted by these cost-cutting measures? A company must have rational and reasoned answers to these and similar questions. Moreover, a company must be able to show that its compliance-related budget cuts were reasonable and proportionate to the cost-cutting measures implemented across the business.
By using the talking points above, you can help your company recognize that the short-term benefits of cuts to the Compliance budget are outweighed by the potential longer-term challenges. Even if you can’t save the whole budget, at least try to limit the amount of the budget cuts to that which is reasonable, proportionate, and consistent with the analysis.
If You Must Cut the Compliance Budget
If cuts to the compliance budget become necessary, develop a well-thought-out strategy to implement them. Remember there may be a day where the company will be called upon to justify and explain how and why the specific cuts were decided. If you must move forward with this process, consider the following:
Employ a Risk-Based Approach
Just as you are expected to take a risk-based approach in resource allocation decisions,
you should undertake a similar approach to cost-cutting decisions. That is, lower-ranked compliance risk areas should be prioritized in cost-cutting decisions. This is not to say that all the cuts should be targeted at the lower-ranked risk areas, only. A risk area is typically low risk, in part, because it is well managed by the company. If too many resources are cut, this low-risk area can easily become a medium or high risk to the company. Accordingly, you must carefully assess how proposed cuts alter the company’s existing compliance risk profile (i.e., by specific risk area and overall compliance risk) and ensure its cost-cutting strategy maintains the overall balance between the risk areas.
Streamline or Combine Processes
A silver lining in any cost-cutting exercise is that it forces you to evaluate the existing processes to make them more efficient. To that end, you should cut the “fat” by identifying any duplicative, inefficient, or unnecessary processes. Do you really need a belt and suspenders? Or will just a belt suffice? Likewise, you should look for opportunities where multiple processes can be combined into a single one-stop solution for multiple risk areas. The benefit of these types of cost-cutting measures is they generally do not alter a company’s overall compliance risk.
Keep the Momentum but Slow the Pace
Compliance departments typically develop annual and multi-year plans for implementing compliance program improvements. As part of its cost-cutting strategy, you should review these plans and identify initiatives that can be delayed or stretched over a longer implementation period. This may provide the necessary cost-savings without “cutting” needed program improvements. The improvements will still be implemented but just at a slower pace.
As with most things in compliance, all compliance-related cost-cutting decisions must be documented. Having a contemporaneous account of how and why a specific cost-cutting measure was decided could prove valuable if, and when, a company is called upon to explain its decision. The documented decision should record the following:
a description of the cut and amount
the risk-based basis for the decision and whether the proposed cut materially alters the risk-ranking of the targeted area
any new or changed risk mitigation or controls implemented to dull the impact of the cut
Documentation of the decision at the time it was made will provide persuasive support that the decision was thought-out and reasonable.
Compliance budgets are in the crosshairs of cost-cutting measures designed to meet a company’s COVID-related economic challenges. Before such cost-cutting measures are implemented, try to convince your company to carefully consider whether these short-term savings are justified given the potential longer-term challenges to the company. Moreover, if the budget cuts are indeed justified and necessary, you should develop a well-thought-out implementation strategy that is risk-based, considers opportunities to streamline or combine existing processes, delays but does not cancel necessary improvements to the program, and is well documented.