Company governance in the era of compliance: how to see, what to do

The cost of compliance is expensive, but whether the compliance is effective but failed to be supported by empirical research.

Author: Miao Yinzhi

Figure: Tuwa Creative

Guide

One || Compliance has become a must -have content for modern company governance. In addition to requiring increased personnel, establishing a supervision system, and adding compliance training, government departments are "teaching" how the company arranges internal business processes, including closing a specific business line.

一 || In practice, whether a company should engage in compliance or whether to implement specific compliance, it is not completely calculated by the board of directors.

Three || In the operation of modern companies, directors have the obligation to properly operate the company. But directors will also be protected by "business judgment rules". Directors made Gaobi or unspoken business judgments and were not reviewed by the Judicial institutions after the incident.

The cost of compliance is expensive, but whether the compliance is effective but failed to be supported by empirical research.

In the face of the deficiencies of the current compliance system, Professor Griffith has advocated two compliance reform paths, which is also the way to reshape the authority of the board of directors in compliance matters.

As a hot spot in the current global company governance, the compliance has changed from the general "observance of the rules" to an important condition for the company's exemption of legal responsibilities, including criminal responsibility, so it is necessary to cause corporate operators, legislators, law enforcement, and law enforcement. The attention of judiciary.

Compliant with its own political and correct taste, who can oppose compliance, oppose monitoring and prevent violations of laws and regulations? No one can.

However, in the business world that talks about cost -effective, whether it is making money or compliance, it should talk about benefits. This is not to say that enterprises can violate the rules in order to save costs, but to say that they should talk about methods and methods. They cannot ignore the over -burden that law enforcement may cause the enterprise when applying a compliance plan.

Moreover, in the universal meaning rather than the individual sense, the burden of excessive corporate compliance is often caused by the lack of the level of rule of law. In this sense, this issue is not only worthy of the attention of the business community, but also the attention of the legal community.

my country ’s enterprise compliance is in the ascendant, and there are relatively few related reflection research. This article is mainly based on the long paper "Company Governance of the Compliance Era" by Professor Grififith (formerly published in WM Law Review. There are more than 50,000 words in Chinese translations. Participate in the editor of this article) to explore this topic.

The problems in this way can be said that all countries will exist in the implementation of compliance, and for countries with weak the level of rule of law, related disadvantages will naturally be more serious.

New company governance

As we all know, compliance is often reflected in the required company to have special personnel or even special departments to be responsible for compliance. In many companies, the compliance departments have been handled together with the traditional legal department, and the chief compliance officer is ranked among senior managers.

In some large companies, there are thousands of compliance personnel. In high -risk industries such as finance and pharmaceuticals, the number and proportion of compliance personnel are also higher.

As early as 2015, due to the failure to get the obligations of anti -money laundering, in order to avoid being prosecuted, HSBC spent billions of dollars for organizational structure adjustment, allowing nearly 10%of the 258,000 employees to engage in risks and compliance Work.

This system practice not only shows the company's internal governance ecology not only in the structure, but also in terms of content.

Compliance has become a must -have content for modern company governance. In addition to requiring increased personnel, establishing a supervision system, and adding compliance training, government departments are "teaching" how the company arranges internal business processes, including closing a specific business line.

Law question

In practice, whether a company should engage in compliance or whether to implement specific compliance, it is not completely calculated by the board of directors.

The changes in the content and architecture of the corporate governance are not only due to the endogenous decision -making of the board of directors, but also not from the requirements of laws and regulations, but the "voluntary" enterprises under the deterrence of administrative institutions. This will bring some legitimacy questions.

The governance requirements of laws and regulations will be tested by stricter legitimacy. Based on the basic spirit of democracy and the rule of law, the makers of laws and regulations need to listen and reflect public opinion. Representatives of the interests of all parties also have channels to express their opinions on legislation.

For example, in December last year, the Standing Committee of the National People's Congress conducted the first formal review of the "Corporate Law" amendment of the Corporation, and publicly solicited opinions from the society. All circles have also expressed this (see "What kind of shareholders we need", January 24, 2022 Japanese edition articles). However, so far, company laws of various countries have not put forward specific requirements for compliance. After all, compliance involves quite detailed technical issues.

Even if the compliance requirements are proposed by administrative regulations, administrative agencies need to follow a certain process, including analyzing cost income, and even setting up the settlement of specific measures to set up sunset, that is, self -active abolition. Administrative regulations and administrative actions are also subject to judicial review.

However, contemporary compliance actually stems from law enforcement. In the early 1990s, the United States' Organization Torture Guide (SGO) preparations for a significant increase in punishment for the company's illegal behavior. As a response, lobbying for American companies and industry associations (such as commercial round tables) requires allowing the company to be risked by a compliance plan to reduce the company's behavior due to individual employees' behavior.

As a result of the compromise between the two sides, the final rule of the "Organization Torture Guide" in 1991 stipulates that if the company implements and maintains an effective compliance project, the government can reduce the punishment. At the same time as carrots, a big stick appears, and the significant improvement of criminal punishment may be waiting for enterprises that do not accept a compliance plan for reconciliation agreement.

This makes the company feel more and more: instead of adventure and liability, it is better to accept compliance requirements to avoid responsibility.

If you consider the cost of the agency between the business operator and the owner, this problem will be even more prominent. It is difficult to blame the operator for losing responsibility, and accepting compliance requirements can also decorate themselves to improve corporate governance.

However, the framework of the compliance plan agreed by the government and business in advance is still blurred.如目前的《指南》的七个要素包括：（1）规则，（2）高层参与和适当授权，（3）雇佣时尽到注意，（4）沟通和培训，（5）监测和测试，（ 6) The consistency of incentive measures, (7) Appropriate remedial measures.

The truly operable compliance requirements still depend on the conditions proposed by the specific cases that are especially in the case of the specific cases that are not enforced or suspended from law enforcement. These specific requirements are generated during the opaque settlement process. As Professor Griffith said, it was concluded under "under the sword of Damocles".

The compulsoryness has not been reduced, but the legitimacy that can originally supports the legitimacy is greatly weakened. At the same time, the third party that may be affected did not have the opportunity to participate in the statement.

At the same time, although specific compliance requirements originated in cases, there will be a tendency to spread. One set of settlement is widely imitated by peer companies, and everyone's compliance characteristics tend to be consistent.

Of course, this is not pure because other companies play their own drama. A survey of Pwa's Yongdao pointed out that when the compliance fails, government investigators usually compare the comparison of the organization's compliance plans with similar companies in terms of scale, complexity, industry, geographical coverage. Those companies that are not comparable to their peers may be punished more severe.

This result can be described as "law enforcement medicine, legislative effect".

Beyond the obligation to be subject to directors

Compliance is not derived from judicial judgments. In the operation of modern companies, directors have the obligation to properly operate the company. But directors will also be protected by "business judgment rules". Directors made Gaobi or unspoken business judgments and were not reviewed by the Judicial institutions after the incident.

The United States' judgment is more obvious to believe that the occurrence of compliance failure does not mean that directors violate the obligations of faith. In the Graham case of an early important jurisprudence, the Supreme Court of Trafa, which holds the US company French Niu Er, clearly stated that there is no clear illegal "Red Flag signal" that is a dangerous signal (such as known illegal risks), and the board of directors has no obligation to set up a joint coincidence Planning or monitoring systems to prevent improper behavior.

Although in the case of Caremark in 1996, the Tellawa Judge Court once believed that the board of directors that did not formulate a valid compliance plan may not be able to perform their supervision duties and believe that the obligations of the trust may ask the company directors to judge the company's information and reports with good faith in good faith. Whether the system is enough to ensure that the board of directors notice appropriate information in time.

However, in the subsequent STONE V. Ritter case in 2006, the Supreme Court of Travo stated that the court would not investigate whether a company's supervision mechanism was objective and fully. On the contrary, the court will restrict the investigation when the board of directors fails to effectively supervise the company, whether there is a intentional illegal plot. Only the board of directors is "complete", that is, 100 % "without implementing any report or information system or control measures" constitutes illegal law. If the company's compliance or supervision plan is only objective or invalid, the court does not consider the directors to have the responsibility.

Even after the financial crisis, the Tellawa Court did not change its position for the financial institutions pointed out by Qianfu.

For example, in the Citi Group case in 2009, the court believes that although the directors' views on monitoring and monitoring business risks are attractive, it is completely different to impose Caremark's responsibilities to directors to supervise the risk of corporate risks. Citi Group's business is to bear and manage investment and other business risks. The supervision responsibility for directors who fail to monitor the risk of "excessive" are equivalent to making the court's assessment of Zhuge Liang's evaluation of Zhuge Liang after the incident.

In the 2011 Gaosheng case, the judgment of the Gaosheng believed that even if the management has the right to adopt legal behavior, even if it is risky, it is not a "red flag signal", which will not make the board of directors pay special attention to illegal acts.

In other words, from the perspective of a neutral judicial person, in the years of litigation games, the court has always recognized the company's power to supervise the system in a more autonomous way. However, the practice of compliance programs in full swing has surpassed the governance requirements proposed by the judicial institutions with the generally compulsory facts.

His governance effect

The cost of compliance is expensive, but whether the compliance is effective but failed to be supported by empirical research.

In a survey made by Deloitte, only the slightly more than half of the chief compliance officer said that the measurement standards used by their organizations allow them to truly understand the effectiveness of compliance functions.

This is estimated to be optimistic. After all, most people think they are higher than the general level before planting.

From a reality, there is currently no recognized standards to measure the effectiveness of compliance. Many compliance measuring criteria are not forward -looking inspections "influences", but just looking back at the tracking "activities", including training "punch cards" and other forms of activities. It is not difficult for compliance personnel to collect data. What is difficult is how to analyze and use data and draw conclusions. In most occasions, "big data" is just a marketing concept, not a realistic technology. The law enforcement authorities can't tell clearly, to what extent the company should avoid the next problem, so whether it is to increase the compliance manpower or increase the compliance review link, it is inevitable that "hairy estimation" is suspected.

This problem is not a third -party consultant. Third -party consultants are also crossing the river by touching the stone, not better than anyone else.

Professor Griffith made it clear: "We have full reasons to suspect that third -party experts are not better than government law enforcement. They are all good compliance programs. They are all outsiders." In addition, from the empirical experience of the United States, letting the judge on law enforcement law enforcement law enforcement The review protocol for review will not help the improvement of the quality of the compliance plan.

Interestingly, because the compliance measures after law enforcement reconciliation will make many other "birds of shocking birds" followed down, excessive compliance will not make specific enterprises in a more unfavorable competitive position, because the "water level" of the entire industry has occurred. Variety. Obviously, this means that the overall damage caused by excessive compliance has also increased.

Moreover, when the entire industry group has some compliance measures, there is no difference between them, and the "lemon market" issue is reproduced. Enterprises cannot obtain competitive advantages with their own compliance measures. In other words, the compliance is composed of "inner volume".

Compliant future

Faced with the deficiencies of the current compliance system, Professor Griffith has advocated two compliance reform paths, which is also the way to reshape the authority of the board of directors on compliance matters.

The first idea is to end the role of government departments as unilateral compliance designers. After all, the law enforcement department may not have the corresponding institutional design knowledge, nor is it fully responsible for the consequences of compliance measures, and the transparency of the entire process is not enough.

The replacement method is to allow the company to adopt or not adopt specific compliance plans based on efficiency -based considerations. At this time, the company will decide how to implement compliance based on cost returns.

It should be noted that this is not equal to indulging companies to do whatever they want. Because their behavioral responsibilities that violate the physical law have not been exempted. The government did not completely withdraw, but restored the standard of regulatory law enforcement. Therefore, the company still has motivation to abide by the law.

The function of the law enforcement department will punish companies that violate legal rules or standards. For what they find important matters, law enforcement agencies can improve legal responsibility, thereby changing the company's cost -income analysis conclusion.

In fact, if the company does not need to accept compliance suggestions from law enforcement agencies, such as increasing a large number of people, they may be more interested in taking more effective measures to prevent illegal matters.

In addition, Professor Griffith also believes that the law enforcement department may wish to continue to use radishes and sticks and use it together, and continue to choose to implement reconciliation. As long as it does not surpass the ability and the scope of power, the head will ask the company to implement the compliance plan beforehand.

Professor Griffith also proposed that the compliance of listed companies can be realized through regular disclosure obligations under the securities law and continuously improving the transparency of compliance functions.

This is the same as the reform of the issuance and registration system that we are becoming familiar with. The focus is no longer the specific compliance measures the enterprise has taken, but it is required to fully disclose the compliance measures adopted by the enterprise to the market judgment.

When the compliance measures taken by the enterprise are different, professionals and other professionals such as investment analysts will also start to evaluate the quality of different compliance measures and give corresponding feedback.

Of course, disclosure of the details that require enterprises to openly compliance measures, such as how compliance is organized; the relationship between the compliance department and the business department and other control function departments (such as risk management and internal audit departments); Compliance; how to allocate personnel and technical resources to manage these risks; whether strategic business decisions and how to involve compliance; what is the power and expectations of the compliance officer when conflict; how to report the structure of the report; and whether the compliance And to to what extent affects executive salary.

The details of these compliance programs can be classified and compared according to the effective indicators, such as improper reporting event, government investigation and sanctions.

As an option to replace or overlapping, the company can also require the company to disclose the standardized data of its compliance plan performance in order to compare the indicators more directly between a company.

Performance quantitative indicators include the frequency and score of the audit plan, answer the speed of the problems raised by employees or technical tools, the speed of training completion rate and the speed of the company's training goals, and the score of employees in training evaluation.

This article mainly introduces a reflection point of compliance in international academic frontier, and does not involve assessment of the status quo of domestic compliance plans. However, common factors will obviously exist. We still need to continue to explore how to make the compliance system from avoiding weaknesses in practice.

(The author is a professor at Central University of Finance and Economics)

Who is struggling to change the life of 340 million people? In the first half of the Chinese, the Chinese people in the second half of the year, the battle of stabilizing the Chinese economy

- END -