Compliance, Risk, Cyber Security & Governance: Setting the stage

Compliance Governance Definitions

Before delving deeper into each one of IGCA’s core subjects, we thought it would be a good idea to set the stage for the role to be carried out by our organization by offering you a series of definitions and examples related to each.

As you know by now, compliance, risk, cyber security and governance are at the center of IGCA’s work as a professional accreditation, certification and networking association for professionals involved in these areas.

But what does each of one of these core subjects actually involve? Plus, how have they been affected recently in the context of the COVID-19 pandemic?

Keep in mind that these four core subjects work in unison to improve a company’s performance, many times complementing one another or overlapping in their responsibilities.

Now onto some definitions!

Compliance

Compliance, or more specifically regulatory or corporate compliance, can be defined as a company’s obligation to adhere to and follow a specific set of regulations set forth by local and international law when delivering its goods or services. This also includes obeying internal policies and procedures established by the company to detect whether a rule has been broken and prevent it from being penalized by the regulatory authorities. Simply put, compliance is key as it protects companies from any reputational or financial damage.

A great example of poor compliance and the importance of hiring a Chief Compliance Officer is that of Carnival Corporation, the giant cruise ship magnate that was slammed with a 20 million dollar fine in 2019 for failing to adhere to its environmental obligations. Placed on probation in 2017 for disposing its waste out at sea, Carnival did not stop this practice, fudged the truth to environmental authorities, and failed to hire a mandated compliance officer to handle such affairs, as stipulated by its probation requirements.

Furthermore, in July of this year, following the COVID-19 outbreak worldwide, U.S. District Judge Patricia Seitz warned Carnival Corporation that, despite the financial difficulties being faced, “there would be no corners cut” when it comes to the company complying with its environmental obligations. Seitz added, “How are we ensuring that the company has in place a robust, functioning system so that it can succeed without the training wheels of the court watching everything?”

To make matters worse, earlier in November 2020, Carnival suspended its operations up until early 2021 in an effort to be fully compliant with the health and safety standards set by the US’s Center for Disease Control (CDC) to stem the spread of the virus.

What this goes to show is that all companies should hire a Chief Compliance Officer (CCO) or at least get their compliance department in order.

Risk Management

As its name states, risk management is the process by which a company identifies potential risks to its financial wellbeing, assesses them and puts in place specific policies or procedures to either reduce or eliminate those risks.

Risks, of course, come in all shapes and sizes. Market fluctuations, compliance, security and fraud, competition, operational hazards, interest rate fluctuations and debt, and reputational issues such as lawsuits, poor reviews and customer dissatisfaction, to list a few, can all be of risk to a company. Being fully aware of these risks and proactively tackling them by putting in motion a plan to curtail or eliminate them is of essence to any company’s survival and success.

A good example of risk management in the days of COVID-19 comes courtesy of H-E-B, the supermarket giant in the state of Texas, USA. Since 2005 when the H5N1 virus made an appearance, the company has been working on and perfecting a risk management plan to deal with such types of health crises. The company started preparing as early as January 2020 for an outbreak in the US, working closely with suppliers in China, Italy and Spain to see how the virus progressed and affected each country.

For instance, Craig Boyan, H-E-B’s President, said the company studied how the outbreak impacted the Chinese grocery industry, with a lot of the information being provided by Chinese counterparts. H-E-B assessed the following issues: “How did [COVID-19] affect grocery and retail, how did that affect employees and how people were addressing sanitization and social distancing, how quarantine has affected the supply chain, how shopping behavior changed as the virus progressed, how did companies work to serve communities with total lockdowns, and what action steps those businesses wish they had done early in the cycle to get ahead of it.”

Thanks to this proactive and timely risk management set up, H-E-B has been able to continue to serve its customers in a safe and efficient manner, having to deal with higher demand for certain products and plenty of consumer concerns, while implementing health and safety measures to prevent the spread of the virus within its doors.

Cyber Security

With the advent of the Internet and the many technological advances allowing for the speedy transfer of sensitive information across borders, cyber security has emerged as a top priority for most companies.

Cyber security, also known as information technology security, refers to the policies and procedures established by a company to protect its computers, servers, networks, software and applications, electronic equipment, and stored data from hackers and other types of malicious attacks. Most companies these days store an infinite amount of information, including sensitive data on intellectual property, personal details and financial performance. Being susceptible to attacks during which these data are lost, made public or used to damage a company’s reputation is a serious risk for most companies.

As a result of the COVID-19 pandemic, cyber attacks have grown in numbers for a host of reasons. More employees and students are working remotely, having to rely on their home computers and videoconferencing software to carry out their daily affairs and making them more susceptible to cyber attacks. Furthermore, security teams used to working from their offices might be less prepared to notice a cyber attack or suspicious activities when working remotely. Response times to such actions might be delayed as a result, putting a company’s data and overall safety at risk. Finally, as companies cut down on staff members due to the economic downturn caused by COVID-19, many individuals have opted to become cyber criminals in an effort to make ends meet.

Considering the boost in time spent online, either for remote work or Internet shopping, some hackers have even made use of the actual outbreak to make a quick buck or two. According to OpenText’s report “COVID-19 Clicks: How Phishing Capitalized on a Global Crisis,” one out of every five of the individual surveyed in the study said they had received a phishing email related to COVID-19.

Governance

Governance, or more specifically corporate governance, can be considered the umbrella under which our other core subjects rest. This term refers to the many rules, processes, systems and practices put in place to successfully direct a company and define its overall corporate behavior. Governance incorporates all major aspects of management including action plans, KPIs, internal controls and procedures and financial disclosure, as well as cyber security, compliance and risk management, just to list a few.

The board of directors determines a company’s governance, setting the tone for company’s overall direction, business integrity and ethics, relationship with stakeholders, social responsibility practices and corporate appointments, among others. Typically, besides taking a hit on profits, poor corporate governance can hinder a company’s obligations to shareholders, its overall reliability in the eyes of the public, and its business ethics.

COVID-19 has also impacted corporate governance. An interesting article in the Harvard Business Review posits that the current pandemic has forced companies to reconsider how they distribute dividend payments to shareholders.

Considering employee layoffs, supply chain disruptions, lower profits, government pressure to decrease dividends, general uncertainty and shareholder expectations, among others, Lynn S. Paine writes that “a decision that would typically require only a few minutes of board discussion — if that — became an hour-long (or more) deliberation,“ and this does not include further discussions on how to inform the public of this decision. 

Paine goes on to explain that this “new environment is characterized by an increasingly complex set of pressures and demands from various stakeholder groups, heightened expectations for societal engagement and corporate citizenship, and radical uncertainty about the future.”  Furthermore, all of these issues “are complicating board decision-making and challenging the shareholder-centric model of governance that has guided boards and business leaders for the past several decades.”

As a result of COVID-19, Paine argues that a different style of corporate governance is rearing its head, one that is “richer” and “puts the health and resilience of the company at its center.” Paine believes this new style of corporate governance will demand a whole lot more from the board of directors as it “[works] more closely with management on strategy, [tracks] a richer set of performance measures, [oversees] an expanded menu of risks, [rethinks] compensation policies, [engages] in more thoughtful deliberation, [and reviews] board composition.”

A good case study of old-school governance gone wrong involves Wirecard, the German payment processors and financial services company recently found to be involved in large-scale fraud. As early as 2008, the German firm was suspected of cooking its books and engaging in accounting malfeasance. These questionable activities finally came to light in 2019 following an in-depth investigation by the Financial Times, which revealed the company’s many shady accounting practices. As a result, Wirecard filed for insolvency once it was disclosed that 1.9 billion Euros had gone missing from its coffers, only for the company to later disclose that this money might have never existed.

In an interesting Mondaq analysis, CGLytics, a governance analytics provider, concludes that Wirecard’s Board of Directors was generally ill equipped to detect and prevent fraud. Using its specialized software, CGLytics shows that Wirecard’s Board scored poorly in Financial and Governance expertise, making it “unable to identify and respond to the issue from its early days” and subsequently “leaving lenders and investment funds with losses” as the company’s shares were wiped out following its insolvency announcement. Both former CEO Markus Braun and COO Jan Marsalek, two of the main culprits behind Wirecard’s demise, were members of the Board and lacked these two fundamental traits.

So, what has you experience been with our four core subjects and the impact COVID-19 has had on each? Drop us a line and let us know!

If you have any questions or comments, do not hesitate to reach us at info@igca.org. We’d be happy to help. Stay safe, healthy and always compliant!

Leave a Reply

Your email address will not be published. Required fields are marked*

Contact us




By submitting this form, you submit your information to IGCA, who will use it to communicate with you regarding this query and their other relevant services, based on legitimate interest. You will always be given the opportunity to opt out of any future marketing communications