Companies with strict internal controls, even when operating within a highly regulated industry, are not immune to dramatic and costly compliance or risk management failures. All too often, despite having the foundations of a successful compliance programme in place, companies experience dramatic failures resulting in criminal penalties, civil fines, job losses, congressional hearings and mass destruction of shareholder value. This is an unfortunate reality that is underscored by the recurrence of catastrophes that come in the form of a ‘black swan.’

Evidencing the broad reach of these failures, the passage of the Sarbanes-Oxley Act of 2002 (SOX) was a direct response to a series of compliance-related events that drastically decreased the public’s confidence in securities markets. SOX requires publicly traded companies to establish and maintain an adequate internal control structure and procedure and to assess their effectiveness for financial reporting.

Unfortunately, companies sometimes fail to realise that these blocks are only a starting point and that not all solutions come in the form of a specific prescription.

In cases when risk management and compliance fail, many similarities exist. These similarities can be found in failures ranging from AIG’s accounting scandal and subsequent liquidity crisis, to the compliance issues that gained public notoriety in 2016, such as GlaxoSmithKline’s (GSK) violations of the Foreign Corrupt Practices Act (FCPA) and the highly publicised revelations at Wells Fargo. There are four key lessons to be learned through these disasters which, if implemented, will ensure that risk management and compliance frameworks are better equipped to avoid or minimise damage, while preventing a black swan type event.

Jan-Mar 2017 Issue

Diaz, Reus & Targ