Compliance officers could always use a bit more money in the budget. The question is: how, exactly, one can persuade the corporate leaders in your organization to give you more compliance budget?
First, let’s consider just how tight corporate compliance budgets are. In 2020 the Society of Corporate Compliance & Ethics published a study of compliance budgets based on a survey of nearly 1,400 compliance officers. Across a vast swath of organizations, most budgets were small.
For example, among firms with less than $1 billion in annual revenue, a majority had no more than five people working in compliance. The only group with an average compliance budget above $1 million were truly large firms, with $3 billion or more in annual revenue.
So most compliance officers have only a handful of employees and a budget below $1 million, to address the full range of ethics and compliance issues—a range, we might add, that gets larger and more challenging by the year.
Hence the importance of securing more compliance budget dollars. We can divide that task into four basic scenarios.
1. Cleaning Up a Mess
First, you might need to secure more budget to repair damage from a compliance failure that’s already happened. That is nobody’s idea of a fun meeting with the CFO or the board, but it’s a predicament many compliance officers will face.
In that case, you’ll need to prove that your proposed solutions will in fact fix the damage at hand. For that to happen, however, you need a precise and correct diagnosis of the problem that caused your compliance failure in the first place. This means that a thorough investigation of the failure, including a root cause analysis, is a critical first step. Only with that understanding in hand can you develop a spending proposal that will survive scrutiny.
Once you do have that understanding of what went wrong, ask yourself several expansive questions about the best way to go right. For example, will new technology solve your issue—or will implementation cause issues for the IT department? What if you restructured personnel duties or compensation plans, to give employees in the First Line of Defense more incentive to avoid compliance failures? What about hiring more compliance analysts, or a program manager to lead the analysts more efficiently?
The goal here isn’t just to demonstrate that your proposed spending plan will work; you also need to demonstrate that this specific plan is the best plan among all possible alternatives. That’s what the C-suite and the board will want to see for assurance that, yes, this spending plan is worth pursuing.
2. Avoiding a Future Mess
You might also want to secure more compliance budget to prevent future compliance failures that could happen without that financial support. This is a harder sell than the first scenario, because you’re trying to prove a negative: “Look at all these bad things that will never happen because you gave me more money!”
Here, a good risk assessment and benchmarking data are your friends. They are the tools that can help you show how well your program is or isn’t keeping pace with the organization’s threats.
Your risk assessment should examine several points:
- How have internal operations changed, in ways that might affect our ability to execute the compliance program?
- How have regulatory expectations changed, in ways that might make the consequences of non-compliance more severe?
- What new risks have emerged, that our compliance program never had to address previously?
Benchmarking data can especially help with the first bullet point above. The SCCE survey on budget and staffing, for example, slices the data by organizations’ revenue, total employee population, and size of compliance team. Data like that can be a great way to show how the organization has changed, and how the compliance department should change with it.
You’ll also still need to demonstrate why your proposed plan is the best plan, as we mentioned earlier; then frame the spending request as prudent and necessary, not a wish list. For example, the Justice Department’s latest guidelines on effective compliance programs stressed the importance of compliance programs evolving to keep pace with current challenges—including the importance of responding to enforcement against other businesses, to assure your company won’t be next.
3. Getting Into Better Shape
A third scenario might be that you want more compliance budget so the compliance program can operate more efficiently. In that case, demonstrating the ROI on your proposed spending plan will be crucial.
Most likely, you’ll want to automate some part of the compliance program or otherwise integrate compliance procedures into the workflows of daily business operations. Calculating the ROI of compliance automation is worth a whole discussion unto itself.
The main point, however, is that ROI can be expressed in two ways. You can express ROI as spending some money now to save even more later: “By spending $100,000 to automate due diligence, we’ll cut 39,000 man-hours annually on due diligence work the sales teams perform now, which saves us $1.95 million in compensation costs each year.” You can also express ROI as spending money now to generate even more money later: “When the sales folks spend those 39,000 man-hours on sales, we can increase revenue by $4 million.”
It’s also worth remembering in this scenario that automation typically means new technology and often means changes to workflows for other parts of the enterprise. That means your ability to collaborate with the IT department (on integration and testing of new tech, for example) and with other business unit leaders (to win their support on workflow changes, or at least to prevent their opposition) will be vital to success.
When you can present unified support for improvements to the compliance program, and demonstrate a compelling ROI—suddenly the folks in charge of the budget get much more friendly.
4. Becoming a Better Ally
The fourth scenario is the ideal: arguing for more compliance budget so that the company can leverage the compliance program’s capabilities for better growth.
Take third-party risk management as an example. Yes, your organization has to do well with third-party risk management simply because third parties are a chronic source of corruption risk to your own business. But your third parties are also your customer’s fourth parties—so the better you are at managing third-party risk, the more attractive you are to potential customers worried about those fourth parties. Considering how long and complex modern supply chains are, the ability to assuage customers’ worries about fourth parties (and more) is a strategic advantage.
Along similar lines, internal reporting programs are a compliance requirement for most businesses. Designed and supported correctly, however, they can also be an early warning system for all sorts of issues—and an organization’s ability to respond to problems promptly and swiftly is another strategic advantage. Academic research has proven that the more internal reporting your business has, the better it scores on all sorts of metrics: fewer lawsuits, smaller settlements, less negative press, better use of corporate assets, and more. This is precisely why it's essential to establish a proper whistleblower hotline and case management process.
How to Secure More Compliance Budget
So whenever possible, stress this argument: strong compliance programs are good for the business overall, because they empower other parts of the enterprise to perform at a higher level. That improvement will inevitably be worth the investment.
Then, with luck, you’ll never need to seek more compliance budget to clean up a mess, because it won’t have happened in the first place.