Skip to content

How to Change Compliance's Cost Center Reputation

Compliance professionals, don’t die of surprise at this news—but there’s a perception in certain corporate circles that the compliance function is a bit of a drag. Like, literally. People believe the compliance function is a drag on corporate finance and performance. We are a cost center to be tolerated, and nothing more. 

Of course, that’s a terrible way to view corporate compliance and one that profoundly misses the value of an effective corporate compliance program. So today let’s explore several ways a compliance officer might change the compliance function’s reputation as a cost center. 

How Did We Get This Cost Center Reputation? 

That’s easy. We have this reputation because the compliance function looks like a cost center from the outside.

Compliance functions generate no revenue themselves. They do have fixed costs anyone can see when looking at the corporate budget. Moreover, most parts of the enterprise encounter the compliance function either when the compliance officer is talking about following proper procedure for various business processes; or when something has gone wrong like a retaliation complaint.

More broadly, remember that once upon a time, the corporate compliance department was much more isolated from the rest of the business than it is today. Compliance was something that happened at fixed intervals, and happened at the end of the “real work” of the organization—a document filed at the end of the quarter, a form returned to some government agency, an attestation signed at the close of a merger.

So we can’t be surprised, or even that annoyed, that others might perceive the compliance function as nothing more than a cost center to be contained. When run poorly, or marginalized by a disinterested senior management team, the compliance function is little more than a cost center.

How to Reframe That Perception

One analogy that might help here is to think of your compliance program as similar to a college education. Going to college is an investment, and usually a very expensive one. People spend years paying off the loans they take out to afford college. Plenty of us then invest even more time and money going to grad school.

Why? Because as much as a college education might cost, it lets you make even more money later. A well-educated person can be more responsive to the world around him or her and take advantage of new opportunities more skillfully.

The modern compliance function is a lot like that for global businesses. It’s an investment the company makes to keep doing business in a rapidly changing—and highly regulated—business landscape.

That point is true in two ways. Both are worth explaining to the cynics who see compliance as a cost center.

First, compliance can help the company preserve its ability to generate revenue. A compliance failure might prompt customers to stop doing business with your company, or spook sales prospects into looking for a more trustworthy partner. That’s an argument to make with sales executives.

Second, compliance can help the company to conserve costs, principally by avoiding expensive investigations and regulatory settlements. For example, according to the FCPA Clearinghouse at Stanford University, the average cost of an investigation into violations of the Foreign Corrupt Practices Act is $1.85 million per month—and the average length of an investigation is 38 months!

In one form or another, all of a compliance officer’s efforts to make the compliance program more useful to the corporation rests on those two concepts.

Still, conceptual arguments only take you so far. Let’s consider several specific ways the compliance function can help the business—and shed the cost-center stigma along the way. 

Faster Compliance Audits for Customers

These days, potential customers are just as worried about your compliance program’s effectiveness as you and your regulators are. So they pepper you with demands for compliance audits, questionnaires, and certifications, just as you do to your third parties.

Which also means, however, that the more efficiently you can document and report your own compliance posture, the more attractive a third party you’ll be to your customer base.

That does mean your compliance program will need an inventory of its policies and procedures; records of employee compliance training; results of testing you’ve done on internal controls, and so forth. Making the investments to produce such evidence costs money. Still, those investments can help your company shorten the sales cycle with customers—an example of how the compliance function, even while a cost center, can help the company generate more revenue.

More Automated Workflows

The chores of compliance need to get done, or else your organization is at greater risk of regulatory enforcement and monetary penalties. A significant portion of that work might fall to employees in business operating units: people stuck searching for receipts and reimbursement forms, or filling out conflicts of interest forms, or performing due diligence on business partners they want to use. 

Burdening employees with such tasks is another way compliance gets that reputation as a cost center—but the compliance function doing all that work itself doesn’t help either, since you’ll be overworked and more likely to miss evidence of misconduct. So the more you can automate compliance workflow, the better for all parties involved.

The benefits of automated compliance workflow unfold in several dimensions. First, the compliance function itself is likely to collect more data, more accurately and efficiently; that allows for better fulfillment of your compliance obligations at a lower cost. Second, by alleviating employees of manual compliance work, those employees can devote their time to generating new sales, or research, or whatever their primary duty is. It’s a more efficient use of corporate resources all around.

A More Engaged Workforce

Contrary to what many people in the operating business units might assume, research shows that more internal reporting is good for business. More internal reporting correlates to a host of better business outcomes—everything from fewer lawsuits to fewer negative news headlines, to a higher return on assets (a crucial benchmark of corporate efficiency). 

The connection does make sense when you think about it. A workplace that encourages internal reporting is a workplace that encourages people to talk about problems within the business, so those problems can be addressed. A business that’s adept at discovering and resolving problems is going to be more competitive. So the more you can strengthen your internal reporting culture, through training, effective hotline tools, and executive communication, the better. 

It’s About Efficiency and Flexibility

The compliance function will always be a cost center for corporations—but then, so is research and development, accounting, IT security, and even the C-suite. Nobody denigrates those functions because we understand that they are investments the company makes so it can grow and prosper in a complex business environment. 

The compliance function is no different. Chief Compliance Officers simply need to demonstrate the clear, tangible ways that a strong compliance program can help grow top-line revenue and preserve bottom-line profitability. Once you can do that, those potshots about being a cost center fade away.

Matt Kelly

Matt Kelly is an independent compliance consultant and the founder of Radical Compliance, which offers consulting and commentary on corporate compliance, audit, governance, and risk management. Radical Compliance also hosts Matt’s personal blog, where he discusses compliance and governance issues, and the Compliance Jobs Report, covering industry moves and news. Kelly was formerly the editor of Compliance Week. from 2006 to 2015. He was recognized as a "Rising Star of Corporate Governance" by the Millstein Center in 2008 and was listed among Ethisphere’s "Most Influential in Business Ethics" in 2011 (no. 91) and 2013 (no. 77). He resides in Boston, Mass.

Implement a tailored Third-Party Risk Management solution