⚡ Get All Content for 20% Off ⚡

What Your Company Gets Wrong About Compliance Firms that cobble together programs as they grow just set themselves up for failure.

By Allan Matheson

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

Leaks of customer data, corrupt practices by foreign agents, IT breaches. These are just some of the biggest risks that companies face with their third-party relationships. Despite the known dangers, few get it right when it comes to budgeting for their defense strategies.

That's particularly true of mid-sized firms whose third-party ecosystems have grown while their compliance practices have remained stuck in a small-company mentality.

Often these companies have cobbled together compliance budgets as they've grown. That means is they end up with critical gaps that cost more to set right later. For example, a general counsel may have set up a program to assess foreign bribery and corruption risks some years ago … but did not put in place a system to re-certify and monitor relationships. The result is an outdated program that must be started anew.

Related: Is Your Company at Risk Due to New International Sanctions?

Or maybe that GC smartly included contract language giving their firm the right to audit its higher-risk third parties … but there's no budget to carry out those audits. It could be problematic if an enforcement agent investigation finds that your third-party contracts include a right to audit, but it's never been exercised.

Battle of the budget

Despite the obvious need, mid-sized companies' compliance pros still get pushback when they seek to fund compliance programs despite evidence to justify the expense. It's finally widely accepted that smart technology is vital to cope with rapidly changing regulation and digitalization of customers' private data.

Even so, it's not enough to simply buy some software and put up your feet. Budget should also be allocated to follow up on tech-identified problems, such as cutting relationships or remediating them. That requires funds for training, ongoing monitoring, due diligence, audits and investigations.

How much will a thorough compliance program cost? Well, how long is piece of string? The expense varies widely on factors including the industries and geographical areas in which a company operates. The bulk of the effort and expense will be devoted to the relatively small number of high-risk partners, but that could range from as low as 3% to or as high as 20%, depending on the industry.

Arguably the biggest cost determinant has less to do with the company and more about the type of partner it chooses to help it set up and run a compliance program. A firm that relies exclusively on external legal and technical expertise will end up paying a lot more than one that uses strategically assembled solutions to identify and isolate which third parties require spend — and which do not.

First steps

The process — and costs — of budgeting for a compliance program can seem daunting, but let's break it into two broad categories: Set-up and maintenance.

The initial set-up involves creating and supporting a tech platform. It also requires constructing a mechanism for assessing the company's spectrum of third-party risks. The next step requires drilling down into individual relationships to thoroughly understand the risks. Creating mechanisms for legal reviews of program operations and third-party assessments could require up to $50,000 and $25,000, respectively.

Related: The 3 Secrets to Building Successful Third-Party Partnerships

Technology is vital for breaking down internal silos and efficiently documenting responses obtained through questionnaires sent to suppliers and agents. The set-up and customization can range from $3,000 to $20,000 for a mid-market firm. If internal tech support is required and you will be billed internally, don't forget to budget for this item which could cost up to $50,000.

The important point here: It needn't be overly expensive. Smaller firms can get most of what they need from technology by using something that's best in class and more prescriptive, rather than a highly customizable option that requires more resources to set up and run.

Budget wild cards

A compliance program that isn't updated and monitored consistently is almost as bad as no program at all. Some would argue it's even worse. That's where the maintenance portion of the budget equation comes in, including tech licensing fees ($3000 to $20,000 per year), ongoing monitoring of third parties (up to $20,000) and changes in assessments to keep up with evolving national and international regulations (up to $25,000).

It's also essential to budget for due diligence. If your assessment deems a third party to be high risk, you'll need more research. Perhaps you have a third party in Vietnam who does a lot of selling to government, raising the potential for you to be associated with FCPA violations. Research to determine factors such as who is really behind that company, whether it's ever had any compliance issues, and whether it has its own anti-bribery program will be essential.

Related: The Cross Culture of a Global Business and its Intersection with International Law

Budgeting for this item can be tricky, but industry peers and vendors can help you assess what proportions of your population may require research.

The maintenance side also contains several budget wild cards.

Staff training is one. It's important to invest in training that gives your compliance team the skills to manage your hottest third-party risk areas. If most of your problematic relationships are in China, you should direct training dollars toward educating your colleagues at the front line of these relationships. The cost depends on a variety of factors, including whether you train internally versus hiring outside corporate specialists.

Will you need a budget for conducting investigations? Building it in raises awareness internally that you can play a key role in proactively identifying and mitigating risks.

While many of the line items mentioned above may be estimates, the exercise of budgeting alone is worthwhile. As you assemble the budget, questions regarding risk appetite, resources available, and how you operate your program will become much more obvious. Making smart, informed choices about how you allocate funds can help you achieve a well-functioning, defensible program without major spend.

Allan Matheson

Entrepreneur Leadership Network® Contributor

Allan Matheson is the CEO of Blue Umbrella

Allan Matheson is the CEO of Blue Umbrella, a Vancouver-based compliance technology company.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

The Remote Side Hustle a 43-Year-Old Musician Works on for 1 Hour a Day Earns Nearly $3,000 a Month: 'All From the Comfort of Home'

Sam Ziegler wanted to supplement his income as a professional drummer — then his tech skills and desire to help people came together.

Business News

Costco CFO Reveals Uncertain Fate of $1.50 Hot Dog and Soda Combo

CFO Richard Galanti reveals that the price will stay the same — but only "for a while."

Business News

The Most Unexpectedly Popular Side Hustle of the Decade Has Low Startup Costs and High Markups

A new report shows that vending machines are a popular investment — and the industry is set to grow up to $3 billion by 2031.

Marketing

Ever Wonder Why Certain Websites Rank Higher Than Yours? This SEO Expert Reveals The Secret to Dominating Search Results

It's often the smart use of SEO, now supercharged with AI, particularly in keyword optimization.

Business News

AI Is Impacting Jobs. Here Are the Gigs Affected the Most, According to an Analysis of 5 Million Upwork Postings

The researcher said in the report that freelance jobs were analyzed first because that market will likely see AI's immediate impact.

Leadership

Former Interrogator Shares 5 Behaviors Liars Exhibit and How to Handle Them

Five deceptive behaviors to look for and how to respond to those behaviors when you encounter them.