Friday, July 24, 2009

Inside Compliance

Compliance brings cost, controversy and opportunity

By Jim Schakenbach

Video Gallery

MHT's Galen Moore: Hiring trends and opportunities

MHT's Efrain Viscarolasaga: Tech companies may have to wait for stimulus funds

Robot sampling at RoboBusiness 2009

Related News

Russian venture firm puts $100K into MassChallenge 2012 [February 10, 2012]

MassCEC, MTTC awards $120K for clean energy projects [February 8, 2012]

Verizon and Coinstar team on Netflix-like venture [February 6, 2012]

Rep. Markey bill would block medical devices linked to recalls [February 3, 2012]

Blog: Apple: ‘SOPA, I am your father!’ [January 20, 2012]

Mention “regulatory compliance” to a mixed audience of consumers and corporate types and chances are you’ll get the widest possible range of responses, from the best thing to happen to consumer rights to the death knell for American companies. It would not be an overstatement to say that the laws governing privacy, financial disclosure and the abuse of information technology have been lightning rods.

For many in corporate management it has been a case of the best legislative intentions gone horribly wrong. For consumer rights advocates, it has been a long-awaited effort to curb the worst instincts of out-of-control corporations and financial institutions. So, 10 years after the Gramm-Leach-Bliley Act and seven years after Sarbanes-Oxley, just where are we?

Perhaps it’s best to start at the beginning, and for Keith Darcy, executive director of The Ethics and Compliance Officer Association in Waltham, that would be the first two years of this decade. It was a period he called “The Enron Era.” “This was a mind-boggling period of time,” said Darcy, culminating in the fourth quarter of 2001 when Enron went up in flames. “From the time of their earnings restatement disclosure in October 2001 it took them five weeks to go bankrupt — this from a company that never had a down quarter in its history.”

The litany of corporate malfeasance or money woes was staggering and included a who’s who of major U.S. corporations: Adelphia, WorldCom, Rite Aid, Tyco. According to Darcy, during the time period between first quarter 2000 and the summer of 2002, the U.S. market lost $11 trillion dollars in value. “The financial damage that was done was enormous. There was a profound loss of trust in the markets.”

The result was high-profile legislation, starting with the Patriot Act, and a string of new laws that included the Sarbanes-Oxley Act (SOX) and the Health Insurance Portability and Accountability Act (HIPAA) — all designed to bring increased disclosure, fiscal responsibility, data security and transparency to the marketplace. But all these well-intentioned regulations came at a price.

“The biggest issue is cost right now,” said Mark Tarallo, attorney at Morse Barnes-Brown Pendleton PC in Waltham. “Compliance is enormously expensive in both time and money.” According to a report issued by Financial Executives International, the average cost to ensure annual SOX compliance in 2007 was $1.7 million per company. Tarallo added that the most controversial part of SOX, Section 404, has not yet been fully implemented. This section, which addresses documenting and managing internal controls over financial reporting, has been repeatedly deferred by the U.S. Securities Exchange Commission because of the difficulty and high cost of implementation for smaller companies. It is widely feared that when Section 404 is finally implemented it could put a number of companies out of business and drive others into otherwise unnecessary mergers or acquisitions. At this time, the latest Section 404 deferral runs out at the end of 2009.

Given the high stakes involved, it should come as no surprise that a thriving sub-industry has grown up around the regulatory compliance issue. A number of companies and consultancies have emerged to help corporations find their way to full compliance, including Regulatory Compliance LLC of Londonderry, N.H., Open Pages Inc. in Waltham, Compliance Management Inc. in Hingham and PA Compliance of Lincoln, which was acquired last year by Electronic Verification Systems. which specializes in products and services to help securities broker-dealers and investment advisors with their compliance responsibilities.

According to Regulatory Compliance managing member Stephen Sussman, a major problem for many companies is the scope of the regulations. “The laws are written for the Merrill Lynches,” said Sussman. “But for firms with 10 people, it’s almost impossible to be in absolute compliance — it’s simply too expensive and time-consuming.”

The key, said Sussman, is automation. Much of regulatory compliance is what he called “mindless exercises” — the writing of procedures manuals and letters acknowledging responsibility for various activities and results, even when those documents are written by and delivered to the very same person. “It’s crazy,” added Sussman. “In many cases you have the same person in a small company acting as the CFO and CEO, so he or she is required to produce and deliver documents to themselves.” The only solution, said Sussman is automating as much of the compliance process as possible to eliminate time-consuming, often repetitive paperwork.

For Darcy, the lesson many companies are taking away after almost a decade of regulatory legislation is that corporate compliance has to go beyond ensuring that companies simply meet the letter of the law. “What’s being said in the regulatory community now is that mere compliance isn’t enough, we expect you to take extra legal steps to create a culture of integrity and values,” said Darcy. “This language has been adopted by virtually every regulatory body in Washington.”

Darcy pointed out that Enron was in compliance with the laws at that time, but their culture was out of control. “The regulators and the prosecutors are looking at the corporate culture now, not just compliance.”

Jim Schakenbach is a freelance writer in Jefferson