Welcome to a special five-part blog post series on how to unlock the gold in your program. I visit with Gio Gallo and Nick Gallo, Co-CEO’s of ComplianceLine, LLC, the sponsor of this series.
One of the ongoing issues in compliance is to demonstrate the Return on Investment (ROI) in your compliance program. One way to do so is by demonstrating the extended value of compliance literally across your entire company. When overlaid with an ESG component, you can begin to see the gold in your compliance hills. In addition to showing how you can unlock the gold in your own compliance hills, Gio and Nick discussed demonstrating ROI for your internal budgeting process which can provide to you the financial resource to strengthen and improve your compliance program. Today, in Part 4, we consider finance and investment models for the corporate compliance function.
If there is one topic that every compliance professional understands it is risk analysis, but this is not the same type of risk analysis that a financial professional would look at. Gio noted that a finance professional would have a different focus in their risk lens. It would focus on such questions as “what is the risk of your investment? What is the risk in your model and your assumptions?” It is almost as if you need a translator to get into the room.
To Illustrate, he pointed to the example of a Black Swan event. With a Black Swan event you could have a wide distribution of different outcomes. A Black Swan event is very rare and it may be so small that it almost does not show up on your radar. However, “if you land on that number, right, if the roulette wheel spins around and lands at that number, it could be a total disaster. It can be an 80% chance everything will be fine and there’s a 90% chance we’ll be 10% bigger next year. And there’s a 70% chance that we’ll be 20% smaller or more difficult next year or whatever. Well, there might be a 0.0003% chance that this bad thing happens.” Yet the outcome is just so catastrophic, similar to the once in a 1,000-year flood, you cannot simply plan for it.”
Yet the Texas Gulf Coast had a 1,000-year flooding event in 2017 (and two 500-year flooding events withing 18 months). While you might not typically plan for the 1,000-year flood, it is a known possibility and I have lived through one and indeed and several 500-year floods. This means you must take the Black Swan concept and continuously re-evaluate it to move from something that could well happen because if it does, the result could be very bad and the circumstances have changed. This means you need to change your basic risk assumptions about calling it a Black Swan event. Gio had an interesting response to this and it was basically to think about storytelling. He listed several events such as the levees breaking causing the flooding of the city of New Orleans or the Fukishima Nuclear Plant flooding. These were both events which seemed very low probability yet were certainly within the realm of the possible. Perhaps even a known unknown.
This series of events illustrate that in the financial realm, you must be ready to move quickly. As Gio noted, “simply because you do not have the whole script and talk track put together and know that something terrible might happen. This can create a damaging dynamic between a CCO and someone in the finance function or in the executive level. Their response may well be ‘what do you want me to do about that?’ What are we going to do this month as there’s budget for it? So, if you can bridge that to, hey, we all know that this terrible stuff might happen and it’s not going to take a thousand years for a 1,000 year flood to happen.”
In response to this scenario, Nick said, “I suggest you take a little bit different tack than ignoring this Black Swan event.” Start by using the power of compounding interest to demonstrate your organization does not need to completely defend against this type of event in the next two months. You can use the power of your investment in compliance to essentially “build the levees a few feet higher so that when the next biggest flood occurs, we defend against it and talk about that in the realm of this is going to take another 2% of the compliance team’s budget to get a little bit better on this.” Even at this stage the compounding of the investment can create some very robust compliance practices for your organization. The bottom line is that if you we invest this 2% each year over the next five years, your compliance program will be five times better at defending against this 500 or 1,000-year flood.