Welcome to a special series of five part blog posts on how to unlock the gold in your program. I am visiting Gio Gallo and Nick Gallo, Co-CEO of ComplianceLine, LLC, the sponsor of this series.
One of the ongoing compliance issues is demonstrating the return on investment (ROI) of your compliance program. One way to do this is to demonstrate the extended value of compliance literally across your business. When layered on top of an ESG component, you can start to see the gold in your compliance hills. In addition to showing how you can unlock the gold in your own compliance hills, Gio and Nick discussed demonstrating the ROI of your internal budgeting process which can provide you with the financial resources to strengthen and improve. your compliance program. Today, in Part 4, we take a look at funding and investment models for the corporate compliance function.
If there’s one topic that all compliance professionals understand, it’s risk analysis, but it’s not the same type of risk analysis that a finance professional would look at. Gio noted that a finance professional would have a different focus in their risk goal. It would focus on questions such as “How risky is your investment?” What is the risk in your model and your assumptions? It’s almost like you need a translator to enter the room.
To illustrate, he cited the example of a Black Swan event. With a Black Swan event, you could have a wide distribution of different results. A Black Swan event is very rare, and it can be so small that it hardly shows up on your radar. However, “If you stumble upon that number, don’t you, if the roulette wheel spins and lands on that number, it could be a total disaster.” There can be an 80% chance that everything will be fine and there is a 90% chance that we will be 10% bigger next year. And there’s a 70% chance that we’ll be 20% smaller or harder next year or whatever. Well, there could be a 0.0003% chance of this bad thing to happen. Yet the result is so catastrophic, like a flood every 1,000 years, that you just can’t plan for it. “
Yet the Gulf Coast of Texas experienced a 1,000-year flood in 2017 (and two 500-year floods in 18 months). Although you usually cannot plan for the 1000 year flood, it is a known possibility and I have experienced one and even several 500 year floods. This means that you have to take the concept of Black Swan and constantly re-evaluate it to move on from something that might just happen because if it did, the outcome might be very bad and the circumstances would have changed. This means that you need to change your basic risk assumptions about calling it a Black Swan event. Gio had an interesting response to that and it was basically thinking about storytelling. He listed several events such as the rupture of levees causing the flooding of the city of New Orleans or the flooding of the Fukishima nuclear power plant. These were two events that seemed highly unlikely but were certainly within the realm of the possible. Maybe even a known stranger.
This series of events illustrates that in finance, you need to be prepared to act quickly. As Gio noted, “Just because you don’t have the whole storyline and discussion thread together and you know something terrible could happen. This can create a damaging dynamic between a CCO and someone in the finance or executive level. Their answer might just be “what do you want me to do about this?” What are we going to do this month because there is a budget for it? So if you can bridge it, hey we all know these terrible things can happen and it won’t take a thousand years for a 1,000 year flood to happen.
Responding to this scenario, Nick said, “I suggest you take a little different approach than ignoring this Black Swan event.” Start by using the power of compound interest to demonstrate that your organization doesn’t need to fully defend against this type of event over the next couple of months. You can use the power of your investment in compliance to essentially “build the dikes a few feet higher so that when the next biggest flood happens we would defend ourselves and say in this area it will take another 2% of the budget.” of the compliance team to improve a bit on this point. Even at this point, the accumulation of investment can create very strong compliance practices for your organization. The bottom line is if you invest that 2% every year for the next five years, your compliance program will be five times better at defending against that 500 or 1,000 year flood.