As the United Nations Global Compact discusses in their business anti-corruption guide, centralized and decentralized models have their own strengths and weaknesses with regard to control, consistency and understanding of local nuance.
Centralized compliance. Typically involves a single, central compliance team operating in one location, with a top-level Chief Compliance Officer who retains central oversight over the business’s compliance functions. Key strengths of centralized compliance include a high level of control over the compliance program, a consistent application of compliance processes, strong communication, and the ability to easily share resources among team members. Weaknesses of this model include lack of program flexibility and less understanding of local nuance due to its single office.
Decentralized compliance. By contrast, maintains a more widespread and flexible structure, with multiple compliance offices across various regions. Compliance officers sometimes report to their respective local supervisors, who are usually mid-level managers, but also hold responsibilities to a central legal or compliance function. Typically, there is some degree of oversight from the core even in a decentralized compliance model.
How can you evaluate which model is better, after reviewing the strengths and weaknesses of both? The resources and needs of your own business can provide the answer. The size, structuring and nuances of your program will determine what model fits best for you.
The real challenge for both models, however, is to find a solution that reduces pain points in each compliance model without compromising the advantages. Without resorting to large-scale operational and potentially disruptive changes, third-party compliance technologies can actually be employed to accomplish this, providing controls and accommodating for the pain points in your program while still preserving its strengths. Effective technologies will have certain features to improve efficiencies within compliance programs for both centralized and decentralized programs.
User hierarchies. User hierarchies are extremely useful, as they allow for stricter data privacy measures and greater control over program structure. Effective technologies can restrict user access so that users will only see third party information relevant to their jurisdiction or compliance responsibilities, and provide region-wide access for regional managers or total visibility for the Chief Compliance Officer. Although beneficial for either model, this is particularly useful for providing structure to decentralized programs, which typically involve multiple compliance teams that are spread across the globe.
Compliance function centralization. Centralization involves integrating all relevant compliance information in a single technology platform, including a third party’s information, third party risks, due diligence reports, questionnaire documents and more. This leads to easier access to information program-wide, better communication and a deeper understanding of a third party risk. This is particularly useful for programs with multiple offices, as all information is integrated and easily accessible within one location.
Flexible workflow automations. Whether your program is centralized or decentralized, a significant challenge for both models is reducing the time spent on manual labour and repetitive, administrative processes. With workflow automations programmed into third party platforms, it is possible to greatly relieve such processes, allowing you to instead to engage in high-level work like decision-making or risk remediation. The most effective workflow automations can be tailored to your specific needs, such as ordering high-level reports based on a combination of risk level or jurisdiction.
Allan Matheson, pictured above, is CEO of compliance research firm Blue Umbrella. He has more than a decade of experience in compliance risk management leadership, due diligence and the development of disruptive technologies.
Blue Umbrella’s whitepaper, “Centralized or Decentralized: Understanding Compliance Program Strengths and Weaknesses,” can be requested here.