Susana Sierra, Executive Director BH Compliance: “I think compliance, in general, lacks the soft skill of being able to reach out to the rest of the organization”.
Sierra also points out that the challenge to promote a culture of compliance is to ask more about the how rather than the what, within the boards of directors.
In the context of the new law on computer crimes in our country, and the possible offenses of this nature that may exist within organizations, having a good compliance program is essential when assessing and better understanding the risks that may arise in the future.
To analyze this issue, in Actualidad Jurídica we talked to Susana Sierra, Executive Director of BH Compliance and President of Chile Transparente, about the evolution of compliance in Chile and the challenges that our country faces in this area.
Compliance in Chile was born mainly from criminal law and has been gradually expanding to other areas. In that sense, how have you seen the evolution of compliance in Chile?
Compliance in Chile came along with the Law on Criminal Liability of Legal Entities in 2010, and since then, the truth is that at the beginning not much happened because companies in Chile thought that there was no corruption and that they were from other countries. After 2014, after the cases of irregular financing of politics, then companies started to worry or see the consequences of this. I think there is still a lot of ignorance about compliance, they think it is related to bureaucracy, and legal issues, and generally people who are not in compliance do not understand it and find it as something they do not understand. Although it has evolved, there is still a long way to go.
There is still a long way to go in terms of compliance in Chilean companies and they begin to cover other types of issues. Because of this, what are the tools that companies should have to continue advancing in this area?
I think that compliance, at a general level, lacks the soft skill of being able to reach the rest of the organization. To make people understand that this is not a manual, it is not just a checklist, but how things are done on a day-to-day basis. I would love to see more and more compliance models that are hopefully two sheets, it should be an index where the policies are stored, not something gigantic like a manual. In the end, compliance is everywhere, the ones who have the risks are the commercial, supplier, finance, etc. areas.
In light of what happened with Corpesca, what lessons should companies learn from this case in terms of their compliance management?
I think that a lesson from all these cases is the real involvement of the boards and general managers because we get nothing out of being full of regulated policies and that is downwards. Indeed, there is a lack of awareness, and at least these cases have helped in the reputational issue. I believe that the law in Chile is slow, it is a slow justice. There should not be any company director who is not an expert in compliance, and who does not ask the right questions at the board level.
How should Chilean companies face the necessary expansion of their risk matrices?
One word. Common sense. Because many think that there will be many crimes. It cannot matter if they put the crime of arms trafficking if in your company no arms are traded. In that sense, we are becoming super legalistic and we are starting to change the manuals and risk matrices. There is still a long way to go to understand the logic. I always tell companies, if they have a well-applied model for the original crimes of law 20.393 and 21.121, they have 80/20 of the economic crimes.
There is still a big difference in compliance between the most developed countries and ours. However, regionally Chile is one of the best and has a lot of potentials to continue advancing. In that sense, how can a compliance-based culture be promoted in Chilean companies?
I think it is essential to have real examples because when we talk about crimes we see them as very distant. I believe that if companies would effectively go back to the basics, work from their purposes, from their values, measure them in KPIs, and have them related and part of the incentives, it is the only way to promote this culture.
That is the big mistake that exists today, and that happens a lot in the boards of directors themselves, that little questions are asked because in Chile we have been taught since we were children not to ask if we do not care, that asking is uncomfortable. The great challenge that is coming today for a culture is to ask more questions, and how. Because we always see the what and do not see the how.
There is a significant difference related to compliance between large and medium and small companies, what should be the challenge for medium and small companies to advance in this regard?
The main challenge is to understand compliance. They see it, as we said at the beginning of the conversation, as bureaucratic, and complex, whereas a smaller company should be much more straightforward. They have fewer processes, and fewer people, so it is much simpler to manage than a large company.