Seen from an altitude of 30,000 feet, the compliance landscape that CFOs face in 2014 consists of two big mountains and a few challenging foothills.
One of the two loftiest peaks, in the view of many finance chiefs, is complying with the requirements of the Affordable Care Act. The other is about data security — complying with business and regulatory standards aimed at keeping data out of the hands of bad actors.
Ranking below those, yet still worrisome, is coping with increased scrutiny by finance and accounting regulators as they look deeply into issues far afield from the usual work of finance managers. Those include the requirement for companies to report the presence of “conflict minerals” in their companies’ supply chains and document that they have thoroughly investigated whether corporate officials are paying bribes abroad.
All of that adds up to a swiftly burgeoning package of compliance challenges facing CFOs in the upcoming year. For that reason, finance chiefs are placed in the position of approving bigger compliance budgets, according to CFO’s September survey of senior finance executives.
Nearly half of the respondents said their companies’ compliance budgets will rise in 2014, with 18% expecting hikes of 10% or more and 29% looking at a rise of less than 10%. Forty-five percent forecast flat compliance budgets.
Much of the spending will be triggered by the actions of legislators and regulators, creating new rules and deadlines that demand a response. But changes in companies’ structure and size and their increasing tendency to expand globally are forcing the added compliance spending at least as much as the rule makers are, some finance chiefs say.
Earl Fry, CFO of Informatica, a data-integration software company, expects that the firm’s 2014 compliance budget will be at least double what it was in 2012. To be sure, some of that increase is a response to new worries about data security and stepped-up scrutiny by the Securities and Exchange Commission related to the Foreign Corrupt Practices Act, and by the Public Company Accounting Oversight Board related to the Sarbanes-Oxley Act.
Yet the predicted surge in Informatica’s compliance spending is more in tandem with the firm’s expansion than with increasing red tape, Fry says. Estimating that the $861 million company will pass the $1 billion revenue mark in 2014, he notes that the company’s global footprint, which currently covers 30 countries, increases every year, and that its employee count will rise by 15% to 20%.
Add to that a broadening platform of the firm’s product offerings, particularly featuring cloud integration, and it becomes clear that “growth in the company and the complexity of dealing with a global business and in dealing with data” is the biggest driver of compliance activity, Fry says.
A Change in Structure
Conversely, for some companies a change in structure can lead to diminished compliance burdens. “We are pretty fortunate in that we are no longer a public company,” says Darren Heffernan, CFO of Trintech, a previously public financial-reporting software firm acquired in December 2010 by Spectrum Equity Investors. “A lot of things that would concern me out in the marketplace don’t specifically apply to us.”
Heffernan estimates that the company spent about $1 million a year “for the privilege of being a public company.” Yet Trintech’s decrease in spending on internal compliance — about 50% — is virtually a wash against the 50% increase Heffernan expects in spending this year on upgrading systems and hiring staff to help a growing number of clients comply with their own rules and standards.
For example, a growing number of the firm’s clients in Europe, Asia and Australia have regulatory protection of their data handling that they don’t want to risk losing by moving to Trintech’s systems in the United States, according to the CFO. In such cases, the firm has sometimes had to pay to provide a separate data center in the client’s country of origin, he notes.
As data-centric as his firm is, however, the first thought that comes to Heffernan’s mind when asked about the company’s biggest compliance challenges next year echoes that of a large swath of his peers: the Affordable Care Act. “I don’t think we have enough data yet to know whether I should really be worried about it for next year,” he says.
As the firm proceeded through its fall budgeting season, the finance chief says, he discovered that “it just seems like there are so many unknown factors about what insurance companies are going to do with the premiums.”
Normally, Trintech’s health insurer based the company’s premiums on its claims history. “But we’ve had indications from our provider that they may have to increase the premiums for next year depending on what they think is going to be put on their backs” by the ACA, Heffernan said. “Will it grow by 10%? Twenty percent? The money is one factor, but it’s the unknown that’s more worrisome. I can’t budget or plan for that.”
The recent Congressional brouhaha over health reform has helped make complying with it top-of-mind for many senior finance executives. In the CFO survey, 32% of respondents said health care reform will be of “high concern” in the upcoming year, while 30% expect it to be a “moderate concern.”
Stiffening Defenses
Although the need to stiffen corporate defenses against data breaches seems a less urgent compliance concern than complying with the ACA, data security appears to be the more widely felt issue. While 25% of the survey respondents characterized it as a matter of high concern, 44% felt that it was at least a moderate anxiety.
Trailing health reform and data security as compliance concerns are tax rules (with 52% of the respondents expressing high or moderate concern) and accounting standards (42%). About 10% had at least moderate worries about complying with the SEC’s conflict minerals rules.
While data security, health care reform and similarly much-debated issues inevitability rise to the surface when large groups of senior finance executives are asked about their biggest compliance anxieties, unique challenges facing their particular companies are the most pressing ones for individual finance chiefs.
Typical is this comment from one survey respondent about the choices he was presented with: “We’re in a specialized industry niche that has its own particular compliance requirements, which are of more concern than any of the above to us.” (Respondents were asked to rank the following according to their chief compliance concerns for 2014: conflict minerals, antibribery laws, health care reform, accounting standards, tax rules and data security.)
Depending on the industry, even the most widely known matters can have arcane, specialized compliance requirements. For example, the biggest compliance challenge that Mike Carruthers, CFO of Boulder, Colo.-based Array BioPharma, is facing in 2014 actually stems from a little-known section of the Affordable Care Act: The Physician Payments Sunshine Act.
Under the law, as of Aug. 1, 2013, drug makers, medical-device manufacturers and biopharmacology firms like Array that take part in U.S. federal health care programs are required to track and annually report payments made to doctors. Even though Array doesn’t actually yet have a product on the market, the company, which is developing cancer-treatment drugs, got pulled into compliance with the law “because of at least one collaboration we have with a much larger company that does have drugs on the market,” says Carruthers.
“It sounds simple on the surface, but it isn’t,” he continues. “You end up paying the entity that a physician may work for, and you don’t have any idea how much the physician might get as a piece of that payment.” Trying to overcome that is “a big information-systems effort” for Array involving indirect payments to at least 100 different doctors, says Carruthers.
He acknowledges that the Sunshine Act “may be a good idea because of all the things big pharma companies lavish on doctors to get them to prescribe their drug. That’s a really bad thing, and we should know how much they’re getting paid.”
Nonetheless, Congress should have considered the difficulties that much smaller companies could encounter under the act, says Carruthers. “The point is that there are unintended consequences,” he says.