Legal Entity Management - Beyond Compliance
Recently corporations, regulators and the public have been embroiled in fierce debates about CO² emissions, money laundering, and the OECD’s BEPS initiatives. All of these have involved risk to the reputations of hitherto highly respected organizations. Now entity management compliance is coming into the public domain. Authorities are holding corporations to their obligations to keep their filings complete, accurate and up to date. What was historically considered tiresome house-keeping is the focus of a cultural shift within organizations which are embracing new skills and new technology and changing the way they are structured to execute their entity management obligations. The regulatory landscape is changing, as well as getting stricter, making it more difficult to monitor changes across a multinational footprint. At the same time there is an expectation of greater transparency and public opinion is increasingly important.
As a result of these developments legal entity management is very much on the board agenda. In the past different regulatory pressures forced US organizations to get their houses in order. More recently the UK has been taking this much more seriously with the senior managers’ regime increasing personal accountability in the financial services industry following the financial crisis and the Wates Corporate Governance Principles for Large Private Companies which extend compliance expectations beyond the holding company level. The extension of personal liability to directors for non-compliance is spreading more widely with Belgium for example imposing individual sanctions for failure to report ultimate beneficial ownership from March 2019. As globalization grows, foreign direct investment in emerging economies is being followed by greater corporate governance strictures and heightened reporting requirements.
But there is also good news. Those organizations that rise to the entity management compliance challenge secure valuable insight into their group’s structure. The benefits of such insight include the opportunity for legal entity simplification, improving readiness for transactions or demergers, and enabling cash repatriation strategies. Getting to grips with entity management is often part of a wider examination of the organization’s legal operating model and involves a reassessment of how the Legal function uses people, process, technology and data. By refining processes and introducing greater automation where possible, additional benefits include freeing up time for higher value activities, better management of risk and cost savings. Better compliance is a win-win for the organization and its people.
Time for action
Over the years, group structures have become increasingly complex, compliance obligations and processes vary in complexity by jurisdiction with no noticeable trend towards simplification, and statutory compliance timelines are often non-negotiable. Regulatory pressures have moved effective entity management up the agendas of Boards and General Counsel (GC) alike as they have become increasingly aware that “something must be done”. The trend towards better entity management compliance which started in the United States is now spreading around the world. Organizations are also being more proactive in promoting ethical behavior because it makes good business sense and in response to greater scrutiny from regulators and the public.
Legal entity management – what is involved
- Annual compliance
- Data collection and document management
- Organization charting
- Deadline tracking
The regulatory push
Governments have been saying for some time that enforcement is increasing. New rules are being introduced or old ones better enforced, hence entity management compliance is becoming a focal point. Fines can be high in some countries, liability can be personal to the directors, and there is a risk of asset seizures or striking off for non-compliance. There is also increased regulatory stimulus to take action. The BEPS initiative and particularly Country by Country Reporting require organizations to “know what they’ve got” and to report one version of the truth. For many this has been a crystallizing event as they recognize that they can no longer afford to do nothing; entity management risk must be mitigated. At the same time, there is growing impatience amongst GCs to leverage the benefit of becoming compliant through greater insight while relieving lawyers from low added value work.
Driving a change of mind-set
This combination of external pressure to be compliant and internal desire for the benefits of compliance are resulting in a change of mind-set in organizations. Entity management did not tend attract investment. More recently there has been a change in tone from how can we do this cheaply to what added value can we enjoy from our investment? As the GC’s role becomes increasingly strategic and board level, the Chief Compliance Officer (CCO) is becoming more prominent, and organizations are increasingly recruiting a CCO to the GC’s team for the first time. Subsidiary board members who might in the past have been prepared to sign minutes giving effect to instructions of policies from the center are now insisting on proper meetings with real discussion of the items they are being asked to approve.
A level playing field when it comes to risk
The level of maturity and seriousness of approach is dictated in part by extent to which an organization is in the public eye. The financial services industry and many consumer-focused organizations tend to be further ahead than smaller multinationals and business-to-business operations. However, the risk is the same for all organizations because general corporate governance expectations are the same whether you’re in the public domain or not. Given that both organizations and the authorities appear to want corporations to be compliant and there are clear benefits beyond cost saving and risk mitigation, what are the challenges to becoming compliant and how are organizations over coming them?
What is the challenge?
In a global study conducted for Deloitte Legal in 2016, 26% of major legal purchasers identified global compliance as their biggest challenge which was second only to doing more with less (44%). This has driven the Legal function to a change of mindset, with reducing resistance to change and a willingness to consider adopting innovations such as new technology and alternative sourcing models.
Other challenges have included:
In the past entity management compliance has not been a priority. Top management often showed a tendency to differentiate between compliance with industry-specific (“license to operate”) regulations such as those affecting pharmaceutical or energy companies, and entity management which was perceived as less critical. Sometimes the corporate secretarial function would struggle to get the relevant signatures on a return because the directors were away from the office dealing with the commercial demands of the business. As it is these same directors who are pushing entity management up the board agenda – especially where failure results in personal liability – this challenge of priority is increasingly a thing of the past. Although levels of sophistication still vary, it is now not just sophisticated groups that have compliance on their radar and its management ranges from the well-coordinated to fragmented.
The more fragmented the approach the greater the challenge an organization faces. Whilst ownership ultimately rests with the board, one of the first priorities must be to agree on who is responsible for compliance while recognizing that there are many stakeholders with an interest in the data and the uses to which it can be put. Responsibility tends to fall within the GC’s team where the organization has an in-house Legal function and often the Corporate Secretariat. Where it doesn’t – as is the case with many smaller groups – responsibility typically lies within the Chief Financial Officer’s purview. In large groups, multiple functions may have a role in entity management and compliance with separate organization charts being kept by some or all of Legal, Tax, Accounting and Compliance. Where multiple versions of the truth are kept, they are rarely in agreement. Giving one stakeholder group responsibility for improved entity management is one way of eliminating these different versions, especially if technology is used to maintain the information with access rights for all those who need to use the data but restrictions on who can change it.
Once responsibility has been allocated, it is essential that the needs of each of the other stakeholder groups are well-understood. The benefits of high quality compliant entity management are discussed in greater detail below, but it helps Legal to understand how other functions and operations will use the data they are managing. Tax is an important user leveraging entity management data for transfer pricing purposes, to demonstrate substance in a jurisdiction and to advise Finance or Treasury on the most effective ways to move cash within the group. Accounting needs the information for statutory reporting purposes and may collaborate with Legal and Tax to produce the necessary Country by Country reports for those jurisdictions which are party to the BEPS initiative.
A further challenge for the GC and their team is staying on top of changes across the global footprint which can impact entity management and compliance obligations. A case in point is China which is viewed as a complex jurisdiction from a regulatory perspective. Whereas in Hong Kong (the conduit for much inward investment into China) there is predictability as to the hierarchy of the many entity compliance rules, in China however regulations are made at national, provincial, county, and municipal levels – with uncertainty as to which takes priority. Affected organizations need to research how the regulations work and also check with those administering them to make sure that their approaches coincide. Organizations need strong systems and processes to stay on top as regulations change, and horizon-scanning mechanisms (increasingly powered by artificial intelligence) so that new obligations can be factored into processes proactively.
Getting the right things right
Deciding what to change can also be challenging. One of the most common trends amongst in-house Legal functions is the extent to which they are being asked to do more with the same or fewer resources. This pressure to deliver faster and more cost efficiently while maintaining the highest levels of quality, compounds the demands of regulators for better compliance. Unsurprisingly, organizations are looking at people, process and technology to provide a combined solution which is fit for purpose. Hiring more people to do the work is one option but prohibitively expensive in some jurisdictions. Where headcount is added, GCs are looking at the skills those new hires bring beyond legal expertise. Operational experts, project managers and data scientists are amongst those joining forward-looking Legal teams. Outsourcing some aspects of the work may be the right answer, but what should stay in-house, who should the outsource partner be, and what happens to the people in-house who are currently looking after entity management? If they are qualified lawyers, they may welcome having their time freed up to work on more nuanced, legally challenging and less repetitive tasks, but this won’t necessarily be possible where an organization has a team dedicated to this work. The legal market is awash with technology, but this presents the GC with an additional challenge. Selecting the right vendor with the right tooling is tough in a crowded market. It can take time to find a product which will be supported in the longer term and interface with other systems to maximize the return on investment.
In many cases a group structure which has evolved over the years as the organization expands organically and through acquisition is a large component of the challenge. If a group was being created from scratch, a centralized approach would clearly make sense, but in reality most multinationals are not structured in this way and it doesn’t make commercial sense to restructure just to overcome the compliance challenge. If an organization does decides to centralize its entity management – either in-house or with an outsource partner – there will be a number of consequential considerations to bear in mind. For example, they need to be confident that any data being transferred across borders complies with data protection requirements such as the European Union General Data Protection Regulation (GDPR) or the Chinese regime which requires companies to self-certify that any data being transferred outside China is non-sensitive.
The right data for compliance and insight
The final challenge, but one of the most important, is data quality. Without high quality master data it is very difficult to improve entity management compliance. And whilst having the right data is fundamental to the process it is not an easy exercise to get right. Given the different stakeholders involved and the different uses to which they put aspects of entity management data, they frequently hold it in different silos rather than a common database. As a result, whilst in the medium term effective compliance should have a cost reduction component, getting to one source of truth can take time and money. It requires a collaborative mind-set amongst all stakeholders so that Legal can benefit from the data gathering that has already been done by Tax and Finance, but that data still needs to be cleaned and reconciled, much of which is a manual process. In an ideal world, a cleansed internal database would be connected to easily accessible public databases both to eliminate discrepancies and for benchmarking and insight generation. But for now, getting consistent information group-wide is often tough because every country has its own data and data sets in different formats.
How are multinationals meeting the challenge?
Although entity management compliance is rising up the corporate agenda and sometimes the C-suite or a new leader initiates a project to achieve efficiencies and savings, it is still the case that many organizations only take action when a triggering event occurs. This might be an acquisition that adds unwelcome duplication and complexity making entity rationalization a feature of post-merger integration. In contrast a demerger forces the organization to look at its structure to determine which entities stay and which are demerged. Whatever the reason for such a project being initiated there are some clear considerations in meeting the compliance challenge.
Start by understanding what you’ve got
As the previous chapter demonstrates, there are a variety of factors which make implementing best practice entity management compliance a challenging undertaking. While some organizations want a straightforward health-check of their entity management compliance, others are looking at this within the context of transforming how they deliver legal services through their legal operating model.
This exercise involves aligning Legal’s operating strategy with the strategy of the organization as a whole and “heat mapping” the As-Is structure to identify what to tackle first as we discussed in our Perspectives piece “In-house Legal Service Delivery”. This heat mapping should include an assessment of entity management compliance, but not in isolation since the exercise will also be examining Legal through a variety of lenses including people, process and technology. Organizations typically need to engage a variety of subject matter experts to identify the areas of focus, manage and minimize complexity, and navigate the regulatory landscape across their footprint.
Technology is frequently seen as the most important component in enabling Legal to do more for less. In our survey “Going Beyond Risk and Compliance”, 72% of respondents believed their Legal functions already have the tools to give them an organization-wide view of compliance and expect transformation of compliance and other recurring legal tasks through technology. From our experience of the legal market, whilst many Legal functions have tools which could give them an organization-wide view, the extent to which they do is open to question. There is a wide variety of responses to technology amongst in-house lawyers. Many are adopting technology and they use it extensively. In some cases Legal is working with IT and external consultants to develop their own tools, while others are buying in the technology or outsourcing to providers who have made that investment. Whichever route, or mix of routes, is adopted, technology on its own doesn’t solve the problem. It needs to be populated with high quality data, which must be maintained.
The types of technology in use range from a global repository to hold minutes and excerpts from the company register, to systems capable of document creation and automated filing of resolutions, director changes and other reportable events. Legal benefits most from technology with a central portal including dashboards and scorecards which stakeholders can tailor to their needs. All relevant information feeds into the same place, is underpinned by the same detail and tagged back to the ERP system, regardless of the uses to which the information is put.
Who does the work and where do they do it?
Whatever the role of technology in achieving better entity management compliance, people are an important component of any solution. In a multinational organization there is a lot of compliance work to do and performing it all with in-house resources can be expensive, especially if most of it is performed at local level as has often been the case. Getting to grips with entity management and compliance is often seen as a Headquarters project because is where the impetus has originated to take action. However, this does not mean that these activities should necessarily be centralized. It makes sense to look at size and complexity of the group, the reach of its footprint, and the extent to which it is operationally centralized or decentralized. At best in class organizations we see a variety of governance models, all of them highly effective where they have clearly established policies and processes with well-defined roles and responsibilities. If the organization is decentralized the policies, roles and responsibilities need to be clearly communicated at all levels to enable a common approach to areas such as the management, quality and structuring of data.
Many organizations take the decision to outsource some of these activities to a law or accounting firm, a corporate secretarial boutique or a trust and company services provider. What is outsourced may determine or be determined by the outsource partner and local practices which restrict the provision of certain services to appropriately qualified individuals or regulated entities. Some groups achieve an effective result by near-shoring compliance to a regional hub which may benefit from economies of scale and a lower local cost base. The mix of resourcing will be driven by need, local requirements and governance model, but the variety of complexities make it unrealistic to expect group-wide outsourcing to one provider in the short term.
Combining people and technology
If the organization uses greater automation to gain control of its compliance, it needs to invest time to make sure that it is ready to take this step. GCs will typically be interested in what added value technology can offer beyond effective, faster, cheaper compliance. Solutions, including those offered by Deloitte Legal which (in some jurisdictions) incorporate other capabilities such as whistle-blowing and virtual data rooms, are more likely to be attractive than point solutions.
Organizations have a choice of buying the technology or using an outsourcing provider that has done so. Whichever route is adopted, the technology needs to be populated with high quality data. This may come from a variety of sources within the organization and will need to be reconciled and cleansed before it can be used. This data clean-up exercise may be outsourced even if the ongoing compliance is undertaken in-house.
The best technology choice may combine in-house and third party offerings depending on what the organization is trying to achieve, but any solution is only fit for purpose if it interfaces with the organization’s other systems so that it can extract key dates (whether from contracts or regulations), perform data analytics, and pull in balance sheet information.
And the winner is….
At the end of this exercise, the organization will have an entity management system that provides a single source of truth containing information about each group member including shareholders, directors and filing deadlines. The tooling may also automatically execute corporate actions such as resolution drafting, agenda creation and compliance filings. The GC and Legal function will be kept up to date with changes in regulations across the organization’s footprint so that they can anticipate the impact and take appropriate measures. The best in class deliver actionable insights from the gathered data which empower more robust decision-making by the organization to support its corporate strategy and competitive advantage.
Opportunities that fit for purpose entity management offers
Getting on top of entity management and compliance makes the work of those fulfilling the company secretarial and governance functions much easier and less stressful, freeing up time for added value activities. Once an organization has control of its compliance Legal is able to see which jurisdictions have been repeat offenders, to understand why and take steps to prevent recurrence. Beyond compliance there are a range of uses to which high quality entity management data can be put:
A well-organized structure allows operations and functions to focus more closely on the needs of the business without the distraction of redundant entities which create inefficiencies. In many large organizations, the number of redundant legal entities can be overwhelming, and considerable resources devoted to maintaining them. Entity reduction can yield a real return on investment with cost reductions achieved in the areas of legal and regulatory, finance and treasury, accounting, operations, IT and HR.
Making sure that the right entities own the right value drivers to provide greater overall value to the organization. If a de-merger is contemplated high quality data makes it much easier to determine which entities will be divested and which retained.
Smart compliance allows organizations to be transaction-ready and opens up the evaluation of other strategic possibilities. Ready access to data in which the user can be confident can be used as part of an IPO-readiness exercise or for purposes of Earnings and Profits (E&P) studies for a transaction. This data enables the user both to understand the corporate structure today and to see how it has evolved over time.
In addition to mitigating exposure to fines and the reputational and commercial risk of being non-compliant, proper entity management enables risk mitigation in areas such as transfer pricing, where a successful challenge could result in profits being moved into higher taxed jurisdictions, trapping tax attributes into entities that cannot easily use them and increasing indirect taxes. Being able to show it is compliant also reduces the risk of the organization being the subject of regulatory investigation.
Getting entity management right provides a real return on investment. Cost savings come from the reduction of effort required to gather, file and publish the correct compliance data, from eliminating the need to identify and correct mistakes in what has been filed, and from the elimination of fines and other penalties arising from missed deadlines and incorrect filings. Greater efficiency allows highly paid resources to concentrate on value adding activities rather than fixing compliance mistakes.
Better entity management improves the quality of reporting to the board. It enables better decision-making at both group and subsidiary levels because the directors are better able to assess their options. This provides peace of mind to those charged with governance because they know and can demonstrate that they have been acting in an informed manner, and contributes to more robust risk management.
Benefits to other functions
Being able to provide better entity management information allows Legal to act as a business partner that assists other functions and operations to be effective. For the Tax function, Legal is able to provide data including intra-group relationships which support management of the organization’s transfer pricing and information it uses for tax compliance and reporting. Tax is also able to see more easily whether the group structure is tax-efficient. Both Tax and Finance can use the data to benchmark the organization against its peers, and in response to US tax reform to see what cash repatriation strategies are practically possible without for example an intermediate holding company getting in the way. Clearly the most effective solution is a combined one which includes all the entity-related information that both Tax and Legal require.
From a business perspective, bad entity management results in bad data so it is imperative to have robust processes and controls to mitigate this risk. As explained in the last chapter, making sure data is complete and accurate and then implementing tooling to gather data centrally enables reporting and analytics. High quality entity management data can be easily shared with other stakeholders via user-friendly portals with in-built analytics and the tooling can be used for knowledge-sharing and insights into entities, directors and shareholders and potentially contracts and licenses. Users can see at a glance what they need to do next with filing alerts and reminders to convene the next board meeting.
Benefits of outsourcing
Entity management and compliance is a rapidly developing area and we see many examples of organizations struggling to keep abreast of changes across their global footprint which increases the risk of non-compliance. Working with organizations which specialize in compliance, keep up to date with regulatory developments and invest in technology with a commitment to year-on-year improvement offers the most effective way to mitigate this risk. There are a variety of ways to structure such an arrangement, but if both parties adopt a co-sourcing mind-set they are likely to get the most from the relationship.
Mixed or sole sourcing?
Hitherto outsourcing has tended to be fragmented across an organization using a mix of law and accounting firms and compliance boutiques in different locations and for different tasks. For many organizations, the best option is increasingly to outsource to a provider with best in class technology and geographical reach. In the near future it is unlikely that any organization will outsource its group-wide entity management and compliance to one provider, but presence in multiple jurisdictions does give the option of increasing the volume of work that is outsourced over time. State of the art technology permits any stakeholder to get an up to date picture at the press of a button based on a single source of truth compared to the old school approach in which different functions maintained their own versions of the legal entity map in different silos across the organization.
Components of corporate secretarial tooling:
- Workflow tools to assign tasks, set priorities and track progress
- Single source of truth for all entity-related information including a searchable entity database with business information and a corporate entity structure chart
- Compliance calendar with reminders for compliance dates and notifications
- Board meeting tools with agenda preparation, minutes taking and resolution creation and voting tools
- Analytics-enabled to derive actionable insights from the data
Inevitably organizations will see a risk in moving their compliance outside the organization. Where this is being considered, it will often start with a pilot taking care of one component of the management and compliance process or focus on one country or region. Organizations are also more likely to start by outsourcing in low risk jurisdictions or less important geographies and keep the most valuable parts of the group and the highest risk countries in-house.
Outsource the service or in-source the technology?
Larger organizations tend to be more open to outsourcing. Often they have already seen it working for their tax compliance or financial reporting and are familiar with the sorts of technology that outsourcing providers use. Smaller groups with their own teams to handle compliance tend to be more interested in buying in technology to help them overcome inefficiencies. They are looking to providers to deliver databases and templates, and keep them up to date as regulations change. In such cases an outsource provider may still be able to help them, equipping them with the knowledge and decision-making frameworks for vendor selection, or assisting with data cleansing so that the organization buys tooling that is fit for purpose and is able to load it with high quality data.
Supporting the business with subject matter expertise
Whilst the GC’s team may own the entity management compliance process, because there are other stakeholders who will leverage the data that Legal is managing, it helps to outsource to a provider who can provide more than the technology to manage the workload and the people to run the technology. In the previous chapter we looked at the many benefits that can be enjoyed beyond being in control. As other functions and operations such as Tax and M&A will be using the data for their own purposes, it helps if the outsource provider has expertise in these disciplines and can anticipate how the organization will get the greatest benefit from its entity management data.
Lawyers do more law
Out- or co-sourcing of compliance in a technology-enabled environment offers considerable benefits to the in-house team. In-house lawyers in many organizations still spend up to half their day dealing with simple questions from other functions and operations. With entity management technology, stakeholders can do their own searches without needing to go to Legal for the answer. There is an increasing use of technology by Legal functions and some of the law firms they engage to assist with their compliance. Over time we expect to see increased use of robotic process automation for routine tasks, chatbots to deal with straightforward questions which would have historically been directed to Legal and centers of excellence in lower cost locations to take over elements of the entity management workload. While some Legal functions are understandably cautious about outsourcing compliance, similar cost-savings can be achieved by using technology to split tasks between paralegals and qualified lawyers.
All of these activities – many of which will be fulfilled by outsourcing partners rather than in-house – will free Legal for more strategic projects to support the organization in achieving its business objectives.
At Deloitte Legal we have invested heavily in the people, processes and technology to help organizations get their entity management and compliance right and to keep it that way. Our subject matter experts are involved in horizon scanning at all levels to help our clients understand what is coming and how they can remain compliant. We have developed the technology that underpins global compliance for both Legal and Tax with natural language processing capabilities that recognizes characters as well as letters and the data scientists who can help leverage the most benefit from data. With our broad geographical reach and deep subject matter expertise, we can help identify the right combination of technology and vendors, and if you decide to outsource your entity management compliance to Deloitte Legal we can both populate your system and maintain it. Organizations that use Deloitte Legal in multiple jurisdictions benefit from cost-effective and efficient coordination of our services from our center of excellence in Bucharest.
To discuss your entity management requirements, contact:
Daniel Connell, London +44 20 7303 6013 firstname.lastname@example.org
Alessandro Del Bono, Genova +39 347 5396809 email@example.com
Simina Mut, Bucharest +40 730 585 851 firstname.lastname@example.org
Jogchum Beetsma, Rotterdam +31 650062595 email@example.com
Michiel Lampe, Rotterdam +31 610901930 firstname.lastname@example.org
Mark Schroeder, Shanghai +86 139 1147 0721 email@example.com
Christoph Michiels, Zaventum + 32 2 800 71 38 firstname.lastname@example.org
Filip Van Acoleyen, Zaventum + 32 2 800 70 35 email@example.com
Top 12 aspects to implement for an Effective Whistle-blower Hotline
A whistle-blower hotline is often a key component of an effective corporate compliance and ethics program. Research reveals that internal employee hotlines facilitate the detection of unethical or unlawful conduct, as tips are the most common detection method for suspected wrongdoing in companies with or without hotlines.