In order to study the correlation between risk management and compliance, I generated 700 data sets to weigh them according to their relative market capitalization for the 35 public companies that make up Spain's benchmark IBEX 35 index. The compliance maturity was taken from analyzing the code of ethics and other publicly available ethics and corporate governance documents for these factors:
- corruption, business conduct & gifts,
- antitrust and market abuse,
- workers´ protection, discrimination and harassment,
- environmental and urban planning protection,
- copyright and intellectual property protection,
- IT data protection,
- tax compliance,
- money laundering,
- occupational fraud, and
- whistleblowing policy, available channels and management (30% of total score).
When the code of ethics and related governance policies set standard controls to mitigate the high level compliance risks a complete score was assigned to each factor. Other cases were particularly assessed according to mitigating controls.
The market capitalization was taken from the last statistics update published by the Madrid Stock Exchange.The sector clasiffication also followed the Madrid Stock Exchange criteria.
The data analysis revealed a weak negative lineal correlation (r):-0.18 between the compliance maturity and the stock volatility risk. The compliance/risk correlation, which does not imply causation, is stronger in the retailing and the telecommunications sectors.
On balance, companies with strong and transparent ethics and compliance policies has better risk management in creating stakeholder value.
There are 2 types of outliners in the analysis:
- Santander Bank, Repsol, OHL and Acciona have a mature compliance model according to the information in this study, but the stock value was highly volatile in the last 250 trading days, and
- AENA, Endesa, Gas Natural, Dia and Iberdrola have low market value volatility, but opportunities to strengthen their compliance programs.
You can find the supporting data from these links:
MS Access Datasets
Summary of dataset
Supporting Code of Ethics and Documents
I will do further research to expand the conclusion of this study, by:
- using the OECD Guidelines for Multinational Enterprises to set the compliance factors to assess
- expand the study to other public non-IBEX35 companies
- monitor de evolution in time
- include the effective reporting of compliance and risks information
Do you have any suggestions for improving the study methodology or scope?
For more GRC news on Twitter