Over the past decade, the idea of what constitutes an effective compliance program has changed. Historically, many organizations viewed compliance as a set of policies with in-person training delivered to employees. It wasn't a program, it was a set of rules. The best tie to the business was usually some input on the policies and participation in the training.

The game has changed. Modern compliance functions are expected to act as trusted advisors closely collaborating with the various business units in an organization so that the compliance function can appropriately identify and minimize the risk for the overall organization. These functions use data to manage risk and develop policies and controls that are tailor-made to the particular business. They embed compliance in the business and actively work to build an ethical culture. Compliance leaders provide periodic updates to senior management and the relevant board or board sub-committee. The chapter in the United States Sentencing Guidelines outlining what an effective compliance and ethics program should have provide a baseline, but the modern program is embedded in the business. Effective programs are not a set of minimum requirements—they embrace the business culture. They are simple and practical. They work regardless of the people in different positions. For today's program that works well, you really can't tell the compliance program from the business.

These trends have played out over the last decade at the Fortune 500 level. These companies know it's important to get compliance right and have a program that works for the business. Sports organizations now have an opportunity to use compliance in the same way that companies have—as a business enabler.

Unsure if sports are “big business”? Consider the annual revenues for major sports (including teams and the leagues). The National Football League (NFL), for example, using estimated figures for 2017, had over $14,000,000,000 in annual revenue. The NFL would place just outside the Fortune 500 (around the annual revenues of Mastercard). This is a very large business. It is not just the NFL that is big business. Similar conditions exist on the other side of the world. Look at the biggest sport in a much smaller country—New Zealand Rugby—a very successful (if not THE most successful) rugby team in the world. In 2017, according to public records, New Zealand Rugby had revenue of almost $170,000,000. This is in a country with a population of less than 5,000,000. Revenue (and size and complexity of risk) will continue to increase as sports continue to be attractive commercial partners.

Increasing revenues are great—after all, they indicate a healthy organization. More revenue means more advertising, partners, agents, and those looking to profit from the sport itself and the halo effect of being associated with top sports teams and organizations. These increasing revenues allow organizations to invest more in the sport and the fan experience. As revenues increase, so does the complexity and risk of the organization and the need for a modern compliance program, including an assessment of risk and a review and modification of policies and controls to adjust to the changing risk environment (as the #metoo movement emerged, how many organizations looked closely at their sexual harassment policies?).

Sports have a complex network of stakeholders (including fans, athletes—both amateur and professionals and partners)—and this group reacts to compliance failures. The purpose of a compliance program for a modern sports organization must be focused on building trust with these stakeholders. What is the reputational and financial impact to U.S. women's gymnastics of the horrific Larry Nassar scandal? Stories of domestic abuse in the NFL? Or recent Ohio State issues?

To build trust with these stakeholders and embed compliance within a sports organization, the key first step is to appoint a Compliance Officer—someone who is empowered, resourced, and responsible to assess and implement the compliance program. This officer can then conduct a risk assessment to pinpoint the specific risks the organization needs to address with their program and then start the journey of building a modern compliance program which, in turn, will help ensure the organization's long-term sustainability. Athletes are role models, so the risk assessment process has to address not only financial and operational risks to the organization, but reputational risk to both the organization and its athletes as well. Something that all involved in sports have a vested interest in.

As part of the modern program, you will look to develop policies, conduct employee training, communicate the importance of ethics, and implement a hotline to report concerns. Additionally, two key components include developing a third party due diligence program and a program to monitor how third parties conduct business and how grant recipients spend development grants.

As the organization's partners and agents grow, the due diligence program will become very important. Conducting due diligence on key partners, agents, and contracting parties before signing an agreement allows the organization to better understand who they are doing business with and identify the risks that could arise from the relationship. Implementing a due diligence program allows the organization to make informed decisions regarding how to proceed. It is far less disruptive to conduct due diligence at the front-end rather than trying to manage it at the back-end once a risk has materialized.

Compliance programs should also monitor how grant recipients spend the grants they receive. More organizations are looking to support local grassroots programs that further develop their sport. These are superb programs, but the compliance program must ensure that local grant recipients are spending their grants in the way they committed to spend them. A risk-based monitoring program will help the compliance program identify where to focus its efforts to ensure that grant recipients spend grants in the manner in which the organization intended.

Fans and sponsors (and lawyers and regulators) are paying closer attention to how large sports organizations govern themselves and how they respond when issues arise. Sport can—and should—inspire. When supporters don't like what they see, they disengage—by changing the channel, not buying the jersey or purchasing the event ticket. Commercial partners and other stakeholders notice when fans are unhappy.

Edward Hanover is FIFA's Chief Compliance Officer. He joined FIFA in 2016 as FIFA's first Chief Compliance Officer after a lengthy career as a general counsel and senior compliance executive in the pharmaceutical industry, with positions in the United States, Europe and Asia. You can reach Edward at [email protected].