Compliance is usually defined as the concept of conforming to a request, a rule such as a policy, a standard or a law; in business, regulatory compliance means an organization’s adherence to laws, regulations, guidelines and specifications relevant to its business.
Whatever the motive, either coercion or willful choice to adhere to a certain regimen, the sensitivity of companies to compliance has been developing incredibly over the last few years. As internal misconduct raises important economic threats and, perhaps most importantly, the reputational loss suffered due to an offense may be difficult or impossible to repair, companies have been putting a lot of efforts − and money − into enhancing their ability to act according to both external rules that are imposed upon the organization and to internal systems of control that are imposed to achieve compliance with those external rules.
Companies indeed show an increasing aspiration to succeed in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and regulations. Relevant examples of regulatory compliance laws include those enacted in the areas of accounting and financial statements, health and safety, anti-corruption, data protection, IT and information security, environment, anti-money laundering and anti-terrorism. In addition, since the number of technical rules for specific sectors of business such as banking, insurance, energy, transportation, retail trade and healthcare. has increased since the turn of the century, regulatory compliance has become more prominent in a variety of organizations. The trend has led to the creation of a common path for companies that want to achieve compliance not only as a response to possible legal sanctions but also as an instrument to boost cultural transformation towards ethical standards. The adoption of compliance programs is viewed in fact as one of the best options to keep the regulators happy and one of the most important ways for an organization to maintain its ethical health, support its long-term prosperity and preserve and promote its values. It is clear that adherence to compliance principles helps companies to reduce risks by preventing illegal conduct and by mitigating or eliminating punishments and liabilities for those offenses which still occur. It is often the case that the concept of compliance in an enterprise is usually also associated with the concept of honesty, and that ethical behavior is often related to real codes of ethics or ethical standards of business sectors.
THE FINAL GOAL
A compliance program’s main focus and ultimate goal should therefore be to find the perfect balance between the carrot and the stick, centering their attention on future compliance rather than the correction of past errors, and ensuring that an appropriate balance exists between incentives for compliance and sanctions for non-compliance. We all are aware that designing and maintaining a compliance and ethics program is no easy task: it is impossible to anticipate and prevent every possible scenario that could come back to expose the company to risk and liability. On a practical level, it is broadly accepted that compliance programs are based on an effective risk management system. First of all, it is necessary to identify the risks that an organization faces, then to design and implement preventive measures and controls to protect an organization from those risks, and then finally to monitor and report on the effectiveness of those, resolving compliance difficulties as they occur.
FROM THEORY TO ACTION
Implementation is often the most daunting challenge of any program. This is the juncture where most failure occurs and also the aspect that is more vulnerable in the eyes of courts or agencies called upon to determine the effectiveness and efficiency of the program. The real challenge for companies comes from conforming to requirements and, in most situations, being able to prove that the organization has done so. It is important to understand that the test facing all organizations is making the policies they have created effective, deciding which of them need to be implemented according to company business, and enforcing those policies and measures in the best way. On the surface this may seem like a simple mission, but what is quite hard is creating a policy that fits the company like a glove. In fact, having unclear policies or policies which are difficult to understand or inadequate for the structure of the company is rather like being thirsty in the desert and finding water that is not fit for drinking. That is why each policy needs to take into consideration the working environment, business practices, people’s expectations and technologies within organizations in order to make them truly effective. That is also why a great number of companies, especially if publicly traded, decide to appoint a compliance officer or a supervisory board entrusted with the task of preventing misalignment between business processes and the set of rules and policies inside and outside the company, assisting corporate structures in the application of rules, reporting the most recent regulatory changes in order to periodically update the documentation in place at the company, and managing and maintaining relations with the authorities and control functions inside or outside the company. In any case, the key point to integrating compliance and ethics – to addressing the “letter of the law” while promoting the “spirit of the law” – is that every employee needs to feel that they are integral to the company’s compliance efforts and that what they do will make a difference. Engaged involvement and continuous dialogue of all personnel, from a trainee to a key stakeholder, are critical to the successful implementation or major enhancement of a compliance and ethics program. The purpose of this article is not only to discuss the opportunity and need to prevent misconduct by implementing compliance standards and a cultural transformation supporting the organization’s business objectives but also to make a general introduction to some of the specific topics on compliance which will be covered in the next issues. Relevant regulatory requirements, compliance issues and some of the most important court decisions will be covered. Stay tuned.
Published in the hard-copy of Work Style Magazine, Spring 2014