Compliance is a pillar of GRC. It is the enforcement of rules and standards within an organization. How can we ensure that we have good compliance in the global organization?
26/10/2022
THE CORPORATE COMPLIANCE
6 minutes read
Table of contents
A project ? A question?
Leave us your contact information and one of our experts will contact you shortly
In the financial services industry, it’s fair to say that the history of compliance is closely tied to the regulations put in place in the systems.
These regulations have generally been the consequences of scandals, crises, or even incidents that have shaken up the economy.
It is the people and organizations that have broken the rules that are the source of what is called compliance. These entities have led to the implementation of rules that must be respected in order to regulate the activity.
It is important to note that the United Kingdom and the United States were the first to implement regulatory frameworks.
What is Compliance ?
Compliance was first introduced in the banking, pharmaceutical and energy industries. These industries had to ensure that their activities, both financial and legal, were ethical and moral.
In order to ensure that the activities of companies are made irreproachable, the concept of compliance was introduced. In other words, procedures were set up to ensure compliance within the company itself, but also within the industry.
Compliance is closely related to governance, as it is the application of a set of rules and standards by the organization in question, while being flexible to change, without disrupting the structure of processes and systems.
This concept also describes the healthy and harmonious coexistence between the different stakeholders of the company. Indeed, it is undeniable that the well-being of the organization is correlated with its stakeholders.
Logically, if compliance is done correctly, it will have a positive impact on the business and the organization.
So when we talk about the objective of compliance, we immediately talk about prevention, detection and resolution of violations of laws and regulations.
Compliance can be represented in several dimensions:
- The universe of compliance: it is a complete set of standards to be respected including prevention in risk management, cash management or the fight against financial fraud. In other words, it is the proper conduct of business throughout the organization
- Coherence of compliance: in order to be efficient and avoid wasting effort and consistency, it is essential to succeed in creating an environment in which all parts of the company are united and form a single whole.
- The culture of compliance: integrating compliance and placing it at the center of its decisions and strategies is what we call the culture of compliance. The objective here is to let employees know what is expected of them, to monitor their work and to correct them if necessary, i.e. if they do not meet these expectations.
- Compliance Risk: this is the potential for non-compliance with laws, industry regulations, internal policies or prescribed best practices, which could result in legal penalties, financial and property losses.
Other possible consequences could be reduced shareholder value, limited business opportunities, as well as reduced potential for expansion in terms of geographical areas and new business sectors.
Finally, it can be said that this is a global process with a wide scope. Whether it is in the area of risk prevention, product safety, fraud or employee health, compliance plays a central role in companies.
Why Compliance is a Pillar of GRC
Governance, risk and compliance are closely linked, and must work both independently and consistently.
Compliance has real value to businesses, especially in financial services. It is of real value to the integrity, creation, and growth of organizations.
Today, it is clear that there is a big difference between a company with and without strong compliance. It is a true competitive advantage, differentiation and positioning when it used properly.
It is a real asset because the benefits go far beyond compliance. For example, it helps deter financial services abuse on the one hand, and identify and train inefficient operations and incompetent employees on the other.
Moreover, building a healthy and sustainable business is surely the objective of many entrepreneurs who wish to develop in the long term; compliance certainly ensures the sustainability of the business.
The impacts of Non-Compliance
Compliance is a new discipline and, therefore, implies a presence of extreme vulnerability in case of non-compliance.
Compliance is the price to pay to stay in business. If one wants to stay in the industry, it is therefore important to comply with environmental requirements, as defined by rules, regulations and standards, otherwise the company’s reputation and business are at stake.
More concretely, non-compliance implies regulatory consequences that apply in the form of sanctions, penalties, fines etc.
The regulatory community is playing an increasingly important role over the years. This is becoming a controversial issue as they are becoming more and more intrusive
There is certainly some truth in this, but otherwise they are held partly responsible and questioned by the general public about their action or to combat unhealthy commercial actions. That is why their monitoring and supervision must be done with the utmost care.
While good compliance is considered almost mandatory for an organization, it can be underestimated that bad compliance can result in business and financial consequences as well as property losses.
The impact can be so considerable and detrimental to the company, that in some cases, companies have reached complete closure.
Regarding the financial impact, costs can be synonymous with non-compliance : we can mention here direct costs, costs with a time lag (which are usually litigation costs and legal costs) as well as indirect costs.
To avoid this non-compliance situation, actors play a key role in regulating the activity and ensuring its ethics.
Who are the Actors of Compliance?
It is important to say that compliance is not reserved for the appointed experts, since all levels of the organization are concerned and mobilized: from the manager who conveys the values, standards and rules to be respected, to the employees who guarantee their application.
To ensure the proper functioning of compliance, organizations can set up compliance functions.
The Compliance Officer
This compliance manager’s mission is to ensure compliance with regulations and internal policies in order to guarantee good governance, improve performance and defend the company’s sustainability.
It is also responsible for ensuring compliance with the rules of ethics and professional conduct. It plays a real role as an interlocutor with the supervisory authorities. One example is the AMF (Autorité des Marchés Financiers) for the banking sector in France.
He will also have the task of defining the level of security of operations in order to preserve the company’s reputation as well as its civil and criminal liability.
The compliance officer must have a global vision of all the risks that weigh on the company. They must therefore manage the compliance program as a whole.
To do so, he/she must define this program, deploy it, lead it and ensure its proper dissemination through internal communication.
His field of action can be extended to the protection of personal data and the subject of CSR (Corporate Social Responsibility). In this context, he or she may propose training courses and provide expertise.
It should be noted that the Compliance Officer stems from the internal control and risk management professions, as well as from the professions of the legal department.
The Legal Department
Unfortunately, not all organizations have a compliance officer. To remedy this situation, the legal department is responsible for this mission.
This person will have to analyze the standards and enforce them in the company if a compliance officer function is already present. In this case, the compliance officer is only responsible for legal compliance and works in close collaboration with the compliance officer.
Internal Control and Audit
For a compliance program to be complete, it is necessary to set up control and monitoring procedures: this is where internal control and internal audit come in.
- On the one hand, the person in charge of internal control evaluates the effectiveness of risk prevention measures. He or she can also ensure that best practices are disseminated within the company, through investigations for example.
- As for the internal auditor, it is similar with one difference: it must be independent in order to be able to control all the activities of the company, including compliance.
The Information Systems Department
The family of compliance functions would be incomplete without the IT department. This function focuses solely on the compliance and security of IT systems and digital data.
How can a Company Comply ?
Positive compliance can only have a positive impact on the operation of a business.
The topic of compliance is timely and has a high profile. It’s hard to think of operationalizing it in a simple way, the goal is for it to be comprehensive.
The challenge comes from the dynamic nature of most elements of compliance. That is, creating a smooth flow of a project that has so many moving parts, and that is no small task.
Indeed, in today’s environment, the external and internal environment in the compliance system is constantly changing.
The components that need to be contextualized and woven into the fabric of the organization’s compliance are:
- Rules, changes, regulations, interpretations, etc.: these are the guidelines and directives of all relevant agencies, including court interpretations.
- Internal changes: these may include new product and service innovations, management and business professionalization, segmentation of focus, or market geography.
- Changes at the management and executive level: what is constant is the fundamental principles of business integrity: sound and fair business practices.
The Pillars for a Good Compliance
The outlines of a strong and workable compliance program are :
Strategic and policy framework: the how begins with the articulation of the compliance strategy and the definition of the scope of compliance.
Structural Framework: the structure flows from the strategy. Indeed, talking about compliance models and reporting structures, followed by the development of the compliance charter.
Operational Framework: given the strategy and structure, the organization must then develop an operational plan.
These three blocks are constantly reinforced by four critical aspects: communication, training, reporting and independent assurance of its operation.
Discovers more VASPP articles
How to Manage Risks in Companies?
Risk management requires a great deal of work in identifying and evaluating risks. All companies are confronted with risks of all types, it is important
What is an SoD Report ?
The SoD report is a key element in the internal security audit of companies. It allows you to update, ensure and improve your Segregation of
Separation Of Duties (SoD): Complete Guide
SoD risk assessment has become an essential and fundamental analysis to identify security vulnerabilities in SAP, and reduce the risk of fraud for internal control
