5 Essential Elements of Corporate Compliance

Barny Brummell |

Most experts agree that whichever regulatory jurisdiction an organisation is subject to, there are five common fundamentals involved in providing effective corporate compliance.

Many organisations are now subject to multiple jurisdictions and numerous regulations, such as the UK Anti-Bribery Act, that affect organisations who are not headquartered in the UK. Other regulations have arisen worldwide, such as the GDPR, the CCPA in California, PIPEDA in Canada, APPI in Japan, the Personal Data Protection Bill in India, PDPA in Singapore, and the pilot of CDR in Australia.

With increasing regulation, the need for effective compliance has never been greater. Organisations are facing increasing penalties for compliance breaches, which for some jurisdictions includes personal responsibility, with Senior Managers being fined or prosecuted thanks to imposition of the SMCR.

These five fundamentals can be seen as best-practice principles to follow when contemplating the design, development, rollout and continuous improvement of your compliance program:

GRC Summit On-Demand Video
Data Privacy Compliance Leadership

Leadership

Support for an ethical compliance program needs to come from the top, including senior management and the Board of Directors. Failure to get a senior sponsorship program will amount to the programme becoming little more than a hollow, toothless set of internal rules and regulations.

The role of the Chief Compliance Officer should also be a senior position that is independent, and reports to the CEO or Board level.

Risk Assessment

Organisations need to have a set of policies and procedures that define the framework that they operate within. However, this is not limited to a business code of conduct and should cover all of the activities the organisation engages in. Policies and procedures should be clear, practical and accessible, covering areas such as bribery, corruption and accounting practices.

This should include third parties, whether they’re as a supplier or a customer. Policies and procedures are only effective if they are kept up to date and are regularly communicated, particularly when changes are made.

Policies and Procedures

Organisations need to have a set of policies and procedures that define the framework that they operate within. However, this is not limited to a business code of conduct and should cover all of the activities the organisation engages in. Policies and procedures should be clear, practical and accessible, covering areas such as bribery, corruption and accounting practices.

This should include third parties, whether they’re as a supplier or a customer. Policies and procedures are only effective if they are kept up to date and are regularly communicated, particularly when changes are made.

Training and Communication

Effective implementation of compliance program policies and procedures requires a robust training programme. Regulators expect an organisation to have a comprehensive training plan in place which effectively communicates the compliance responsibilities of employees, particularly for those in high-risk roles or locations.

Traditional live training is still important, but can be supplemented and reinforced with e-Learning platforms, remote training via video conferencing, online testing, and so on, making training easier to access and more affordable. Simply conducting compliance training for employees as part of their induction isn’t enough, and training needs to be refreshed on a regular basis.

Data Privacy Training and Communication
Data Privacy Oversight and Reporting

Oversight and Reporting

A key element of any compliance framework is putting in place monitoring and auditing controls to ensure that the organisation has oversight of its compliance programme and that employees are staying within the program. An organisation should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks and controls tailored to risks to detect and remediate compliance problems on an ongoing basis.

If a compliance breach is found, the organisation should conduct an immediate analysis to establish how the breach occurred and put in place measures to prevent it reoccurring. Compliance reports should demonstrate how the organisation complies with the rules, standards, laws and regulations set by regulatory bodies and government agencies, and these analyses should be submitted to senior management, board and audit committee members. Failure to comply means businesses are subject to regulatory penalties, including fines and imprisonment.

Corporate compliance has to remain proactive

For years, the compliance function has been tasked with proactively managing and staying abreast of an ever-changing compliance landscape and the challenge of demonstrating their compliance programs are effective. Combine this with general corporate obligations and industry standards, and your compliance function faces an almost impossible task.

But only “almost.”  Proven technology solutions for compliance management allow your organisation to automate and control compliance and corporate obligations, supporting your risk and compliance operations in ways permitting you to keep pace with the constant changes and challenges of modern risk management.

According to IBM Security and Ponemon Institute, an average data breach costs a business $3.86 million. Click To Tweet