?This Company is 100% compliant.?
?Huge penalties levied due to non-compliance.?
These phrases are commonly heard in corporate spaces, and they represent two extremes of the same spectrum. Two logical subsequent questions which pop up are:
Could any company be 100% compliant?
Could any company ever escape penalties due to the growing compliance requirements?
The rulebooks would vehemently agree with both these questions, but practically, the answers may differ. This does not mean that companies are not cognizant or putting in requisite efforts to stay on top of the compliance game. However, many complexities have to be considered.
For a lot of organizations, awareness of dynamic compliance requirements and being compliant is an endeavor in itself. Most companies tend to ignore the fine lines due to negligence or lack of knowledge. Does not being aware of compliance requirements acquit them? Absolutely not.
Initially, every organization must keep itself abreast of all the new and growing compliance essentials and ensure that they comply. Failing to do so will lead to cumbersome penalties, which will be labeled as compliance debt in the foreseeable future and adversely impact the company?s reputation, in addition to financial burdens.
Is this an easy task? Absolutely not.
Can this be managed, though? Yes, definitely.
Before we learn about the logistics, it is imperative to familiarize yourself with the basics.
What is Compliance?
Compliance is often defined as adhering to established government guidelines, specifications, or regulations. Due to the rapidly expanding number of regulations or changes added to existing legislations, companies need to be vigilant about having a versatile understanding of the trends and abide by their regulatory requirements.
But is compliance only about adhering to prerequisites or regulations imposed by either itself or government legislation?
Compliance is a very wide term and cannot be restricted to the above definition. Compliance today is more than checking boxes on regulatory to-do lists, more than finding and fixing problems. Compliance includes the below, but is not limited to:
- Corporate global policies
- Due diligence of customers, suppliers, and vendors
- Preventing conflict of interest
- Data security and privacy
- Human rights and ethical labor practices (equal opportunity, maternity leave, human trafficking)
- Providing safe working environments
- Anti-bribery and corruption
- Maintaining accurate records
- Environmental sustainability
- Whistleblower management
Companies must ensure that compliance risk is understood and managed company-wide. Its obligations are more than the written policies. Non-compliance might do serious damage to companies. All employees should be encouraged to understand the risks posed by non-compliance as looking after compliance is everyone?s responsibility.
In an article titled The Cost of Federal Regulation to the U.S. Economy, Manufacturing and Small Business by W. Mark Crain and Nicole V. Crain, it is aptly said that organizations pay an average of $10,000 in regulatory costs annually, per employee.
In worst-case scenarios, non-compliance may even result in companies getting shut down, client loss, market loss, or heavy penalties and damaging the reputation of promoters or shareholders for future projects and engagements.
The first step to managing the risk attached to non-compliance is through the implementation of policies, procedures, and control measures. It is essential to look at the big picture as the technological and regulatory landscapes continue to evolve rapidly. The management should stay informed about changes in both areas and implement a coordinated response that adheres to both technology and compliance requirements.
Technology can play a key role in compliance management. Here are some methods that companies can use to manage compliance requirements using technology:
- Creating awareness and training employees through Learning Management Systems:
Unlike regular staff training, companies can consider online courses with employee interactivity built into the courses. More interaction increases the probability of retaining the message. Delivering virtual training, organizing courses, managing trainees, and tracking progress and results can ease the process of spreading awareness about compliance. This compliance training roadmap will also help the company retain better-informed staff, which might result in greater compliance and performance.
- Stay updated with the changes in legislation through monitoring systems and conduct due diligence of partners:
Softwares like Dun &Bradstreet Hoovers, Kroll, Lexis Nexis, etc., can provide legal and business insights and activities of prospective vendors, third parties, or employees that can be used to make inferences and decisions to validate the onboarding of the same.
- Encouraging reporting of non-compliances and concerns through issue reporting and hotlines:
Softwares like NAVEX make it easy for employees to report issues and non-compliances, with the possibility of doing it anonymously as well. This helps in documenting reports and provides employee protection against the actions of retaliation. The notification of the report is sent to the concerned management for timely investigation. It also gives an insight into the nature of the issues faced by the company. This ensures that all the issues are well articulated and refined by senior management, making it easier for the company to prioritize the investigation.
- Manage the applicable compliances and policies through the automation of forms and processes:
There is software that helps automate forms to manage processes such as payments for gifts, charity, entertainment, and donations through online forms, along with workflows for approval and disapproval. This helps companies to keep a record of payments and the recipients for future monitoring.
- Continuous monitoring platforms:
To review and manage transactional data, certain platforms are valuable for the organization. They help in analyzing the entire data population and achieve documentation requirements easily. Exceptions can be identified easily and dealt with, swiftly and effectively.
The compliance landscape is rapidly evolving and with that, there is a growing expectation that it should upgrade its capabilities by using technology. The organization should understand how automation can help them, better manage their compliance function. They should align technological capabilities such as automation, macros, and analytics with compliance requirements to replace a majority of the manual processes. Ensuring these steps are in place, will help strengthen their function?s efficiency and effectiveness, in the future.
– The author, Ayushi Sharma is a Chartered Accountant and Certified Fraud Examiner with a bachelor?s degree in commerce. She has five years of experience as a Risk & Compliance Professional. She has also previously worked with Deloitte as a Forensic professional.