Executive management and boards are under increased scrutiny from a range of stakeholders who are looking for assurance that internal controls are in place, to ensure adherence with laws and regulations, reducing the risks associated with non-compliance.
To address this, an integrated approach is being taken by some organisations in implementing a regulatory compliance framework through a compliance officer. This involves developing and establishing a compliance methodology, policies, procedures and a training programme. The benefits to this include:
- corporate oversight and guidance for compliance activities,
- improved efficiencies and effectiveness,
- increased employee awareness of regulatory compliance requirements and issues, and
- the minimisation or mitigation of legal, reputational, or financial risks.
Whilst the compliance function plays a second line of defence role within corporate governance, it also has a place in the first line of defence for its own activities with ownership, responsibility and accountability for directly assessing, controlling and mitigating risks.
As part of the overall risk assessment of an organisation internal audit should include compliance risk within their audit plan.
- Confirm that responsibility for oversight and stewardship of the corporate compliance programme has been allocated to a chief compliance officer/senior officer level that reports into the executive team.
- Ensure that there is an adequate internal staffing team and/or access to external resources with sufficient knowledge and experience of regulatory compliance.
- Confirm that there is support from executive management with clear and direct access to the board.
- Ensure that there is a corporate compliance committee in place.
- Obtain the most up-to-date compliance standards, policies and procedures to confirm existence, level of detail/clarity, review dates and ensure that they have been authorised by senior executives.
- Establish accessibility and communication of compliance standards, policies, and procedures to all employees and other company representatives such as consultants and sub-contractors.
- Ensure that training programmes are in place to ensure that employees and other company representatives are aware of their compliance responsibilities.
- Talk to employees and other company representatives to ensure that they are clear about their individual responsibilities.
- Understand the systems and processes in place for issuing updates and revisions of guidance to ensure it is well communicated.
- Identify and review monitoring and auditing systems are in place to detect intentional or unintentional regulatory non-compliance by employees and other company representatives.
- Confirm and review the maintenance and publication of a whistleblower phone line and e-mail account to enable confidential reporting of potential regulatory breaches without fear of reprisal.
- Confirm that enforcement of compliance standards, policies, and procedures is through appropriate, consistent disciplinary procedures.
- Ensure that where breaches have been identified all reasonable steps are taken to prevent future similar occurrences, including review of controls and making any appropriate changes to the compliance programme.