Compliance Defining Corporate Culture

Today, when business operates in a global arena, a holistic approach needs to be taken towards corporate compliance

Have we ever wondered what are the parameters that attract investment in any country...

These are

1. Profitability

2. Cost

3. Infrastructure

4. Freedom of doing

business and finally

5. Risk

A Business today operates in a Global arena where geographical boundaries have blurred.

A Peek through Corporate Compliance reveals that we need to take stock of the following parameters:

• Identify the source of the risks
• Be proactive in anticipating their impact
• Take steps to mitigate the risks
• Identify strategies to avoid the risks
• Adapt quickly when risk levels become unacceptable

A Holistic Approach towards evolving a Corporate Compliance Strategy involves the following steps:

• ASSESS: Assess your company’s capabilities to prevent and respond to threats/ risks
• BUILD: Build the governance, skills, processes and systems to improve those capabilities
• MONITOR: Monitor risks and trends on a regular basis, adjust the program to address significant changes in an ever changing business landscape

Key functions of a robust compliance department

1. Identification: To identify the risks that an organization faces and advise on them.
2. Prevention: To design and implement controls to protect an organization from those risks.
3. Monitoring & detection: To monitor and report on the effectiveness of those controls in the management of an organization’s exposure to risks.
4. Resolution: To resolve compliance difficulties as they occur.
5. Advisor: To advise the business on rules & controls.

Stages that Companies adopt towards evolving a Corporate Compliance Strategy:

Summary on the Role of Compliance

Having been inspired by the White Paper on the Role of Compliance Securities Industry Association, Compliance & Legal Division, here is an attempted Summary on the Role of Compliance they propagated as under:

Standalone Compliance Dept. developed in the early 1960’s. Compliance Dept. performs among others in an advisory, monitoring and education role to support Management’s supervisory responsibility.

The functions in the domain of the Compliance Dept. are:

1. Advisory:

Regulatory & Compliance advice to business and Control Units on an ongoing basis.

2. Policies & Procedures:

Core responsibility is to assist Management in the development of policies, procedures and guidelines designed to facilitate compliance with applicable laws and regulations, including updating and amending policies and procedures in light of regulatory developments.

3. Education & Training:

Both regular and need-based training on the above.

4. Monitoring and Surveillance:

Through detailed review of business activities, to test the effectiveness of supervisory procedures often working with other control functions like Internal Audit. Also developing a risk-based approach as an effective means to identify problems.

5. Business Unit Compliance Reviews:

In conjunction with business units to proactively review business activities to identify potential regulatory, compliance & reputational risks and design ways to minimise such risks.

6. Centralised Compliance Functions:

• Control Room Function :Also acts as a Company’s “Control Room” that among other things administers information barriers between business units.
• Anti-Money Laundering Program Function: Review of New Business Association (KYC), Surveillance for potential suspicious customer transactions including pattern of asset and fund movements. Help also in setting up policies and procedures relating to Anti Bribery, Privacy etc.

7. Licensing, Registration & Employment related functions:

Performs the role of due diligence.

8. Internal Inquiries & Investigations:

Facilitate carrying out the important role of conducting internal inquiries, investigations as a result of certain of the above activities and thereafter, facilitating in preparing a report to the Senior Management on significant findings including recommendations on remediation.

9. Regulatory Examinations, Reporting & Investigations:

As an important contact point interface with the outside world especially regulatory handle this sensitive and important function.

10. Fostering Regulatory Relationships:

Have an ongoing, open relationship with regulators to help shape regulatory, policy - providing inputs on rule proposals, participating in process of identifying problems, help establish best practices.

Compliance Dept. should actively participate in industry trade groups to assist shaping of an effective regulatory policy.

11. Promoting a Culture of Compliance:

Senior Management and Board of Directors must set a “Tone from the Top” demonstrating strong support for the importance of compliance function. This can be through systems, experienced people, Technology, creating incentive structure, penalising behaviour that sacrifices compliance principle.

12. Program Assessment:

Assessment of existing business activities and emerging trends. Continuous review and updating particularly in light of new risks. Coordination with Business Units and Senior Management and other control groups like Risk, Internal Audit & Legal.

That brings us to the important question as to who drives the Compliance Culture across an organization. In my experience it is the ROLE OF THE GENERAL COUNSEL to oversee the Compliance Culture. He is best suited to do so because of the following attributes namely:

• Key Driver for Effective Compliance
• Significant custodian for Tone at the Top
• Is best equipped to set up Proactive Measures for Preventive Risk Mitigation
• Is best suited to report Incident within a specified laid out Response time
• Has at his disposal Investigative Resources
• Is best suited to Retention of outside Counsel
• Will have the Accountability & Backing of Senior Management
• Shall be the interface for Self-Disclosure to Government Agencies
• Is in a position best placed towards Reporting to the Board of Directors

That also brings with it new responsibilities and requirements including attributes to the role of the General Counsels, namely:

• Business acumen
• Ability to interact with the board
• Experience in managing an internal legal function, Updating & Knowledge of new regulations
• Ability to negotiate with regulators and watchdog agencies
• Strong external network including interpersonal communication skills
• Knowledge of new environmental regulations and green considerations

Basic factors to be taken care of by General Counsel’s while developing a Compliance Culture

1. The nature of the organization;
2. The diversity of the organization;
3. The complexity of its business;
4. The scale of its business;
5. The volume of transactions; and
6. The size of the transactions.

Adequate Procedures: Compliance Tips with emphasis on Anti-Bribery Provisions

Organizations in India with a global interface should be taking steps to review existing bribery prevention policies and procedures to determine whether they have adequate procedures in place. From the six principles outlined above, the following tips can be considered by Companies:

• Implement a ‘zero-tolerance’ bribery prevention policy which is communicated to staff on induction and regularly as part of training sessions.
• Designate a responsible person to oversee bribery prevention matters.
• Ensure that monitoring systems are in place at all levels, adopting a clear policy on gifts, expenses and corporate hospitality, keeping records of gifts and centrally monitoring payments.
• Ensure that senior officers take responsibility for the bribery prevention programme.
• Carry out sufficient due diligence on any potential business partners and agents used to identify the possible risk of bribery.
• Include anti-bribery terms in contracts entered into between the organization and its business partners, particularly where agents are being used.
• Include express contractual obligations and penalties in relation to bribery and corruption in employment contracts and put in place appropriate disciplinary procedures.
• Develop and implement ‘whistle-blowing’ and reporting investigation procedures.

Finally How Should A Company Secure Itself. Some Examples:

• Many Companies’ operate worldwide including in countries where corruption is perceived to be high.
• Have an Extensive Dealer Network Coverage Worldwide.
• Set up and implement the Group Anti-Bribery & Corruption Policy.
• Nominate a worldwide Compliance Officer - Board level with delegation and “Local” Compliance officers in each region where the Company operates together with a robust training programme for all.
• Carry out a Risk Assessment Mapping with specific focus on high risk territories and back it up with a focussed training programme.
• At each local level/country level fortification of Commercial contract documentation to cover Anti-Bribery Clauses.
• Have in place an Anti-Bribery Charter for all:

• Dealers
• Suppliers, Vendors
• Employees including Contract Workforce
• Carry out an Annual review with report to Board.

 

Disclaimer - The views expressed in this article are the personal views of the author and are purely informative in nature.