What is Compliance? Definition, basics & tips to get started
What is compliance, why is it becoming increasingly important for companies and how does an organisation set up compliance management? Our guide answers these questions.
Compliance is growing in importance at both national and international level. This can be seen clearly in the EU where directives have been adopted compelling governments to pass new laws while companies have to abide by new reporting obligations. Environmental mismanagement, sexual harassment, questionable lobbying and tax offences are also provoking increasingly sharp public reactions. Companies can protect themselves by introducing an effective compliance system. The importance of compliance, the regulations companies need to watch out for and who should be responsible within an organisation are all explained in this guide.
What exactly does compliance mean? Definition and basics
Compliance means that a company adheres to the applicable rules and laws. This includes both country specific laws and requirements from the regulatory authorities as well as internal company directives. A range of tools and process can be implemented and used by a company to bring about good compliance. They are designed to ensure that misconduct or violations can be detected, prevented or resolved at an early stage, ahead of any serious consequences such as criminal prosecution, fines or severe damage to a company’s reputation.
The origins of compliance
The signal for companies to start embracing more compliance began after a series of scandals in the United States. In the 1970s, lobbyists for arms company Lockheed bribed politicians in other countries to persuade them to buy fighter jets. In Europe, the affair made headlines in Germany where it put then Defence Minister Franz-Josef Strauß and his party on the spot. In Italy, the Netherlands and Japan, Lockheed also attempted to push the purchase of its aircraft with payments running into the billions. The scandal resulted in the passing of the Foreign Corrupt Practices Act or FCPA for short in the US. In the decades that followed, the issue of compliance has continued to grow in importance.
Which topics are part of compliance?
Compliance isn’t just about protecting an organisation from bribery or corruption. In the workplace, it also encompasses avoiding other potentially criminal behaviour such as sexual harassment. In the US, the scandal surrounding film producer Harvey Weinstein, who was accused of rape and harassment, made waves. Convicted, he ended up in prison and the #MeToo movement has continued to shine a light on inappropriate and punitive behaviour towards women since then. Recent surveys show that many women have already experienced harassment in the workplace. If such behaviour is not prevented in the company or remains unpunished, the physical and psychological impact on those affected can be tremendous. If the victims make their experiences public, there may be an investigation which results in damage to the company’s image as an employer as well as its perception among both business partners and customers.
Avoiding financial scandals has also become an important area of compliance. At the turn of the millennium, US company Enron was still considered an entrepreneurial prodigy by American media and investors until the top management was convicted of extensive balance sheet falsifications. Not only did the scandal drag the company into insolvency, it also led to the introduction of the Sarbanes-Oxley Act (SOX) and new regulations for corporate reporting. Germany also recently experienced a similar scandal when financial services provider Wirecard was convicted of falsifying its financial statements. Ex-CEO Jan Marsalek has been on the run since and CEO Markus Braun has been in custody for more than a year and a half.
Companies also have to keep an eye on issues such as their corporate code of conduct, environmental protection, labour laws and price fixing. Depending on the industry, employees also have to be trained to deal with specific situations such as corruption in the healthcare sector.
Depending on the size and complexity of the company, the following areas may be subject to additional analyses to minimise risks in the long term:
- Third party due diligence
- Security procedures and controls
- Creation of reports
- Creation of documents for early risk detection
- Development and implementation of guidelines and rules
- Case Management: Guarantee and case management system
Why is compliance important for companies?
Compliance is no longer just an option for companies, it is a requirement. In the event of violations, CEOs, managing directors and board members are all threatened with prosecution and fines. Public pressure has grown too: in the #MeToo era and amid heightened climate and environmental awareness, breaches of the rules threaten major reputational and image damage for companies. Both the media and social media can intensify this effect, as can the public.
Those who invest in compliance see benefits on several levels:
- Violations can be detected and prevented at an early stage
- The company complies with the law
- Directors and employees are protected from fines or prosecution
- The company enjoys a positive reputation
- The company becomes more attractive to new employees, business partners and investors
What are the legal requirements?
Depending on the size and business area of the company, several laws and guidelines are relevant. For example, international corporations must comply with the laws and regulations of all markets in which they operate. Internationally important are the Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act, both of which contain regulations on preventing corruption.
In Germany, the German Corporate Governance Code (DCGK) outlines the legal requirements for listed companies in Europe’s largest economy. Weakened regulations apply to family businesses which are summarised in the DCGK. At both European and national level, the Supply Chain Act (LKSG) will apply from 2023 which is intends to ensure the protection of human rights and the environment.
Regulations such as the EU Money Laundering Directives and the Money Laundering Act are also relevant. ISO 37301 specifies the introduction of a globally standardised and certifiable compliance management system with whistleblowing guidelines. For the protection of whistleblowers, EU Directive 2019/1937 has already been in place since 2019 to provide protection against reprisals. Although many European governments failed to transpose the EU Whistleblowing Directive at national level before the deadline, companies can no longer ignore the issue and action must be taken.
Who is responsible for compliance in the company?
This varies depending on the size of the company and its organisational structure. Generally, the responsibility for compliance lies with senior management while compliance officers are tasked with organisation and implementation within the company. The latter ensures that employees comply with laws, regulations and the company’s own rules and codes of conduct in all business areas and locations. To do this, compliance officers keep themselves up to date with the latest requirements from legislators and regulatory authorities in addition to regularly training employees in areas relevant to compliance.
Compliance officers also identify potential risks for the company as well as implementing guidelines and processes to ensure rules are abided by. They regularly analyse and revise compliance management to adapt it to new political or economic circumstances and emerging risks.
What sounds like a very extensive job can be greatly simplified by an effective compliance management system (CMS) and compliance tools. You can find out how to implement a successful compliance management system elsewhere on our blog.
How to maintain an overview?
Digital software solutions help with the evaluation and organisation of compliance tasks. Elements include a web-based whistleblowing system being available to employees around the clock where reports can be submitted and handled in a standardised manner. Another facet involves an approval manager handling applications and requests for gifts or invitations that are then approved directly within the programme.
A compliance platform can bundle all of the necessary tools, allowing compliance officers easy evaluation and analysis functionality that makes their work even easier. It can also serve as a library for written guidelines such as the code of conduct.
Key principles of establishing an effective ABC programme