Compliance: basic principles and importance in business
Introduction to compliance
Compliance is generally thought of as meeting requirements and standards, but in today's business environment, it has evolved to mean much more than just complying with laws and regulations. It is a systematic approach to managing an organisation to ensure that it meets all relevant legal, ethical and internal standards. It becomes the foundation for building a stable and transparent business, especially in the context of globalisation and increased regulatory scrutiny in each country. In addition, the compliance policy helps to avoid reputational risks that may arise from breaches of norms and standards.
What is compliance? Basic definitions
Compliance is a system of policies and procedures designed to ensure that an organisation's or company's activities are consistent with established legal requirements, internal policies and ethical standards. In a broad sense, compliance covers all aspects of a company's activities, from financial reporting to employee conduct, to prevent wrongdoing and conduct business transparently.
The key concepts that are important in understanding what compliance is are:
- Compliance risk is the possibility of negative consequences for an organisation due to non-compliance with laws, regulations, internal policies or ethical standards.
- Compliance control consists of the algorithms and mechanisms that companies use to prevent, detect, and remediate instances of non-compliance with established standards.
- This includes monitoring activities, auditing, developing and updating internal policies and training employees.
- A compliance officer is a specialist responsible for implementing and maintaining compliance programmes within a company. He or she ensures compliance with legal requirements and internal policies, conducts internal investigations and informs management of potential risks and non-compliance.
- A compliance policy is a document adopted by senior management that defines the basic principles and requirements for compliance programmes in an organisation. It contains the rules and procedures to be followed to ensure that the company's activities comply with regulations and international standards.
- The principle of independence in the compliance function ensures that this function operates separately from other parts of the organisation. This separation helps to avoid conflicts of interest. It also ensures objectivity in decision-making regarding compliance with norms and standards.
As such, compliance is an important part of corporate governance, helping to ensure the company's legal and ethical behaviour, reducing risk and increasing the confidence of partners, customers, and regulators.
History and development of compliance at the legislative level
Compliance as a discipline in its own right began to emerge in the mid-twentieth century as companies began to recognise the importance of complying with complex legal requirements in financial and other areas. Historically, the process originated in the United States, where a series of scandals in the 1960s and 1970s, including the Watergate scandal, exposed numerous cases of corruption. This led to the enactment of the US Foreign Corrupt Practices Act (FCPA), which introduced strict controls, accounting and financial documentation requirements, and regulated relationships with public officials.
Subsequently, in the early 1990s, the US adopted the Federal Sentencing Guidelines for Organisations. These guidelines provided clear guidance on how to establish effective compliance programmes, including rules of ethical behaviour.
In the UK, it was only in 2010, after much debate, that the UK Bribery Act was passed, requiring companies to set up dedicated compliance services to ensure compliance.
In the 2000s, compliance also gained significant traction in Ukraine, with the adoption of the Law on the Principles of Preventing and Combating Corruption in 2011, which replaced the Law on Combating Corruption in 2015.
Over time, demands for corporate transparency and increased regulatory pressure have contributed to the evolution of compliance around the world. An important aspect of this development has been the implementation of anti-corruption compliance programmes, which is a priority for many international companies.
For example, in December 2016, the National Anti-Corruption Agency of Ukraine approved the 'Guidelines for the Preparation and Implementation of Anti-Corruption Programmes of Legal Entities (hereinafter - the Guidelines)', which describe in detail the procedure for implementing anti-corruption programmes and the approach to assessing internal and external corruption risks.
In 2018, the NBU approved the Regulation 'On the Organisation of Risk Management Systems in Ukrainian Banks and Banking Groups', which introduced the very terms 'compliance risk' and 'compliance manager'. And the Law of Ukraine 'On Capital Markets and Organised Commodity Markets' of 19 June 2020 defined the concept of compliance in commodity markets.
Currently, the practice of compliance has expanded into the areas of antitrust and anti-corruption legislation, labour protection and sanctions compliance. In addition, compliance in Ukraine is applied in many other areas, such as personal data protection, procurement, legal, financial, sanctions and anti-corruption compliance.
The development of compliance programmes has thus come a long way, from internal control systems in individual companies to internationally recognised standards that today play an important role in ensuring that companies comply with regulations, ethical standards and internal policies.
Key elements of compliance
The key elements of compliance cover the various aspects necessary to ensure that a company's activities comply with legal requirements, internal policies and ethical standards. They include procedures, risks, policies, control and monitoring, reporting and investigations, and a compliance department or compliance officer.
Compliance risks and their identification
Compliance risk is the potential threat that may arise from a company's failure to comply with legal or internal regulations. Such risks include financial penalties, legal liability, reputational risks and other consequences that have a negative impact on the business. Identifying compliance risks is the first and most important part of the enterprise risk management process. It involves analysing all aspects of the organisation's activities, identifying potential areas of risk and developing measures to minimise them.
In the financial sector, for example, compliance risks may be associated with money laundering, financial fraud, fraud, non-compliance with regulatory requirements, etc. In the banking sector, compliance risk in a bank is often associated with breaches of financial legislation, which can lead to serious sanctions from regulators. A key role of the compliance officer is to monitor and analyse such risks on an ongoing basis to prevent potential breaches.
The role of the compliance officer and the structure of the compliance department
The structure of the compliance function may vary depending on the size and nature of the company's activities. In large companies, the compliance function may consist of several units, each responsible for a specific aspect of compliance.
If the company is large and has offices in different countries, each office should ensure compliance with the relevant local laws.
In any case, an independent compliance officer is required to ensure effective compliance management. This officer is responsible for developing and implementing compliance policies, monitoring compliance, and training employees on ethical behaviour and compliance. The compliance officer is responsible for identifying and managing compliance risks and investigating possible violations, so the principle of independence of the compliance officer is very important.
The role of such a professional may be implemented differently in different organisations, depending on the type of business, scope of activities and size of the company. However, the compliance officer must be well-versed in legislation and business issues, as violations usually relate to legal norms.
Key responsibilities of a compliance officer:
- Risk analysis and implementation of the compliance management system;
- Taking measures to prevent negative consequences of compliance violations;
- Tracking violations;
- Conduct internal investigations of violations;
- Reporting to management on the actions taken and the consequences of any non-compliance;
- Educating the company's employees about compliance.
The appointment of such a specialist is becoming increasingly common in the Ukrainian business environment. An important part of the work of the compliance department or an individual compliance officer is to work with other departments in the company, such as legal, internal audit and human resources.
Compliance in the financial sector
In the financial industry, compliance ensures that banks and other financial institutions adhere to legal requirements, ethical standards and internal policies to minimise risk and protect the interests of customers and shareholders.
Characteristics of compliance in banks
Compliance in banking is a complex and multifaceted process that encompasses financial regulatory compliance, anti-money laundering, fraud prevention, operational transparency and customer protection. Banking institutions must ensure that their activities comply with a wide range of national and international legal and regulatory requirements. This includes, for example, compliance with FATCA (the US Foreign Account Tax Compliance Act). For Ukrainian financial institutions, this is an automatic exchange of tax information between Ukraine and the United States, which requires financial intermediaries to complete annual reports on accounts opened by US residents with Ukrainian financial institutions.
Compliance at the Bank also includes the management of risks associated with financial transactions, in particular the risks of money laundering, financial fraud and other forms of illegal activity. An important component of the Bank's compliance policy is the implementation of internal procedures to control transactions and monitor their compliance with the law. These include regular reviews of financial transactions, automated screening of suspicious transactions and ongoing training of employees on compliance issues.
NBU Financial Institution resolution and compliance requirements
Compliance in Ukrainian financial institutions is regulated by Resolution of the National Bank of Ukraine No. 64 of 11 June 2018.
The National Bank of Ukraine (the "NBU") sets clear compliance requirements for financial institutions to ensure the stability of the financial system and protect the interests of clients. The NBU Compliance Regulation defines mandatory standards for banks and other financial institutions to comply with legal requirements, international standards and internal policies. These requirements cover both financial and non-financial aspects of the institutions' activities.
Thus, by the provisions of the Resolution, the first stage of the process requires the establishment of a Risk Management Committee and Compliance Units, with the definition of their functions in the bank's management system.
The Resolution also provides for the introduction of a risk culture in financial institutions, which includes:
- Development and implementation of a risk management culture: code of conduct (ethics), conflict of interest policy, related party transactions procedure, mechanism for confidential reporting of unacceptable behaviour in the Bank, risk management training and education programme for employees.
- Reporting to the NBU on the implementation of the risk culture.
In addition, the document requires banks to develop and implement appropriate risk management documents: risk management strategy; policies, methods, and processes for managing different types of risks.
Banks are also required to develop and implement a risk appetite statement and to report regularly to the NBU on compliance with the above requirements.
By implementing these measures, banks will not only comply with regulatory requirements but also significantly improve the overall sustainability and efficiency of their operations. The introduction of a proper compliance culture and risk management will ensure a systematic approach to monitoring compliance with legislation, international standards and internal policies. This not only minimises legal and reputational risks but also helps to build trust with customers and investors.
International standards and anti-corruption compliance
International compliance standards are adopted to ensure transparency, prevention of corruption and adherence to ethical and other standards in the activities of companies or organisations on a global scale.
Implementation of international standards in compliance policy
The implementation of international standards in the compliance policy of Ukrainian companies is not mandatory; it is sufficient to comply with all the laws of the host country. However, if a company is planning to enter international markets, receive a grant from a donor or attract additional investment, it is necessary to create an effective compliance policy. Investors, particularly those from Western Europe and the US, are likely to check that business partners have a compliance system in place.
International standards such as ISO 37301:2021 'Compliance management system - Requirements with guidance for use', which replaces ISO 19600, are general and can be applied by all organisations regardless of size, industry, type or form of ownership.
The recommendations of this standard are not legally binding, but companies that comply with it will have an additional competitive advantage. In addition, the implementation of such a standard in the company's activities provides an opportunity to use international experience for risk management.
The implementation of international standards not only enables companies to meet the requirements of local and international legislation but also to increase their competitiveness in the global market. It also helps to build trust with customers, partners and regulators. For many companies, especially those in high-risk industries such as finance, implementing international compliance standards is a prerequisite for further development and success.
In the banking sector, such international standards include the Basel Committee on Banking Supervision's recommendations on compliance and the compliance function in banks, the EU and G20 directives on tax havens, SOX (Sarbanes-Oxley Act), the UK Bribery Act and the US FCPA. By implementing these standards, banks aim to create an effective compliance risk management system and prevent problems that could lead not only to financial losses but also to a loss of confidence on the part of customers, partners or investors.
The importance of anti-corruption compliance for multinational companies
Anti-corruption compliance is an integral part of any company's compliance management. It is a system of rules and procedures designed to effectively prevent and combat corruption.
As corruption is one of the most serious threats to business, which can lead to significant financial losses, reputational risks and legal consequences, anti-corruption compliance plays an important role in the business development of multinational companies. By implementing effective anti-corruption measures, companies can protect themselves from corruption scandals that can have a serious negative impact on their business.
With regard to the legal instruments that regulate the concept of anti-corruption compliance in the international arena, the following key documents can be identified:
- OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, 17.12.1997.
- UN Convention against Corruption, 31.10.2003.
- ISO 37001, which establishes a single international standard for anti-corruption compliance in business.
Therefore, in order to establish an effective anti-corruption compliance function within their organisation, international companies need to comply with the above-mentioned international regulations and, based on them, develop and implement policies and procedures aimed at preventing corrupt practices. This may include conducting regular audits, training employees, monitoring operations and taking action against violators. An important aspect of anti-corruption compliance is to ensure transparency in all operations and interactions with government agencies and partners. This helps to minimise risk and ensure the stability of the company's international operations.
Challenges and the future of compliance
The development of the latest technologies, globalisation and increased regulatory scrutiny are trends that are helping to improve the quality of business, but they are also challenges that companies face in implementing their compliance policies.
New trends and challenges in compliance
One of the key trends is the digitalisation of business, which opens up new opportunities but also creates additional risks. The introduction of new technologies, such as artificial intelligence, blockchain and big data, requires companies to review their existing compliance policies and procedures to ensure that they are in line with new realities.
In addition, there is a growing need for global standardisation of compliance, especially for companies operating internationally. This is due to the fact that different countries have different regulatory requirements and companies are forced to adapt their compliance programmes to local laws. This situation creates additional challenges for compliance departments, which must ensure that the company's activities comply with all relevant regulatory requirements.
Predictions of compliance trends in Ukraine and globally
Predictions for the future of compliance suggest that it will become even more important to business. In particular, the role of compliance officers in the strategic management of companies is expected to increase. Their function will no longer be purely controlling but will become an important tool for managing risks and ensuring the sustainable development of the company.
Compliance in Ukraine is also characterised by the search for the following risk prevention mechanisms:
- Regular financial monitoring - a set of measures taken by financial companies to prevent illegal financial transactions.
- Know Your Client (KYC) system - a set of rules used by banks or other financial institutions to verify their customers. They are designed to prevent fraudulent transactions or money laundering.
- Due diligence rules - a detailed examination of the target company in the case of an investment, merger or cooperation.
In addition, Ukraine is expected to gradually adopt international compliance standards that will allow Ukrainian companies to integrate into the global economy and increase their competitiveness. This will include stricter regulatory requirements from the NBU and increased attention to corporate social responsibility and ethics. This, in turn, will help improve the country's business climate and increase the confidence of international partners.
Conclusion
Compliance is an important tool for ensuring a company's stable and efficient operations. Implementing compliance policies and procedures allows companies not only to comply with legal requirements but also to maintain a high level of corporate ethics and social responsibility. This is especially important in the context of globalisation and increased regulatory control when a company's reputation and ability to adapt to change become key success factors.
Compliance contributes to the development of a corporate culture based on ethical standards, transparency, and responsibility. This, in turn, allows companies to minimise the risks associated with non-compliance with the law, prevent financial losses and ensure sustainable development in the long term. In the future, the importance of compliance will only grow, and companies that invest in its development will be able not only to maintain their competitiveness but also to reach new heights in their business.
Do you want to know how to implement an effective compliance policy in your company?
Contact us: info@integrity.com.ua.