What is compliance?
The term ‘compliance’ basically means ensuring law-abidance. Private and public stakeholders expect that any company will conduct its business in a way that complies with applicable standards. Seen from this perspective, compliance can also be defined as the state of integrity expected by the stakeholders on the basis of the civil responsibility of the companies. Historically, the term ‘compliance’ and the practice itself are both of US origin, and date back to the legal violations in the American defence industry in the 1980s. Since the early 1990s there has been the recognition in the American economy that each company should be aware of its strategic legal risks and should systematically prevent infringements of the defined core legal areas. Since the late 1990s compliance has also become a key element of diligent corporate management and successful risk management for European businesses. In recent years, increasing emphasis has been placed on integrity in business. Companies – just like any citizen – are required not only to behave in accordance with the law but also with complete integrity.
Five fundamentals of effective compliance
The fact that companies nowadays are running law-abidance systems or compliance programmes is among the core elements of careful business management. The content of the compliance programme will be different depending on the strategic risk profile (‘risk map’) of the particular company. Smaller companies that only operate in Switzerland can take clear, straightforward measures to ensure law-abidance, whereas multinationals need to run a comprehensive professional compliance programme. Although there is no single binding model for effective compliance management, there are common fundamental elements for effective compliance as shown, for example, in the ‘Compliance House’
1) Policy and code of conduct are the roof of effective compliance.
The corporate management commits to complete integrity, in particular to abidance by the law as a key part of its corporate culture and the foundation of its business operations. It issues a code of conduct (code of ethics, code of business conduct, or similar).
2) The structure of the compliance organization is the first pillar of the Compliance House.
The corporate management ensures that the code of conduct, in particular the requirement to abide by the law, is effectively implemented by the compliance structure. It makes adequate financial, staff and material resources available. The structural guarantee of the effectiveness of compliance includes the creation of independent bodies to which concerns and infringements can be reported in confidence.
3) The compliance processes are the second pillar of the Compliance House.
The compliance processes and the compliance organization together form the company’s compliance programme. Planned, systematic processes include, for example, the regular analysis of the legal risks, publishing and implementing internal regulations, training exposed staff, and handling concerns and infringements.
4) Appropriate incentives and sanctions complete the Compliance House Integrity and acting within the law should be the prerequisites for any remuneration.
If needs be, particular achievements relating to integrity and compliance, and therefore to the corporate culture, can be rewarded. But under no circumstances should the effectiveness of the compliance programme be sacrificed to conflicting commercial incentives. Culpable breaches of the law should be sanctioned so that punishment and deterrence emphasize the fact that compliance is binding and non-negotiable. The requirement for integrity and compliance together with sanctions in the event of culpable breaches of the law are transparent parts of the staffing and remuneration policy of the company.
5) Testing the effectiveness and the constant improvement of compliance measures are cornerstones of the Compliance House
The corporate management ensures that the compliance management is regularly tested for effectiveness. Weaknesses in the programme or individual measures are then put to rights. The compliance system must be adapted to take account of any changes in the company (i.e. new products, new markets, etc.).
0 Comments