Regulatory compliance is not an “optional extra” for an organisation these days. Stakeholders are more enlightened, and with the advent of social media, a newsworthy transgression by any organisation can reach a global audience within seconds.
Particularly in South Africa over the past decade, entities have been subject to a sustained bout of regulatory diarrhoea. To keep up to speed with all the new legislation and regulations, more and more organisations are turning to a new breed of animal for the solution – namely “the Compliance Officer”.
This poor creature is allocated the mammoth task of steering the organisation on the straight and narrow, and avoiding financial penalties, criminal sanctions, and/or reputational loss.
But how should this be done? What makes for an effective compliance program, and how should management go about implementing such a program? Resource, budget and time constraints are ever present hurdles to any compliance initiatives. The aim of this article is to provide a high level overview of the key elements that need to be put in place.
An effective compliance program should consist of at least the following key elements:
- Element 1 -Tone at the Top. Executives and senior managers must “walk the talk” and show themselves to be just as accountable as everyone else when adhering to legislation and regulations.
- Element 2 - Clear Policies. Policies must be unequivocal in guiding the organisation, and “grey areas” must be avoided wherever possible.
- Element 3 - Due Diligences. Be wary of associating your brand with third party suppliers/providers/partners whose backgrounds and ethical frameworks are unknown to you. This is particularly a high risk area when making forays into new territories or new markets.
- Element 4 - Training and Communication. This must be ongoing and effective not only within your company and its internal stakeholders, but also to all external stakeholders so that everyone realises the “zero tolerance” stance adopted by the company.
- Element 5 - Whistleblowing Mechanisms. Whether this is by way of a tip-offs hotline run by an offsite service provider from a secret location, or simply by way of appointing a credible person who can receive anonymous reports by way of a letter dropped into a secure box next to reception, there must be an effective reporting channel.
- Element 6 – Robust Audit Program. Internal audit must regularly check and monitor the controls to ensure the system works. Internal audit must adopt a proactive role in monitoring and giving feedback.
- Element 7 - Consistent Enforcement. Any transgressions must be dealt with transparently, consistently and timeously.
- Element 8 – Records and Documentation. Document and keep records of the compliance processes and systems. These records will be needed by internal audit, and will also be needed should there be any investigation by a regulatory body.
Senior Advisor – Risk Advisory Services, Johannesburg
Also read: Ethics - a way of Life