Is compliance keeping you up at night?

Breaching regulations is an expensive business as Volkswagen has discovered. Within hours of the revelation going public, the company had lost a fifth of its market value, its managers faced criminal charges and several billion dollars had been removed from the bottom line to pay for the recall and inevitable fines. Described by some as the Libor of the car industry the emissions scandal shows how quickly and deeply companies can be damaged.

VW is not alone in paying a hefty price; prosecution authorities have become much more active. So far this year, the Financial Conduct Authority in the UK has fined companies in excess of £800m and businesses are also vulnerable to fines from the Serious Fraud Office of up to 400 per cent of any illicit profits from bribery, fraud or money laundering. UK magistrates can also impose unlimited fines for regulatory breaches of health and safety, environment, food safety, trading, licensing, planning and data protection laws.

Compliance is one of the principal means by which an organisation can demonstrate that it does the right thing – for this to be the case the compliance function needs ethics. It is not sufficient to be compliant without caring how this is achieved.

Ethical compliance should begin with the code of conduct, using it to set out the values of the organisation and establish a culture of integrity with clear standards of expected behaviour. These values must emanate from the top of the organisation and management must ensure that appropriate governance and reporting structures are in place to enable the board to receive the necessary assurances of regulatory compliance.

While the compliance team should be responsible for oversight and monitoring, it should be made clear that compliance, like health and safety, is part of everyone’s job. Different departments must be responsible for ensuring compliance with all relevant regulations and the compliance function must have appropriate resources to provide the necessary levels of training and communication to ensure that the code of conduct and all related practices and procedures are properly embedded throughout the organisation. To be properly protected, the code of conduct and compliance with it must extend to the activities of suppliers, partners, agents, intermediaries, contractors and sub-contractors, right down the supply chain.

Annual risk assessment checks should also be carried out by the ethics and compliance team, as exposure to risk may change as a business grows, but above all a measurement and reporting system is needed that analyses compliance status by department and includes a system of Key Performance Indicators.

With these steps in place, organisations can be confident that they are establishing a robust compliance programme that reduces risk, protects reputation and ensures a good night’s sleep.

Published October 2015