INTRODUCTION
The word governance is derived from 'Gubernate' which means to steer/ to guide /to give directions/to control the Board of directors . It defines how the organization should perform , describing through policies what is acceptable & unacceptable as well . Governance is also responsible for risk & compliance oversight .
Here the word COMPLIANCE means 'the act of obeying an order, rule, or request'.
- Compliance ensures that an organization has the processes and internal controls to meet the requirements imposed by governmental bodies, regulators, industry mandates or internal policies.
- An initiative to comply with a regulation typically begins as a project as companies race to meet deadlines to comply with that regulation.
- However, compliance is not a one-time event organizations realise that they need to make it into a repeatable process, so that they can continue to sustain compliance with that regulation at a lower cost than for the first deadline.
- The compliance process enables organizations to make compliance repeatable and hence enables them to sustain it on an ongoing basis at a lower cost.
- Organizations are not only required to obey the external laws and rules but also it should follow designed business policies for the betterment of the organisation. Requirement for compliance cases with as the organisation grow.
- Requirement to obey legal laws and follow company policies may vary from business to business.
By enforcing compliance, the company can prevent and detect violations of the rules which subsequently protects the organization from fines and the lawsuits.
Why do we need compliance?
Ans- Taking steps to meet your legal obligations might seem like a management no-brainer, but only fulfilling your minimum requirements might result in missed opportunities. Maintaining compliance helps your company mitigate risks as well as avoid disciplinary action that could lead to license revocations, damaged reputations, lost customers, and financial penalties and losses. Some of the benefits are -
- Reduced legal charges
- Competitive advantages to the businesses
- Higher employee retention
- Better public relations
- Improved Operations and Safety
- Higher Productivity in the Company
- Change and innovation
TYPES OF COMPLIANCE
Compliance regulations can be divided into two categories:
1. Internal compliance
Internal compliance refers to an internally designed set of rules and regulations that the owners, employees, traders, customers follow to maintain the quality of the services or products provided by the organisation. An organization will comply with external requirements only when it is working in line with the internal rules and regulations. Some of the broad heads can be categorized as below:
- Preventive policies
- Detective controls
- Corrective procedures
2. External compliance
External Compliance refers to following the rules, laws and standards set by the governmental authorities to avoid any negative impact on the goodwill of the organization. These laws are made to help an organisation build public relations, trust and bring transparency to the business it does. Complying with all the laws ensures any unnecessary duplication of efforts of resources. Some of the broadheads can be categorized as follows:
- Company law
- Labour law
- Environment law
- Tax laws
COMPLIANCE RISK
- Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting from its failure to act in accordance with industry laws and regulations, internal policies or prescribed best practices. Compliance risk is also known as integrity risk.
- Compliance risk is the threat posed to a company's earnings or capital as a result of violation or non-conformance with laws, regulations, or prescribed practices.
- The risk is closely interconnected with the operational risk , legal .
Why Compliance Risk Is a Real Threat?
Besides punitive fees, penalties and a sense of professional obligation, there are additional reasons to make your best effort to avoid common compliance risks, which include:
- Legal & Liability Concerns
- Business Reputation
- Data Security
ELEMENTS OF EFFECTIVE COMPLIANCE PROGRAM
According to the US Federal Sentencing Guidelines , in order to have compliance program, an organization must establish and maintain an organizational culture that encourages ethical conduct and a commitment to compliance with the law .
The elements of an Effective Compliance Program may be listed as under:
- High level company personnel who exercise effective oversight
- Training and education
- Written policies and procedures
- Lines of communication
- Response to detected offenses and corrective action plans
- Internal compliance monitoring
- Standards enforced through well-publicized disciplinary guidelines
COMPLIANCE RISK MANAGEMENT
Compliance risk management is the process of identifying, assessing, and monitoring the risks to your enterprise’s compliance with regulations and industry standards. It is a part of collective governance, risk management and compliance discipline.
Steps in compliance risk management-
- Understand compliance obligations
- Assess risks
- Address all Compliance risks
- Evaluate performance
Can Risk Management and Compliance Management exist without the other?
Your organization can’t have risk management without also having compliance. Unwillingness to comply with regulations can result in reputational damage, lawsuits, financial losses, or enforcement actions, making it crucial to incorporate into your business. A good risk management plan would allocate resources to compliance plans and procedures and ensure that compliance and general risks are continuously managed. Ultimately, organizations can avoid the headaches of dealing with non-compliance problems by simply investing in a robust risk management plan.
Compliance and risk management need to work together to ensure the entire company is following the necessary rules and has solutions in place for losses that may occur.
Factors to be kept in mind for planning to mitigate Compliance risk
- New ethics, compliance, and reputational risks appear each day.
- At the same time, the recent global recession has forced many organizational functions to closely examine their budgets.
- Together, these factors have created a tension between growing regulatory obligations & the pressure to do more with less.
- To help resolve this situation and continue to add value to their organizations, ethics and compliance professionals need to be sure they understand the full spectrum of compliance risks hidden in each part of the organization.
- They then need to assess which risks have the greatest potential for legal, financial operational, or reputational damage and allocate limited resources to mitigate those risks.
ESSENTIAL ELEMENTS OF A SUCCESSFUL COMPLIANCE RISK MANAGEMENT PROGRAM
A successful compliance-risk management program which is essential for sound and vibrant operational system contains certain elements.
- Active board & senior management oversight
- Effective policies and procedures
- Compliance risk analysis & comprehensive controls
- Effective compliance monitoring & reporting
- Testing
Compliance management is the most important part of any business. What are the consequences of Non-compliance?
Failing to comply with rules, regulations, and specifications could have costly consequences.
- Penalties and fines
- Roadblock in funding
- Criminal charges
- Reputational damages
- Access to markets & product delays
NEW DEVELOPMENT- GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE (GRC)
GRC is the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity. GRC as an acronym denotes governance, risk, and compliance — but the full story of GRC is so much more than those three words. GRC doesn't burden the business, it supports and improves it.
Governance, risk, and compliance – popularly known as GRC – is a set of processes and procedures to help organizations achieve business objectives, address uncertainty, and act with integrity.
The objective of GRC is to install good business practices into everyday life. While not a new concept, GRC has grown in stature as risks have become more numerous, more complex, and more damaging.
There are three main components of GRC:
- Governance: Aligning processes and actions with the organization’s business goals
- Risk: Identifying and addressing all of the organization’s risks
- Compliance: Ensuring all activities meet legal and regulatory requirements
GRC is a structured approach to aligning IT with business objectives while effectively managing risk and meeting compliance requirements.
The Benefits of GRC -
- Business Transparency
- Protection Of Reputation
- Reduced Costs
- Process Optimization
The scope of GRC doesn't end with just governance, risk, and compliance management, but also includes assurance and performance management ,information security management, quality management, ethics and values management, and business continuity management. Soon operating controls will not only help mitigate operational risk, but also enable faster go-to-market opportunities. The emphasis, more and more, will be on linking GRC to business performance.