Compliance Programs and Regulatory Mapping
The Need
In response to increased regulation and requirements for enhanced compliance, governance and risk management practices, all organizations must identify all laws and regulations which apply to its operations and trading entities and the relevant compliance and reporting elements which have to be implemented in order to ensure compliance with these identified laws, across the entire organization.
Lee’s Compliance can assist
Lee’s Compliance is well placed to assess an organization’s compliance requirements, including all applicable laws and related regulatory risks, and the associated compliance controls which have to be implemented in order to address and manage these risks, including the requirement for permits, policies, processes and reports.
Lee’s Compliance embraces an enterprise*[1] and effective**[2] compliance approach through the use of compliance and risk management best practices, which cover the full spectrum of one’s organization.
The end objective and goal
By adopting an enterprise wide and integrated model of compliance across the organization will ensure that the organization meets and satisfies its compliance and ethical obligations at every level.
The steps
The biggest driver of an organization’s compliance risk and requirements is typically its industry footprint. Laws which may apply to an organization in one industry, may not apply to an organization in another industry. In order to ascertain which laws do apply, the organization needs to take account of its complete industry footprint and corresponding compliance risk.
However, given the size and complexity of many businesses today, and the vast amount of laws which make up the regulatory environment, the executive team may not have a clear understanding of how their industry footprint impacts compliance risk.
Lee’s Compliance can give the executive team or their compliance department a detailed report of all the compliance issues which the organization faces, industry based, given its specific industry footprint.
Once this has been done, Lee’s Compliance, making use of best practice risk methodologies, and adopting a risk-based approach will advise the Board, the executive team and the compliance function, what its respective compliance and regulatory priorities should be.
But who has to comply?
Whilst the answer differs when the question is posed, ranging from: “the Board and executives”; “the compliance and legal function” to “Everyone’s responsible for compliance”, chances are that in reality, nobody’s at the wheel.
Whilst compliance is everyone’s responsibility, not all laws applicable to an organization should be on everyone’s radar; some people depending on their functions, have more compliance related responsibilities than others.
Lee’s Compliance identifies those within the organization who have to comply, setting out how these persons are required to discharge their respective compliance obligations, in real time, allowing the organization to allocate the ownership of compliance to persons and employees across the entire organization, which in turn will be overseen and managed by core compliance functions and roles such as the compliance function headed up by the Chief Compliance Officer.
How does one have to comply?
When it comes to compliance, many don’t know where to focus, what their priorities should be, or how their performance will be measured. It can be a constant struggle to get those on the front lines to understand and care about compliance risks.
That’s where education comes in.
How is the board or top management, or leadership communicating expectations and values when it comes to compliance?
How is the organization developing, building on and driving its compliance culture?
Lee’s Compliance can create for the organization, a series of entry level or more advanced training programs and compliance handbooks or manuals, which are applicable to the organization and its employees, which programs via training sessions or e-learning, can be deployed to those persons within the organization who have compliance responsibilities and related tasks.
Using these educational and training programs allows the organization to comply with its skills development responsibilities and as a bonus in the long run, creates and enhances its culture of compliance from the top down and the ground up.
As a result, persons, including employees in business units and functional operating units, who are or will be responsible for performing compliance-related activities every day, will know what needs to be done and when, and importantly, will be informed and be aware of the potential consequences if these compliance tasks are not executed properly.
The result – people within the organization, from a compliance perspective, know what they are expected to do and why, and what the consequences will be should they fail in their compliance endeavours.
But how do we know what our compliance risks are and if we are complying?
Most organizations, with respect, have a false sense of confidence, when it comes to compliance.
Fragmented and ad hoc approaches to compliance, do not deliver the information needed to fully understand what compliance risks face an organization and if the organization’s compliance tasks and related risks are being managed and are under control.
From experience, limited legal and / or compliance risk assessments are conducted, often only taking place within certain business units and most likely done by persons who have an overly narrow view of what constitutes a risk. Multiply that scenario by all the individual parts of an organization, and it can add up to an even bigger problem. To add to this, in too many cases, no one is challenging these assessments.
Which begs the question: how can leaders be confident that they have smart answers to the tough questions about compliance risks and the management of these risks and more importantly, does an organization have its regulatory, legal and compliance risks under control?
Lee’s Compliance, will develop an enterprise wide regulatory and compliance legal risk register, which can be viewed as a general document or per law applicable to the organization.
This catalogue of existing and potential compliance risks specific to the organization can ultimately serve as a framework for understanding and prioritizing risk at every level, and allows those tasked with compliance to identify, manage and where possible eliminate these risks through the deployment or application of required or recommended compliance controls.
In summary, Lee’s Compliance can provide the organization with an enterprise-level view of its regulatory and compliance risks via risk assessments and related registers, providing the organization with a good picture of the risks which it faces in its compliance environment, the consequences of these risks and how these compliance risks, should as per the laws be managed.
[1] *Enterprise compliance is a coordinated approach to compliance spanning multiple businesses, organizational units, and geographies, enabled by people, processes, and technology.
[2] * *Effective compliance isn’t just reflected in an organization’s ability to check all the right boxes. It’s reflected in employees’ willingness to do the right thing embracing and living the organization’s culture of compliance.