The Need

In response to increased regulation and requirements for enhanced compliance, governance and risk management practices, all organisations must identify all laws and regulations which apply to its operations and trading entities and the relevant compliance and reporting elements which have to be implemented in order to ensure compliance with these identified laws, across the entire organisation.

Lee’s Compliance can assist

Lee’s Compliance is well placed to assess an organisation’s compliance requirements, including all applicable laws and related regulatory risks, and the associated compliance controls which have to be implemented in order to address and manage these risks, including the requirement for permits, policies, processes and reports.

Lee’s Compliance embraces an enterprise*[1] and effective**[2] compliance approach through the use of compliance and risk management best practices, which cover the full spectrum of one’s organisation.

The end objective and goal

By adopting an enterprise wide and integrated model of compliance across the organisation will ensure that the organisation meets and satisfies its compliance and ethical obligations at every level.

The steps

The biggest driver of an organisation’s compliance risk and requirements is typically its industry footprint. Laws which may apply to an organisation in one industry, may not apply to an organisation in another industry. In order to ascertain which laws do apply, the organisation needs to take account of its complete industry footprint and corresponding compliance risk.

However, given the size and complexity of many businesses today, and the vast amount of laws which make up the regulatory environment, the executive team may not have a clear understanding of how their industry footprint impacts compliance risk.

Lee’s Compliance can give the executive team or their compliance department a detailed report of all the compliance issues which the organisation faces, industry based, given its specific industry footprint.

Once this has been done, Lee’s Compliance, making use of best practice risk methodologies, and adopting a risk-based approach will advise the Board, the executive team and the compliance function, what its respective compliance and regulatory priorities should be.

But who has to comply?

Whilst the answer differs when the question is posed, ranging from: “the Board and executives”; “the compliance and legal function” to “Everyone’s responsible for compliance”, chances are that in reality, nobody’s at the wheel.

Whilst compliance is everyone’s responsibility, not all laws applicable to an organisation should be on everyone’s radar; some people depending on their functions, have more compliance related responsibilities than others.

Lee’s Compliance identifies those within the organisation who have to comply, setting out how these persons are required to discharge their respective compliance obligations, in real time, allowing the organisation to allocate the ownership of compliance to persons and employees across the entire organisation, which in turn will be overseen and managed by core compliance functions and roles such as the compliance function headed up by the Chief Compliance Officer.

How does one have to comply?

When it comes to compliance, many don’t know where to focus, what their priorities should be, or how their performance will be measured. It can be a constant struggle to get those on the front lines to understand and care about compliance risks.

That’s where education comes in.

How is the board or top management, or leadership communicating expectations and values when it comes to compliance?

How is the organisation developing, building on and driving its compliance culture?

Lee’s Compliance can create for the organisation, a series of entry level or more advanced training programs and compliance handbooks or manuals, which are applicable to the organisation and its employees, which programs via training sessions or e-learning, can be deployed to those persons within the organisation who have compliance responsibilities and related tasks.

Using these educational and training programs allows the organisation to comply with its skills development responsibilities and as a bonus in the long run, creates and enhances its culture of compliance from the top down and the ground up.

As a result, persons, including employees in business units and functional operating units, who are or will be responsible for performing compliance-related activities every day, will know what needs to be done and when, and importantly, will be informed and be aware of the potential consequences if these compliance tasks are not executed properly.

The result – people within the organisation, from a compliance perspective, know what they are expected to do and why, and what the consequences will be should they fail in their compliance endeavours.

But how do we know what our compliance risks are and if we are complying?

Most organisations, with respect, have a false sense of confidence, when it comes to compliance.

Fragmented and ad hoc approaches to compliance, do not deliver the information needed to fully understand what compliance risks face an organisation and if the organisation’s compliance tasks and related risks are being managed and are under control.

From experience, limited legal and / or compliance risk assessments are conducted, often only taking place within certain business units and most likely done by persons who have an overly narrow view of what constitutes a risk. Multiply that scenario by all the individual parts of an organisation, and it can add up to an even bigger problem. To add to this, in too many cases, no one is challenging these assessments.

Which begs the question: how can leaders be confident that they have smart answers to the tough questions about compliance risks and the management of these risks and more importantly, does an organisation have its regulatory, legal and compliance risks under control?

Lee’s Compliance, will develop an enterprise wide regulatory and compliance legal risk register, which can be viewed as a general document or per law applicable to the organisation.

This catalogue of existing and potential compliance risks specific to the organisation can ultimately serve as a framework for understanding and prioritizing risk at every level, and allows those tasked with compliance to identify, manage and where possible eliminate these risks through the deployment or application of required or recommended compliance controls.

In summary, Lee’s Compliance can provide the organisation with an enterprise-level view of its regulatory and compliance risks via risk assessments and related registers, providing the organisation with a good picture of the risks which it faces in its compliance environment, the consequences of these risks and how these compliance risks, should as per the laws be managed.

[1] *Enterprise compliance is a coordinated approach to compliance spanning multiple businesses, organisational units, and geographies, enabled by people, processes, and technology.

[2] * *Effective compliance isn’t just reflected in an organisation’s ability to check all the right boxes. It’s reflected in employees’ willingness to do the right thing embracing and living the organisation’s culture of compliance.