“Doing the right thing” can have many different interpretations. Since everyone experiences life through a unique lens, everyone’s understanding of the moral choice may vary from person to person. Our moral principles are what drive our ethics; i.e. what standards we apply when faced with questions of how to behave within a particular environment. Depending on the environment, our choices may change.
In an environment like a business or organization, the company’s mission drives values, which then translate into ethical standards. When the members of an organization are following their ethics, they are essentially complying with those standards. Interpreting compliance may feel like it should be subjected to your own personal set of standards. However, from the standpoint of a compliance officer, there are rarely shades of grey.
Compliance professionals face hardline questions such as, “Does this policy meet this regulatory mandate?” which often warrants a “yes/no” response. Therefore, it’s critical for everyone at an organization to have an end-to-end understanding of exactly what compliance means for operations. Failure to effectively communicate compliance requirements across departments can lead to inefficiency and disagreement. Failure to break down silos and take a holistic, risk-based approach to compliance can lead to missing requirements; which can lead to financial or legal consequences.
This guide will answer the question of “what is compliance?” by providing a comprehensive definition of compliance, list various types of compliance, offer some examples of compliance and demonstrate how to take a risk-based approach to compliance.
Compliance, when it applies to corporations, refers to following the internal policies or government laws and regulations that their organization is subjected to. Failure to follow those requirements can put you at risk of financial fines or legal penalties.
However, compliance is more than just the satisfaction of legal requirements. It should not be viewed as an end goal; doing so assumes “compliant” is synonymous with “secure.” Meeting requirements should be viewed as a bare minimum for safe operations and resistance to external threats.
Compliance should be viewed as an ongoing effort to meet the needs and expectations of a variety of stakeholders. It touches every corner of an organization, and failure to allocate the appropriate resources to maintain compliance can have dire consequences. This is why GRC management is important. You can read our what is GRC guide here.
Furthermore, compliance should be viewed as an integral subset of risk. It’s essential to view compliance management efforts as they directly relate to the associated risks. This further emphasizes the importance of not treating compliance like a checklist; risk management, like compliance management, is an ongoing process that requires ongoing monitoring and evaluation.
For nearly every type of business activity, there are compliance requirements associated with it. Below is a list of some common types of compliance that organizations may be aiming to adhere to:
- Credit – When a lender agrees to borrow a certain amount of money from a loan lender.
- Cybersecurity – Refers to the protection of electronically-stored information.
- Insurance – Provides reimbursement against various types of losses.
- Leasing – A contractual agreement where the lessee pays the lessor for use of an asset.
- Privacy – Refers to the laws that deal with personally identifiable information.
For a comprehensive library of regulatory documents to corresponding business functions, check out this topic classification tool from LogicManager’s compliance functionality partner, Compliance.ai.
There are different types of compliance that organizations need to follow. Some key examples include:
Let’s examine two notable instances where compliance, or lack thereof, has a direct impact on all areas of the involved organization:
Compliance Example #1
The U.S. Equal Employment Opportunity Commission sets standards for ensuring a comfortable and welcoming workplace for employees nationwide. However, federal legal requirements set forth the most basic of standards, so some state laws afford additional legal protections to their employees.
For example, Massachusetts employees are ensured rights that require employers with six or more employees to adopt comprehensive policies against sexual harassment that go beyond the scope of federal requirements. The MA State’s Commission against Discrimination publishes “Sexual Harassment in the Workplace Guidelines,” as well as sexual harassment policies and posters for employers to construct their own policies around.
These additional compliance standards that are in place facilitate a culture where employees feel protected on a day-to-day basis.
Compliance Example #2
In 2018, Tesla founder and CEO Elon Musk came under fire for publishing false and misleading information via social media. Musk tweeted to investors about the possibility of taking the publicly traded company private.
As a result, the Securities and Exchange Commission fined Musk and Tesla $20 million and the Department of Justice required them to provide information about whether they inflated the production numbers of one of its vehicles.
This compliance failure demonstrates the importance of having a compliance policy in place surrounding social media. With proper cross-departmental oversight, this situation would have never occurred.
Risk-Based Compliance Management Solutions
Compliance is best thought of as a subset of risk. When working any type of regulation into your organization’s operations, taking a risk-based approach increases reliability and decreases redundancy. Here are a few steps to take for implementing a risk-based compliance management program:
- Standardize an assessment framework & templates – A carefully constructed risk library can categorize risks by regulation, which helps prioritize certain areas and streamline required corrective actions. This ensures clarity and objectivity when disclosing information.
- Link regulations and requirements to appropriate controls – Regulations and risk mitigating activities go hand-in-hand; verify the links between the two so that you can determine the success of each control as it relates to your compliance efforts.
- Structure reporting for flexibility & efficiency – Dynamic reports are integral to compliance, so it’s vital to demonstrate that your company is operating compliantly through configurable, clearly presented reports.
- Manage & expand change over time – The faster you can adjust your policies in response to regulation modification, the better. Assigning ownership to
organizational risks allows you to quickly alert the appropriate individuals when a change occurs.
To truly understand compliance, it’s important to understand that compliance and risk are not mutually exclusive concerns. In fact, compliance should be thought of as a subset of risk. With the increasing number of chief compliance officers, it’s evident that risk officers have too much on their plates, and risk and compliance are beginning to become separate entities. When you manage compliance by taking an enterprise, risk-based approach, you ultimately increase ROI.
What Is Compliance: Conclusion
Between sky-high piles of regulatory guidelines and compliance standards for your business higher than ever, it’s easy to get overwhelmed. Ensuring all the necessary requirements are being met across your company can be expensive, time-consuming and nearly impossible without the right compliance tools to help.
Utilizing Enterprise Risk Management (ERM) software helps to establish a known web of interconnections, eliminating limitations and confusion of siloed departments. Within GRC software, a compliance management functionality assists with identification, monitoring and neutralization of risks, making board and regulatory reports easier to conduct and maintain with a set of bespoke GRC tools.
With LogicManager’s compliance software solutions such as SOX compliance software, GDPR Compliance software and HIPAA compliance software, all of your compliance activities and workflows will be streamlined with a risk-based approach, saving you time and money while keeping your exemplary reputation intact. Our ERM software also enables you to move beyond compliance and leverage a broad scope of organizational knowledge to focus on strategic goals and operational risks.