Authorities around the world are tightening regulations to prevent illegal activities such as money laundering, market manipulation and insider trading, and provide strict rules on how to deal with personal data, treat whistleblowers and other elements of business life. This means that compliance departments have to remain one step ahead of the game, implementing new policies and making sure they are watertight to prevent organisations from breaching these laws. This article explains how to develop such a policy and provides a compliance strategy example to help you see how it looks in action.
The COVID-19 pandemic has hit spending on compliance within organisations, with Gartner finding that it plateaued in the second half of 2020 despite having grown by 42% between 2017 and 2019. This shows the importance of having a solid, structured strategy. Without additional money to spend on constantly re-engaging employees and firefighting compliance issues, having an effective compliance strategy, in which compliance policies are spelt out clearly, allows for ease of understanding in a more efficient way than approaching each challenge as it arises.
1. What is a compliance strategy?
Your compliance strategy is the policy that dictates how you reduce regulatory risks and minimise the likelihood of law breaches in the jurisdictions in which you operate.
Rather than spending their time looking backwards, retrospectively solving lapses, compliance officers and their teams can put a strategy in place to avoid these problems in the first place. This saves time, effort and considerable financial penalties for breaches of compliance legislation.
The elements that make up your corporate compliance strategy depend on the size and nature of your organisation, industry standards, as well as the territories in which you operate. Legislation across the world is constantly evolving and your strategy should be agile enough to keep up with the latest regulatory requirements like these:
- The European Union introduced the EU Whistleblowing Directive with a deadline to be adopted in national law by December 2021. Its goal is to ensure that people who uncover illegal activity at work are not punished with “effective, proportionate and dissuasive penalties” by companies or colleagues for making their reports.
- The USA recently announced it was tightening its rules on disclosing beneficial owners of organisations. US Treasury Secretary Janet Yellen claimed it was necessary as “there’s a good argument that, right now, the best place to hide and launder ill-gotten gains is actually the United States.”
2. Why is a compliance strategy so important?
A world where authorities and organisations clamp down on market abuse and manipulation as well as money laundering, and where whistleblowers feel empowered to report wrongdoing, is a better world for us all. Your compliance framework helps to bring this to fruition.
The other main benefit is that an effective compliance strategy mitigates financial risks from lawbreaking. Ensuring your policies are up to date and staff are fully aware of their compliance requirements and obligations means it is less likely that your business will face punishment for legal transgressions.
In recent years, authorities have levelled many penalties for compliance breaches, including:
Company/ companies fined |
Penalty levied | Reason |
Major banks:
|
€361 million | Operating a cartel in which traders from each bank informed others about volumes on offer and prices in the run-up to the auctions. |
Bloomberg | €3 million | Publishing a false press release that a French court found affected the share price of construction firm Vinci. The Autorité des marchés financiers (AMF) in France said that the news organisation should have verified the information before publishing. |
3. How to create your regulatory compliance strategy
3.1 Plan ahead
By the nature of compliance, your strategy cannot be a static document. The regulatory requirements are constantly shifting and you must acknowledge that as you plan for the future and model your compliance practices. Set goals for the short and medium terms and ensure you regularly check how you are doing.
An example goal could be to step up staff training in compliance over the next three years. For another goal, you might aim to redraft the company code of ethics in the next two years. An additional target might be to automate your business processes for authorising employee trades or to improve the management of your insider lists in the coming twelve months.
3.2 Capture data
Data drives good decision-making, so ensure you capture as much data as possible on your compliance efforts. Log all of the exception requests you receive, for example. In addition, you should log and categorise the whistleblowing reports that come in and, by law, you must capture data relating to trades by persons discharging managerial responsibilities(PDMR) and any person closely associated (PCA) with them.
The more data you hold on all compliance activities, the more you can use it to track progress and to inform your future policy in a way that is beneficial for the business.
3.3 Track trends over time
Using the data you capture, you can track trends over time and understand how you can adjust or rethink your compliance strategy, based on how it is used.
- If there are a growing number of exception requests – where someone asks for a temporary lifting of the rules for them for a specific reason – it could be that your strategy is a success because people clearly understand the boundaries. However, it could also mean that the strategy is too restrictive and is preventing people from completing their work.
- If there are many whistleblowing reports about wrongdoing in a certain department, it could be that you need to implement training for that department in order to bring them up to speed with the legislation they should be working within.
3.4 Create escalation systems
Your compliance strategy should not just alert the company to risks. It should also put in place a process that notifies the appropriate individual or team, allowing those risk owners to act immediately.
This requires escalation systems to be in place and for you to communicate with these entities about the correct procedures. A good example of this would be the process of creating an insider list. This list, required under the Market Abuse Regulation, contains details of all people with access to inside information which, if it were made public, would affect the share price of an issuer.
You must create the list as soon as the information is designated as inside information, notifying those included on the list and reminding them of their legal obligations not to disclose or act upon the information. This requires an automated process to ensure that it is escalated quickly and the list is put in place. Using InsiderLog for this procedure creates an easy way for insiders to add their information to the list and sends reminders to those who do not reply, ensuring you stay compliant.
3.5 Train employees
Your system is only as effective as those running it and working within it. If they understand what is expected of them and when it is expected, they can use your policy and make the most of it. If the compliance obligations are unclear or confusing, the whole system could fail and you could become vulnerable to compliance risks.
Compliance training should happen regularly and reflect the changing legislative environment. Once employees know what to look out for and how to report their findings, the system can run smoothly and you are more likely to remain compliant.
3.6 Document your strategy
One way to ensure compliance is working as it should within a company is to implement regular compliance audits. And one way to ensure you are ready for these tough tests of the strength of your policy is to document everything.
Note down everything you do to ensure compliance, keep records of your activity to show that you have tackled compliance issues in the correct manner, and archive proof that you have worked to mitigate future compliance risks. In the event that something goes wrong, being able to show that you have made real efforts to remain compliant could be the difference between receiving a sizeable penalty and not.
One example of this is Credit Suisse, which was fined US$345,000 in 2021 for failing to have the necessary systems in place for tracking whether new hires correctly declared their personal trades.
3.7 Automate your tasks
Automation makes your processes run more smoothly. When accepting whistleblowing reports through IntegrityLog, for example, you prevent unauthorised individuals from accessing the case, meeting the compliance requirements for confidentiality. The platform also notifies the relevant department and keeps them updated with deadlines by which they must acknowledge receipt and provide feedback on reports to help you remain compliant.
4. Compliance strategy example
This example of a compliance strategy from German financial services company Allianz includes its code of conduct, complaint system and fraud warning.
5. FAQs
5.1 What is strategic compliance management?
A chief compliance officer is not just tasked with ensuring the company stays on the right side of the law, but they must also help foster an ethical culture and help to harness that culture and drive growth for the business. The data that you gather in compliance can be harnessed to understand wider trends and allow senior leaders to gain insights on how to expand and improve performance as well as the business decision-making process. This is strategic compliance management.
5.2 What is the relationship between compliance enforcement and entity management?
As a company grows, acquires other businesses and launches subsidiaries, compliance enforcement becomes trickier. This is often due to the fact that the business starts operating in many different jurisdictions with different legislation. You must at once have a unified approach to enforcing compliance but also understand that laws are different in different territories and you must comply with local law at all times. Entity management policies help you to achieve this at a local, national and international level.
5.3 Can you measure compliance ROI?
By creating benchmarks for certain compliance metrics, you can track the ROI of your strategy. The metrics you choose could include anything from measuring the number of successful compliance audits, as part of your internal processes, to tracking the total of financial penalties incurred over a period of time.
6. Conclusion
We hope this compliance strategy example and the list of steps to create your own policy will help you put in place a compliance framework in your organisation. This helps compliance to become a natural part of everyday work for your employees, educating them about what they should report, how they should report it and to whom.
Automating your compliance strategy with tools from ComplyLog is one step to creating a successful strategy that helps drive your business forward under the stewardship of a chief compliance officer.
7. References and further reading
Share this post
Article Summary
- 1. What is a Compliance Strategy?
- 2. Why is a Compliance Strategy so Important?
- 3. How to Create Your Regulatory Compliance Strategy
- 3.1 Plan ahead
- 3.2 Capture data
- 3.3 Track trends over time
- 3.4 Create escalation systems
- 3.5 Train employees
- 3.6 Document your strategy
- 3.7 Automate your tasks
- 4. Compliance Strategy Example
- 5. FAQs
- 5.1 What is strategic compliance management?
- 5.2 What is the relationship between compliance enforcement and entity management?
- 5.3 Can you measure compliance ROI?
- 6. Conclusion
- 7. References and Further Reading