What Is Compliance?
Compliance is often defined in dictionaries as, “The action or fact of complying with a wish or command or a set of rules.” This can be a set of external rules, such as laws, regulations or third party contractual obligations or it can be a set of internal rules, such as codes of conduct and internal policies or controls, which are imposed by the organization itself.
The failure to comply with these external and/or internal rules creates a compliance risk which can expose the organization to financial loss, material loss, fines and voided contracts. Besides the risk of economic loss, companies also stand to lose future business opportunities and their good standing and reputation.
Compliance risk can be defined as the risk that the codes, internal policies, systems and controls implemented by the organization to ensure compliance to relevant laws and regulations applicable to the organization, are not adhered to and/or are ineffective which leads to noncompliance. Compliance professionals are tasked with identifying and managing these compliance risks through the implementation of an effective compliance program.
What Is a Compliance Program?
There are many definitions of a compliance program. On a very basic level it is about education, scope, prevention, detection, collaboration, and enforcement. It is a system of individuals, processes, and policies and procedures developed to ensure compliance with all applicable laws, industry regulations, and private contracts governing the actions of the organization. A compliance program is not merely a binder on a shelf and it is not a quick fix to the latest risk areas. A compliance program—an effective compliance program—must be engrained in the culture and an ongoing process that is part of the fabric of the organization. A compliance program must be a commitment to an ethical way of conducting business and a system for helping individuals to do the right thing. On a practical level, compliance programs are used by organizations to prevent, detect, and fix ethical and regulatory compliance risks by effectively implementing education and training, auditing and monitoring, investigation and discipline, and policies and procedures to prevent noncompliance.
Who Needs a Compliance Program
Publicly Traded Companies
Foundations and other Non-Profit Organizations
There is no one size fits all compliance program. An effective compliance program needs to be tailored for each organization based on the industry in which it operates and the specific needs of the organization.