The importance of a comprehensive, risk-based approach to compliance

By Mujo Vilasevic, MA

Mujo Vilasevic (mujo.vilasevic@gmail.com; mujo.vilasevic@raiffeisengroup.ba) is Company Secretary & Compliance Officer at Raiffeisen Invest JSC in Bosnia and Herzegovina.

It is fair to say that most of us are accustomed to relying on written laws. Use of “good practices” is also very known, but one cannot conclude that they are primarily depended upon in most cases. In day-to-day business, individuals and corporations prefer to rely on written rules. Not only is this a very practical and stable solution, but it also provides certainty in one’s behavior, which is ultimately part of a collective conscience. So with the wider introduction of the compliance function within organizations—the conscience of the organization itself—it has become very difficult for compliance professionals to provide the basis for certain rules that aren’t based on law, especially when elaborating and explaining their decision-making or opinion-drafting processes.

Why is this the case?

Most certainly, communication of compliance matters suffers because no other function within the organization gets so personal, with its constant rules of behavior, ethics and integrity standards, what to do and what not to do, how to behave, what to avoid, etc. Without the compliance function, people were familiar with these issues, but they were obviously not properly or systematically governed by organizations. Additionally, compliance enforces the behavior of all “in accordance to the laws” and to be “in compliance with the laws.” These obligations can be made very clearly, and so they are understandable; they are written by lawmakers themselves in a large number of cases. But to demand integrity in decision-making, avoid conflicts of interest, and rely on ethics principles in everyday job operations—that is difficult for all sides involved. In addition, it turns out that such rules are not so easy to find in written laws, bylaws, or regulations.

This can create a stigma for compliance professionals that their decisions are simply based on their own (personal or emotional) judgment, with no strict rules to rely on; that they have a “mysterious way” of figuring out resolutions in individual compliance-related matters; and that their assessments are very interpretative.

Let’s break that stigma.

Many organizations across continental Europe, led by Basel compliance standards,[1] have introduced various risk-based approaches when assessing compliance issues, as no compliance professional can rely on their own judgment when there are rules to follow, many of which have matrices and mathematics as supportive evidence.

This is no problem when it comes to regulatory compliance issues, because laws define behavior and respective fines in case of noncompliance. But how can compliance be gained in cases such as conflicts of interest or integrity-related situations? One solution is a comprehensive compliance risk-based approach.

This document is only available to members. Please log in or become a member.
Become a Member Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings