How to assess and improve your compliance management system

Written by Bill Howarth on Wednesday April 23, 2014

In recent years there has been a great deal of focus on the individual competencies for individuals working in a compliance function (for instance see the National Occupational Standards of Competence produced by the UK Financial and Legal Skills Partnership in association with the ICA).

Focus on the role of the compliance function in financial services firms was conducted in 2011 in BSI Standard(BS8453:2011) ‘Compliance Framework for regulated financial firms – specification’  which provided useful guidance, however, a more general and extensive template has been produced by ISO, the global standards body, which should become final on  21st April 2014 (ISO/PC Standards 271/ISO/DIS 19600) Compliance Management Systems.

This template will be useful for all firms whatever their sector and compliance divisions can use this template as a benchmarking measure for their own organisation:

“Organisations that want to be successful in the long term should maintain a culture of integrity and compliance and duly consider stakeholders’ needs and expectations. Integrity and compliance are therefore not only the basis but also an opportunity for successful business.

Compliance is an outcome of an organisation meeting its obligations and is made sustainable by embedding it in the culture of an organisation and in the behaviour and attitude of people working for it. Policies and procedures to achieve compliance must be integrated into all aspects of how the organisation operates. Compliance should not be seen as a stand-alone activity but should be part of the organisation’s overall strategic objectives. An effective compliance management system will support these objectives. Compliance management should, while maintaining its independence, be integrated with the organisation’s financial risk, quality, environmental and health and safety management systems and its operational requirements and procedures.

An effective organisation-wide compliance management system will result in an organisation being able to demonstrate its commitment to compliance with relevant laws, including legislative requirements, industry codes, organisational standards as well as standard of good corporate governance, ethics and community expectations.

An organisation’s approach to compliance should be shaped by its core values and generally accepted corporate governance, ethical and community standards.

Failure to embrace the above values at all levels of an organisation risks exposing that organisation to noncompliance through its compliance management system when determining the appropriate penalty to be imposed for contraventions of relevant laws.

Organisations are increasingly convinced that by applying binding values and appropriate compliance management, they can safeguard their integrity and avoid or minimise noncompliance with the law. Integrity and effective compliance are therefore key elements of good, diligent business management. Compliance also contributes to the socially responsible behaviour of organisations.

This International Standard does not state requirements but provides guidance on compliance management systems.

The guidance in the International Standard is intended to be flexible. As indicted at various points in the text, the use of this guidance can differ depending on the size and level of maturity of an organisation’s compliance management system and on the context, nature and complexity of the organisation’s activities, including its compliance policy and objectives.

It is well worth a look.