How global compliance works at the local level

Written by David Povey on Tuesday June 8, 2021

There are many readily accepted global definitions of compliance, and the nature of being compliant, whether from international organisations or regulatory bodies. But are such definitions and understandings followed – or even recognised – at a local and regional level? Does their reach, formulated from the summits of legislative authority, trickle down to levels perhaps overlooked in the larger compliance world?

The following will consider what global compliance looks like at a local level. It will also examine how different regions understand and adapt definitions of compliance to their own purposes, and the consequences of this for businesses.

What is compliance?

The simplest description of compliance is conforming to rules, laws, policies and standards, and regulatory compliance is the standard that firms need to achieve in order to be able to do business within the frameworks set by the applicable laws, regulations and rules.

This would appear relatively straightforward: follow the rules as they are set, and you will be compliant. But surely compliance is more than this? If it wasn’t, then there wouldn’t be differences around the world in how compliance systems are put in place. Therefore, rather than compliance being about laws and regulation, does it become a question of your local compliance ‘culture’ and how you want to operate? This is where the differences between jurisdictions across the world begin to emerge. From a global perspective, it’s clear that compliance is no longer the sole domain of US regulators, and companies must acknowledge compliance risks are global and affect the wider world. The compliance landscape is constantly evolving, so a broader, more international view, is required, in tandem with a focus on your own jurisdiction and how compliance works there.

Compliance culture can be defined as the overall environment that affects how compliance issues are handled. In a strong compliance culture, employees follow the right processes and perform the right controls even without oversight. In practical terms, it refers to how effective a firm is in meeting compliance regulations, and in deterring and detecting compliance problems.

Below, compliance will be examined in four key jurisdictions: North America, Europe, Asia-Pacific (APAC) and the Middle East and North Africa (MENA). Whether you operate in one of these areas or do business with firms within them, it will be important to understand the way each views compliance, and crucially, how this may differ to your own jurisdiction’s views.

North America

The US is renowned for having a particularly aggressive compliance enforcement stance. Over the last few years, there has been increasing global enforcement from the US not only in anti-corruption, but in financial fraud, money laundering, tax and trade sanctions. The wide reach of US regulators means that their rules and views on compliance has a big impact on the rest of the world and, over the years, there have been many fines levied at numerous international banks for breaches of US law.

• Wells Fargo agrees to pay $3bn fine for fraudulent account furore
• Citi to pay $400m OCC fine for risk management failures
• Western Union refunds $153m for scam victims
• Deutsche Bank faces $150m fine for Jeffrey Epstein ties

There is a temptation to look at how strict and severe the US is and decide to base a compliance programme purely on theirs – after all, so the thinking goes, if a company can comply with the strictest levels put in place by the US, then surely they’ll be OK. However, this removes any chance a company has to adjust and adapt for local practices and can have negative results. It’s important to strike a balance between making sure severe penalties are avoided while still maximising business opportunities.

Europe

Traditionally, and prior to Brexit, the European Union (EU) had a very joined up and cohesive way of regulating through a large host of laws and legislation which flowed into the EU’s culture of compliance. The major nations had a say on policies and the EU system appeared to work with cohesion across the continent. However, there have been a few false moments during the EU’s existence and with the UK having left the union, there is now the possibility of a very different way of working. It will be more important than ever for European states to have their own culture of compliance while still adhering to the EU’s. For the UK, the challenge is in forging its own path while still nurturing relationships with key allies.  

Asia-Pacific (APAC)

Historically, APAC has shown more acceptance of certain forms of corruption (or bending the rules) as being an acceptable means of speeding up bureaucracy or establishing ‘relationships’, and compliance has traditionally been viewed as detrimental to business growth. Gift giving is customary in Asia, and cash gifts, while not permissible in US business dealings, are not only normal, but are indeed part of life’s rites of passage and festival periods. It’s crucial for anyone operating in the region, or indeed with it from afar, to understand these key holiday periods and handle them sensitively.

Asia-Pacific is an enormous, diverse region in terms of legal systems, legislation and enforcement. It includes countries like New Zealand, second on Transparency International’s Corruption Perceptions Index[1], as well as Myanmar, which comes in at a lowly 156. This also brings cultural barriers which can be tricky to navigate.[2] For example, sarcasm works well in Australia and New Zealand for marketing ideas but goes down poorly in Asia, where words are more likely to be taken literally. Understanding this nuance in language is key, when creating a consistent compliance culture, to ensuring messages are not misconstrued.

Being comparatively smaller in size can mean that some countries feel isolated from international markets and as such must put their own regulations and compliance first. There can be a temptation to relax local practices in order to fit in and be accepted by larger, more intimidating countries, but this can lead to opening the door to corruption and bribery – a dangerous place to be.

Middle East and North Africa (MENA)

Within the MENA region there are three particularly key topics relating to the nuances of local regional compliance.[3] The first is for businesses to know that their partners and other intermediaries are conducting themselves to the same high standards as they are. No matter how good a company’s culture of compliance, there is a reliance on those with whom they trade, and on behalf of, to be compliant too. The second challenge is to keep abreast of what is happening in these high-growth markets and keep compliance as up-to-date as possible. If compliance is out of date, then a company can believe they are doing the right things but can actually be breaking the rules. Finally, there is the challenge of the increased cyber security risk in the region and the impact this can have on compliance. Cyber risk is increasing all over the world and the MENA region, as elsewhere, is battling to stay on top of how cyber criminals operate.

Today, there exists the feeling that there is less tolerance for bribery and corruption in APAC and MENA, and that it is no longer acceptable to merely explain that it is ‘just the way things are done’. Increased attention from the US, which is imposing bigger fines and sentences, has also helped foster this new attitude.

Final thoughts

So, what is the importance of understanding compliance at a local and global level? Clearly, it’s vital to acknowledge a common understanding of compliance. But what must also be understood is how your local area identifies compliance – in other words, what does compliance look likely locally? –whilst also absorbing the compliance approach in international areas in which you do business.

It’s no longer satisfactory for the company’s senior management just to set the ‘tone from the top’. Compliance efforts need to be seen as being embedded in the organisational strategy and cultural principles of a company. A ‘one-size-fits-all’ approach is not sufficient in today’s global business environment, and these differences must be clearly understood so that appropriate strategies can be put in place to assist employees in mitigating and managing the risks. One key point to remember here is that cultural sensitivities, language barriers and differences in the manner of doing business must all be considered and recognised as determiners as to the degree of compliance across jurisdictions.

[1] Corruption Perceptions Index 2020, Transparency International: https://www.transparency.org/en/cpi/2020/index – accessed May 2021

[2] Mary Shirley, ‘Asia Pacific compliance: Five tips for practitioners based outside the region’, Compliance Week, 14 August 2019: https://www.complianceweek.com/regulatory-policy/asia-pacific-compliance-five-tips-for-practitioners-based-outside-the-region/27551.article – accessed May 2021

[3] Nicolai Behr, ‘Compliance Trends around the World – 10 questions for the Compliance Heads of Baker & McKenzie – And The Answers Every Compliance Professional Should Know’, Global Compliance News, 9 June 2015: https://globalcompliancenews.com/compliance-trends-around-the-world-10-questions-for-the-compliance-heads-of-baker-mckenzie-and-the-answers-every-compliance-professional-should-know/ – accessed May 2021