What does a compliance department have to do in order to meet the multi-layered and complex requirements of regulatory control? “It has to cover all the issues that are brought to it. It must be a risk manager, it must operate control systems, it must train and communicate, it must ultimately be creative”, summarises Mirko Haase, President of the Professional Association of Compliance Managers (BCM).
Five main tasks present themselves:
- Identify risks
- Provide instructions for prevention
- Use controls and uncover grievances
- Find solutions to violations
- Advice on compliance rules
1.) Identify company-specific compliance risks
To incorporate the “tone from the top”, company-specific adjustments are necessary. This is because not every company deals with the same grievances and the list of compliance risks is long. Common examples are violations of:
- Environmental regulations
- Anti-corruption laws
- Antitrust and competition laws
- Trade restrictions
- Security rules
Cybercrime and sexual harassment also trouble some companies. Once the biggest compliance threats have been identified, you can start setting up and organizing the (new department).
2.) Create compliance guidelines
Some compliance guidelines for employees and employers are necessary for every business. The basis of all rules is the Code of Conduct, which regulates the basic standards of behaviour such as the company values or dealing with corruption. In addition, the topics of “equal rights”, “health at work”, “data protection policy”, “use of social media and the internet”, and “regulations on working hours and holidays” should be included in the compliance rules. In addition, there are also rules that should apply on the basis of a company-specific risk assessment.