Knowledge

Compliance (I): Where to Start?

Compliance as such does not mean much. To make the concept meaningful, it is critical t specify the context. What are we exactly talking about when we refer to compliance? Who should be complying with what? 

If your compliance ambition is to set up a process to ensure that, at all levels in the company, people will comply with all applicable laws, regulations, strategic guidelines, codes of conduct, internal rules, corporate policies, management instructions (the list could go on for ever), I wish you the best of luck…

You’ve got to start somewhere. You’ve got to be very specific about it. You’ve got to define specific areas where you will focus your compliance efforts. An auditor cares about compliance of financial statements with generally accepted accounting principles. A security and safety officer cares about compliance of the premises with the directives of the fire department. As the head of compliance, what will you care about? This is where defining priorities comes into play. Compliance is all about priorities. The first task of any compliance program is to identify the areas where compliance is an absolute must. In what areas would a failure to comply have the worst consequences for the company? That’s the starting point of your compliance programs.

Assuming you know your compliance priorities, the next question is what do you want to do about them? I don’t think you can seriously respond “ensure compliance”. As an in-house lawyer, or chief legal officer, or compliance officer, your ability to ensure anything in the area of compliance is pretty limited. “I want everyone in the company to comply in all circumstances with every applicable internal or external rule” may sound like a very inspiring leadership stance, but not as a credible management goal. Of course, if compliance means filling a report, and you are in charge of the report, and you possess all the information needed, things are pretty much under control and you can indeed ensure compliance. But when compliance requires the cooperation of thousands of people who do not report to you and whom you sometimes not even know, your power to “ensure” anything is pretty limited… and your goal should be accordingly defined. Defining compliance priority areas, is important. But defining realistic goals for you to achieve in these areas is essential. Your compliance objectives should be within your power.

Antoine Henry de Frahan | 11 August 2007 |