Compliance has become a key concern not only in the financial sector but in business circles in general. Compliance can be defined as respect for all rules and regulations relevant to a business, including those pertaining to corporate governance, conflicts of interest, insider dealing, anti-corruption and fraud, money laundering, data protection and privacy, cybersecurity, licenses and permits, competition, HSSE and human rights.
Companies are increasingly adopting compliance programmes to identify, prevent, mitigate and resolve compliance risks and issues as early as possible.
Compliance risks vary from one company to another and depend on the company's activities and sector, the geographic area in which it is active, etc. A compliance programme should therefore be specifically tailored to each company's business profile.
Compliance consists of both prevention and remediation.
- Prevention entails measures and procedures adopted to prevent compliance issues from arising.
- Remediation refers to the steps taken to address and remedy compliance issues once they arise.
Prevention
The main goal of a compliance programme is to identify, prevent and mitigate risks. Therefore, it's important to ensure sufficient compliance awareness at each level and put in place appropriate internal measures and procedures, including:
- due diligence, audits and monitoring;
- codes of conduct, policies, notices, questionnaires, contractual clauses, etc.; and
- tailor-made training courses.
Remediation
While the aim of a compliance programme is to prevent compliance issues from arising, no programme is failsafe. Therefore, it's important to ensure adequate remedies to resolve compliance issues, mitigate their negative effects, insofar as possible, and provide appropriate assistance in the event of proceedings before the courts or administrative authorities, such :
- internal investigations;
- the implementation of corrective measures;
- the adaptation of existing policies and procedures; civil, criminal and administrative proceedings.