What Is Compliance
With origin in English, the word compliance in business means, in free translation, “to be in compliance with”, “to obey”, “to agree”.
In this case, it is the same as committing to integrity in daily decision-making .
Management guided by compliance in business must be marked by transparency and ethics, which in itself results in lower risks.
This is because it is much more difficult to be punished for violating legislation that is taken into account and respected in all actions.
That is, the best way to avoid punishment is not to commit the crime .
In the corporate world, the compliance of large institutions can be broken down into three levels to better understand its application: risk management, corporate governance and process and business management.
Let us now move forward individually on each of these concepts.
This level encompasses everything related to risks that can threaten the long-term prosperity of a business .
Risk management is not only responsible for identifying potential eminences, but also requires a resolute stance.
According to ISO 31000 , this is a process that must protect and generate value for the company.
It consists of four phases: identification, assessment, mitigation and monitoring.
This is the most “executive” part of the system, so to speak.
Governance serves to establish compliance rules , which should guide the institution’s performance with its clients and peers.
Ideally, the system should be composed of the board of directors, advisory board, employee committee, customer committee and executive board.
Process And Business Management
Last but not least, we have business and process management.
Once the rules with corporate governance have been established and risk management has been complied with, it is necessary to optimize processes and ensure that each employee masters their role so that the company runs in line with compliance in business.
Here, productivity issues come into play, identifying bottlenecks and waste.
It is necessary to ensure that the company is delivering value to end customers without unnecessary costs.
What Are The Pillars Of Compliance?
A compliance program must be supported by some pillars on which the mechanisms of control, detection and prevention of fraud and irregularities are based.
Below, check out some pillars compiled from the rules of Decree 8420/15 :
Commitment From The Top Management Of The Company
Change must start at the top.
Without the adhesion and commitment of the company’s executives , including the directors, it is not possible to implement an internal compliance policy.
By supporting the program, top management sets an example and encourages the adhesion of other members of the organization.
Risk Assessment Methods
Companies run different types of risks , whether economic, regulatory or reputational.
In the context of compliance in business, risks are related to losses caused by non -compliance with legal rules and ethical standards, both internal and external.
A good compliance program must include assessment methods that map the nature and extent of the risks to which the organization is exposed.
This method has a name: Compliance Risk Assessment (CRA) , a roadmap that must be performed periodically by the compliance officer and senior leadership.
Implementation Of Compliance Policy And Code Of Conduct
The standards of conduct, which include an integrity and transparency policy , must be established in a formal document, extended to third parties.
In addition to maintaining legal compliance n business , the code of conduct contributes to the creation of an upright organizational culture that encourages ethical behavior .
According to Decree No. 8,420/15, companies that adopt integrity programs may have a reduced fine in any convictions resulting from administrative proceedings.
Several internal control instruments can be adopted in order to prevent the occurrence of events that could materialize a risk , whether regulatory or reputational.
Based on the control mechanisms, managers monitor the company’s routine in the face of external obligations and the code of conduct itself.
In this respect, technology can be useful.
Through computerized systems , the internal control can collect and process information in real time about the different areas of activity of the company.
Communication And Training
A compliance program will not be effective without communication and training .
All company employees must understand the rules and know their role in complying with them.
The idea is to create an organizational culture oriented towards legal and ethical compliance.
It should reflect on the routine of each member of the organization.
For this, training needs to be periodic, in order to ensure the adaptation and improvement of the program and make adjustments when necessary.
Even if a company has a program that uses artificial intelligence to patrol different sectors of the organization, misconduct may occur that are imperceptible to the system.
The whistleblowing channels , in this case, are a mechanism that helps to control and identify eventual compliance problems.
Channels must be open to employees and third parties, and must ensure the protection of whistleblowers.
If any deviation is detected that violates the compliance program, the company must immediately proceed with an internal investigation.
The objective is to stop the irregularities found or infractions detected and to take the appropriate measures.
Due diligence consists of evaluating organizations that have some connection with the company in cases of outsourcing, consortiums, joint ventures, etc.
It is a very common process in Mergers and Acquisitions (M&A) operations , or mergers and acquisitions.
The idea is to investigate the conditions precedent of a deal and assess whether or not it is worth going ahead with the negotiation.
Auditing And Monitoring
Finally, through constant auditing and monitoring, the compliance program is able to keep the business within the limits of the law and in compliance with the code of conduct.
Based on continuous monitoring, it becomes easier to improve methods of preventing, detecting and combating irregularities that could harm the company, both from an economic and reputational point of view.
How Important Is Compliance?
As already highlighted, compliance in business has become very important in a context in which there is less and less tolerance for corruption .
Just pay attention to the news in recent years to find references and several companies cited in corruption scandals.
Petrobras alone expects to recover more than R$ 40 billion under the Lava-Jato Operation – an amount that corresponds to the losses accumulated on the company as a result of fraudulent practices.
A report (in English) released by the Association of Certified Fraud Examiners (ACFE) points out that, worldwide, in 2018, only 15% of all cases of fraud in companies were detected by internal audit processes. .
Most of the findings are linked to employee complaints (40%), which reveals a great opportunity for compliance programs to tackle the problem.
In addition, on average, those interviewed by the entity stated that they believe that up to 5% of company revenues are wasted annually in cases of fraud.
When considering global GDP, ACFE then concluded that losses from this cause could reach an incredible $4 trillion.
Such data are definitive to attest to the importance of compliance in business .
But there are other aspects to consider in this analysis.
In an increasingly connected world , a lack or deficiency in company control can result in confidential information being leaked.
Therefore, the issue of storage in cloud computing (in the cloud, remotely) must be evaluated within risk management, an integral part of a well-designed compliance policy.
When we talk about “being” or “being” in compliance, this goes beyond keeping deadlines and delivering a product that complies with what was advertised.
The risk of acting without compliance is great, and may result in legal or financial sanctions for the institution.
This type of conduct can ultimately extinguish an organization, either due to the high costs of fines and penalties imposed, or the total loss of its reputation.
Key Benefits Of Compliance
Compliance in business defines the practices and actions that are aligned with the company’s values .
Such practices must be explained in an official document aimed at fighting corruption, such as a code of conduct or a company policy.
The main and most obvious advantage of adopting compliance is to preserve the civil and criminal integrity of management members, other employees and even the company itself.
Keeping the practices within the regularity, the organization stays away from problems with the law.
This leads to an increase in efficiency , as the company’s managers in compliance start to make decisions with more quality, reducing operational costs.
There is also a productivity gain in organizations that have a well-established code of ethics among employees.
This alignment of everyone around a strong ethic increases the general feeling of satisfaction.
And if there’s one thing theory and practice agree on, it’s that satisfied people work better.
As an example, we can mention the study by the University of Warwick, in the United Kingdom, which found that happy employees produce 12% more .
In this sense, the numbers show that companies with strong compliance gain a competitive advantage by offering an organizational culture capable of retaining talented employees and retaining customers.
What Types Of Compliance?
Over time, organizations from other sectors have also started to adopt compliance initiatives, whether due to regulatory requirements or market needs.
Currently, the main types of compliance are:
It is a set of internal rules that aims to ensure companies’ compliance with tax legislation .
It encompasses both the main tax obligations (related to the correct payment of taxes) and the accessory ones (detailed reports of tax activities).
In addition to ensuring compliance with obligations to government agencies, tax compliance prevents unnecessary payment of taxes, making the company more competitive.
Compliance can be adopted by different organizations: governments, NGOs, associations and companies.
Corporate compliance , therefore, is the set of rules whose purpose is to keep the company in compliance with legal rules and good practices.
Companies that create compliance programs gain investor trust, have credibility in the market, avoid lawsuits and create a healthy environment to work in.
Learn more about the importance of compliance in business management in this lecture on the FIA YouTube channel.
Tax compliance in business is the set of rules that aims to adapt the company to current tax regulations . It is directly related to tax compliance.
While the tax sector takes care of the calculation and collection of taxes and ancillary obligations, the tax department takes care of all tax bookkeeping and data entry into the management system.
Both fiscal and tax compliance aim to ensure compliance with the Tax Authorities, avoiding losses with undue payment of taxes or fines for errors and delays.
From recruitment to eventual dismissal, companies need to keep all labor aspects within the legality to avoid headaches with lawsuits.
With labor compliance, it is possible to establish a set of rules and conduct that guarantee compliance with laws, collective agreements and the job and career plan .
In addition to observing the legislation, labor compliance must also cover topics such as occupational safety, promotion and integration, respect for diversity, among other aspects.
Learn more about labor compliance in this lecture published on the FIA YouTube channel:
In addition to the applicable sanctions, companies that do not comply with the law are also frowned upon by investors and consumers.
Therefore, complying with environmental rules and developing policies that value the local community are attributions of socio-environmental compliance.
It is a set of rules that ensure compliance with the law and the organization’s commitment to the ESG agenda .