The term is based on the English word “Compliance”, which means “Compliance, obedience”. The Oxford Dictionary defines it as “Acting as requested and directed.” In simple words, compliance risks are a potentially existing threat of financial and reputational losses for an enterprise due to violation by its personnel or management of internal regulations and documents of the organization, current state legislation, requirements of regulatory authorities, and ethical business standards.
The main reasons for the occurrence of compliance risks in a company include the following:
the organization’s personnel do not monitor changes made to tax, antimonopoly and anti-corruption legislation;
the internal control system at the enterprise does not function or is organized incorrectly (for example, counterparties are not checked for good faith before concluding contracts, potential risks and threats are not identified, malfeasance remains unattended);
the company’s employees do not have the proper qualifications and do not understand what actions are illegal and what consequences can result from behavior that does not comply with the accepted standards of business ethics in the industry;
the organization’s personnel are capable of committing illegal actions, guided by personal gain, or have a low level of executive discipline.
According to statistics from one of the most famous auditing companies, KPMG, in nine out of ten cases of workplace fraud, the reason lies in insufficient internal controls.
The main group of compliance risks includes three types:
Operational – risks of losses and technical errors arising due to non-compliance by employees and managers of the organization with its internal regulations and approved corporate policies.
Legal – arising as a result of violation of the current legislation of the country and leading to disputes and proceedings with regulatory authorities.
Reputational – risks associated with the loss or significant deterioration of the company’s current reputation due to negative publications about it in the media and social media. They, in turn, are divided into global (affect a significant part of society in a country or even several states), corporate (affect an individual company) and local (relate to a specific employee or group of employees of the organization).
Use specialized tools and programs in your company’s work that can help manage compliance risks. Their functionality can be quite broad: from ensuring high accuracy of corporate information to identifying questionable or illegal actions. Actively use special software to minimize the risks of failure to provide the necessary data on time.
The organization’s personnel must clearly understand not only their own job responsibilities, but also their role in ensuring the company’s protection from compliance risks. Be sure to establish this in employment contracts and internal corporate standards.
If a business process has a detailed description and an algorithm for its operation, but even under these conditions it does not function properly, this is a signal to review and adjust internal corporate standards.
The main goal of compliance is to bring any corporate activity into compliance with current legislation and maintain it within the legal framework.
Today in Russia, compliance is at the very beginning of its development. Most often, this concept is used in foreign companies operating in our country, as well as in banking and credit organizations; Antimonopoly compliance risk management is actively developing. Ten years ago, the National Compliance Association was organized, providing advisory assistance to entrepreneurs.
Over the past few years, the sphere of small and medium-sized businesses has experienced increased interest from control and supervisory authorities: the number of inspections of enterprises, especially by tax authorities, has increased significantly. Practice shows that tax services are more loyal to those companies that have a compliance control system. There are often cases when the Federal Tax Service, instead of an administrative fine, issues recommendations to such companies to eliminate the violations identified during the inspection.
Now more and more companies are abandoning shadow financial schemes and carrying out their activities in the white, demonstrating a commitment to the principles of transparency in all business processes and a complete rejection of any corrupt practices. This approach guarantees the loyalty of not only customers, but also partners and suppliers. If your organization cooperates with foreign counterparties or investors, you cannot do without compliance.
The compliance risk management system organized at the enterprise helps it carry out its activities within the framework of the country’s legislation, norms and standards accepted in the industry, the requirements of regulatory authorities, as well as its own internal rules.
The main goals of the enterprise compliance system include:
bringing all business processes of the organization into compliance with current legislation and the requirements of control and supervisory services;
prevention of actions leading to violation of laws and, as a result, the application of penalties to the company;
reducing the impact of existing compliance risks on the financial performance of the company;
formation of corporate ethics and culture that does not allow illegal and fraudulent actions, as well as violations of business ethics.
As a rule, these are very busy people who do not like to listen to long presentations about how dangerous this or that threat is and what consequences it can lead to. At the same time, most often they are not interested in the risk itself and how to minimize it, but in how much it can be mitigated and whether it can be completely eliminated.
A shareholder compliance system is vital. It is able to minimize the threat of long and painful inspections by regulatory authorities, lawsuits and proceedings. It can help save the financial resources of an enterprise: if you minimize the possibility of a particular compliance risk, in the future you will not have to spend money on paying fines and the work of consultants, lawyers and advocates. The compliance system helps maintain the company’s reputation, the loyalty of clients, partners, and suppliers.
In most cases, these people are hired risk managers, IR managers of institutional investment corporations, or employees of large financial institutions, working according to their own standards and approved internal rules. Thus, investors are limited by the rules of the compliance system of the enterprise for which they work; in addition, each exchange has its own internal standards and norms, which also need to be taken into account.
In order to effectively invest money in shares or securities and enter any exchange, companies often hire a compliance manager who studies the risks in detail from all sides and helps the organization enter the selected site.
Often after going public, investors feel quite stable. But over time, quite serious questions will arise for compliance managers about the reliability of securities. Investors are likely to ask their IR managers numerous questions about the securities in which they have invested. And if the answers do not coincide with the available data (for example, annual financial reports or information from partners), the question of getting rid of such assets will arise immediately. However, negotiations on this decision may drag on, which will subsequently lead, at best, to loss of investment, and at worst, to litigation.
Before investing in the securities of a particular company, you should study all possible threats. For example, the implementation of compliance risks of banks or other financial organizations wishing to invest their financial resources in any company in future periods may result in huge fines, a ban on business activities in the main assets and areas, endless litigation and inspections by regulatory authorities. -supervisory authorities.
History knows many examples when, for example, the implementation of compliance risks of violating antimonopoly laws led to a sharp decline in the value of shares of even large international corporations.
All this emphasizes the need for compliance control for any investor. A qualified assessment of potential threats allows him to receive larger dividends in the future from his investments in securities, and also to be confident that in the event of unforeseen or force majeure circumstances, he will be able to fully return all invested funds.
Government officials focus on monitoring compliance with laws, regulations, rules and standards, and applying penalties when they are violated. In other words, government regulators exercise external control over enterprises, while the company’s compliance risk management system exercises internal control.
Government regulators were originally created to help operating organizations operate within the law, prevent fraudulent and illegal activities, and help improve compliance with laws and regulations.
Compliance rules and job descriptions for employees of state regulators are structured in such a way as to guarantee the disclosure of violations to regulators who are in the process of constant monitoring of the activities of companies as a result of their inspections. For this, control and supervisory authorities can provide discounts on the payment of fines, as well as apply less severe penalties.
Control and supervisory services monitor the collection of taxes and fines; their work is also aimed at reducing the level of public dissatisfaction with inaction regarding violations and fraudulent actions on the part of existing organizations and enterprises.
Government regulators need a compliance system to monitor the activities of companies and take measures to force firms to work within the framework of the law.