Why is having a compliance department so important and how can you set one up?
Having a compliance department is important because it makes an organisation proactive rather than reactive in detecting and preventing wrongdoing. This not only protects you from substantial fines but can also help you to establish the right ethical tone within the organisation, making it easier for employees to make the right choices. There are various stages to setting up an effective compliance department. Firstly, there needs to be support for compliance from the executive team, Board of Directors and the organisation at large. A culture of compliance should be fostered at all levels, but especially at the top.
Secondly, you will need to perform a compliance audit which will give you a full picture of the compliance health of your organisation. You could appoint an internal team to do this, but an independent audit may prove a better alternative, especially if internal resources are scarce.
It is then essential to conduct a risk assessment which assesses the organisation’s full range of risk exposure and can help with prioritising risks, and effectively allocating resources to risk mitigation. Your risk assessment should take into account various areas, including: bribery and corruption risk, anti-money laundering, environmental regulations, trade sanctions, export compliance, and an area which is particularly pertinent to the increasing digitisation as a result of Covid-19, cyber risk. This process is internally driven and should address inherent risks as well as controls to mitigate them, including: risk description, risk event type, impact and likelihood for net (or residual risk), control effectiveness and a remedial action plan, if necessary.
In addition, an appropriate code of conduct and policies should be drafted which should contain a section describing the various ways and processes etc. This code of conduct should be translated if the organisation has foreign location because it is difficult to convince a regulator that you have an effective in-country compliance program if it is only available in one language.
Finally, it is crucial to appoint a compliance officer who will have a direct line into the CEO and Board of Directors and will be responsible for ensuring that the organisation complies with regulatory requirements and internal policies and that training is provided to staff.
Training is paramount for the effectiveness of any compliance programme. If the employees of the organisation are not trained in identifying risks when they arise, the compliance programme will be ineffective. Therefore, making training mandatory and offering incentives to participate will go a long way.
If you would like support in setting up your compliance department. EBII Group’s team of risk and compliance experts can support you. We can also support your organisation through our custom online, virtual and or in-house training materials/sessions.