A lot of people ask me what is actually meant by Compliance?, what areas does it cover, is one area more important than another, is there an area that I should really ensure that I’m compliant in etc.?
The answer is not very complex. Compliance for an organisation means fully complying with all national and international laws and regulations that pertain to your particular business, to the building you operate out of, all health and safety regulations, as well as professional standards and accepted business practices. Some areas are more regulated than others, e.g. financial institutions and healthcare. The more complex your organisation, the more regulations and laws you have to adhere to and the more complex your organisation the greater the need for a Compliance Officer. A compliance officer’s role is to ensure the organisation is complying with its outside legal and regulatory obligations as well as complying with all its internal policies and procedures. In smaller organisations the compliance officer and risk officer maybe one and the same person. But in larger organisations this is not ideal, as the risk officer should be evaluating any areas of non-compliance that pose a potential risk. Therefore if you are both, i.e. risk and compliance officer, it’s difficult to report yourself in the event of non-compliance.
There are 5 general areas that an organisation should look at to ensure they are capturing all potential compliance risks.
- Health Safety & Welfare at Work – There is comprehensive legalisation here that covers everything from your responsibilities to the employee around working hours, PPE and discrimination, to the safety of the building they work in e.g. fire and electrical infrastructure.
- Process and Procedures Risk- The risk here for non-compliance is that your processes and procedures fail and you do not meet your regulatory duties to your stakeholders resulting in fines and legal prosecutions. This is particularly relevant to the healthcare and financial sectors.
- Corrupt Practices – Every organisation is responsible for its employees carrying out their work in a fair and ethical manner. Corrupt practices include fraud or bribery.
- Environmental Standards- This risk is coming more and more into play with climate change and action. Organisations are responsible for the environment they operate in and are legally bound to protect that environment from their business processes.
- Quality Standard – Organisations are responsible for ensuring that the products they provide to their customers are of a certain standard and are safe. This could mean food products, pharma products or engineering products.
So to answer the question, what area is more important from a compliance perspective, the answer is all areas. Each risk brings its own penalties and consequences, although the consequences for breach of health and safety maybe more catastrophic. Ignoring a risk in your organisation is fine till something goes wrong. You just have to be lucky 365 days of year, and that my friend is a big ask!