Open main menu

Wikipedia β

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organizations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws, policies, and regulations.[1] Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls.[2] This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources.


The International Organization for Standardisation (ISO) produces international standards such as ISO/IEC 27002. The International Electrotechnical Commission (IEC) produces international standards in the electrotechnology area. The ISO 19600 standard provides a reminder of how compliance and risk should operate together, as “colleagues” sharing a common framework with some nuances to account for their differences.[3]

Some local or international specialized organizations such as the American Society of Mechanical Engineers (ASME) also develop standards and regulation codes. They thereby provide a wide range of rules and directives to ensure compliance of the products to safety, security or design standards.[4]

There are a number of other regulations which apply in different fields, such as PCI-DSS, GLBA, FISMA, Joint Commission and HIPAA. In some cases other compliance frameworks (such as COBIT) or standards (NIST) inform on how to comply with the regulations.

Most recently, the regulatory compliance field, especially in the human services delivery system (early care and education, child welfare, and adult care), has been proposing measurement and monitoring methodologies (Fiene, 2018), such as key indicators, risk assessment and differential monitoring (National Association for Regulatory Administration (NARA), 2015).

Contents

By nationEdit

AustraliaEdit

Standards Australia revised the standard titled "AS 3806 - Compliance Programs". While many aspects of the original standard produced in 1998 standard appear in the 2006 version there are additional principles covered. Regulators in Australia continue to endorse and encourage (by regulation) the use of the standard when establishing a compliance framework.

The regulators are the Australian Securities and Investment Commission, AUSTRAC (for AML), ATO (for FATCA and CRS) and the Australian Prudential Regulation Authority (APRA).

Compliance demands in the superannuation industry continue to increase due to the new licensing regime implemented by APRA. The new licensing regime requires trustees of superannuation funds to demonstrate to APRA that they have adequate resources (human, technology and financial), risk management systems and appropriate skills and expertise to manage the superannuation fund. The licensing regime has lifted the bar for superannuation trustees with a significant number of small to medium size superannuation funds exiting the Industry due to the increasing risk and compliance demands. The UK has a regulatory framework that all its publicly listed companies should follow while preparing their annual reports. It provides the core financial statements that must appear in a yearly report, and they include; balance sheet, comprehensive income statement, statement of changes in equity as well as cash flow statement as required under international accounting standards. If further demonstrates the relationship that subsists among shareholders, management and the independent audit teams. It is critical that all firms be guided by a universal code of corporate governance to enable companies to respond to issues that concern shareholders in a manner that enhances the effectiveness of organizational governance principle. Moreover, there are certain aspects of information that when not emphasized cannot be provided to the shareholders . Thus, the framework plays a critical role through its emphasis on statutory disclosure in highlighting all the items that it considers vital for the shareholders. Financial statements must be prepared using a particular set of rules and regulations hence the rationale behind allowing the companies to apply the provisions of company law, international financial reporting standards (IFRS), as well as the UK stock exchange rules as directed by the Financial Conduct Authority (FCA). It is also necessary that shareholders cannot understand the figures as presented in the various financial statements hence it is critical that the board should provide notes on accounting policies as well as other explanatory notes to make them understand the report better.

The 19600 standard on “Compliance Management Systems” reflects largely the existing AS 3806-2006 standard, which it will replace.[5]

CanadaEdit

Financial regulation in Canada is governed federally by two independent bodies, the OSFI [1] through the Bank Act and FINTRAC mandated by Proceeds of Crime (Money Laundering) and Terrorist Financing Act, 2001 (PCMLTFA).

On a provincial level, each province maintain individuals laws and agencies. Unlike any other major federation, Canada does not have a securities regulatory authority at the federal government level. The provincial and territorial regulators work together to coordinate and harmonize regulation of the Canadian capital markets through the Canadian Securities Administrators (CSA).

Keeping the Promise for a Strong Economy Act (Budget Measures), 2002 is an Ontario legislative bill effective April 7, 2003,[6] which provides for regulation of securities issued in the province of Ontario. The legislation encompasses many areas. It is perhaps best known for clauses that provide equivalent legislation to the U.S. Sarbanes-Oxley Act to protect investors by improving the accuracy and reliability of corporate disclosures. Thus, it is also known as the "Canadian Sarbanes-Oxley" Act or C-SOX (see-socks).

IndiaEdit

In India, compliance regulation takes place across three strata: Central, State, and Local regulation. India veers towards central regulation, especially of financial organizations and foreign funds.[7] Compliance regulations vary based on the industry segment in addition to the geographical mix. Most regulation comes in the following broad categories: economic regulation, regulation in the public interest, and environmental regulation.[8] India has also been characterized by poor compliance - reports suggest that only around 65% of companies are fully compliant to norms.[9]

United KingdomEdit

There is considerable regulation in the UK, some of which is from EU legislation. Various areas are policed by different bodies, such as the FCA (Financial Conduct Authority), Environment Agency and Scottish Environment Protection Agency, Information Commissioner's Office, CQC and others.

Important compliance issues for all organisations large and small include the Data Protection Act 1998 and, for the public sector, Freedom of Information Act 2000.

The UK Corporate Governance Code (formerly the Combined Code) is issued by the Financial Reporting Council (FRC) and sets out standards of good practice in relation to board leadership and effectiveness, remuneration, accountability and relations with shareholders. All companies with a Premium Listing of equity shares in the UK are required under the Listing Rules to report on how they have applied the Combined Code in their annual report and accounts (The Codes are therefore most similar to the US' Sarbanes-Oxley Act).

ChallengesEdit

Data retention is a part of regulatory compliance that is proving to be a challenge in many instances. The security that comes from compliance with industry regulations can seem contrary to maintaining user privacy. Data retention laws and regulations ask data owners and other service providers to retain extensive records of user activity beyond the time necessary for normal business operations. These requirements have been called into question by privacy rights advocates.[10]

Compliance in this area is becoming very difficult. Laws like the CAN-SPAM Act and Fair Credit Reporting Act in the U.S. require that businesses give people the “right to be forgotten.” In other words, they must remove individuals from marketing lists if it is requested, tell them when and why they might share personal information with a third party, or at least ask permission before sharing that data. Now, with new laws coming out that demand longer data retention despite the individual’s desires, it can create some real difficulties.

United StatesEdit

Corporate scandals and breakdowns such as the Enron case of reputational risk in 2001 have increased calls for stronger compliance and regulations, particularly for publicly listed companies.[11] The most significant regulation in this context is the Sarbanes–Oxley Act developed by two U.S. congressmen, Senator Paul Sarbanes and Representative Michael Oxley in 2002 which defined significantly tighter personal responsibility of corporate top management for the accuracy of reported financial statements; and the Dodd-Frank Wall Street Reform and Consumer Protection Act.

The Office of Foreign Assets Control (OFAC) is an agency of the United States Department of the Treasury under the auspices of the Under Secretary of the Treasury for Terrorism and Financial Intelligence. OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against targeted foreign states, organizations, and individuals.

Compliance in the U.S. generally means compliance with laws and regulations. These laws can have criminal or civil penalties or can be regulations. The definition of what constitutes an effective compliance plan has been elusive. Most authors, however, continue to cite the guidance provided by the United States Sentencing Commission in Chapter 8 of the Federal Sentencing Guidelines.[12][13]

On October 12, 2006, the U.S. Small Business Administration re-launched Business.gov (new Business.USA.gov)[14] which provides a single point of access to government services and information that help businesses comply with government regulations.

The US Department of Labor, Occupational Health and Safety Administration (OSHA) was created by Congress to assure safe and healthful working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance. OSHA implements laws and regulations regularly in the following areas, construction, maritime, agriculture, and recordkeeping.[15]

DefinitionsEdit

Compliance data is defined as all data belonging or pertaining to enterprise or included in the law, which can be used for the purpose of implementing or validating compliance. It is the set of all data that is relevant to a governance officer or to a court of law for the purposes of validating consistency, completeness, or compliance. Compliance software is increasingly being implemented to help companies manage their compliance data more efficiently.

See alsoEdit

ReferencesEdit

  1. ^ Compliance, Technology, and Modern Finance, 11 Journal of Corporate, Financial & Commercial Law 159 (2016)
  2. ^ Silveira, P., Rodriguez, C., Birukou, A., Casati, F., Daniel, F., D'Andrea, V., Worledge & C., Zouhair, T. (2012), Aiding Compliance Governance in Service-Based Business Processes, IGI Global, pp. 524–548 
  3. ^ Tattam, David. "Compliance Risk Management". Protecht Risk Management Insights. Retrieved 27 March 2015. 
  4. ^ Boiler and Pressure Vessel Inspection According to ASME
  5. ^ Tattam, David. "Compliance Risk Management". Protecht Risk Management Insights. Retrieved 27 March 2015. 
  6. ^ H. Garfield Emerson, Q.C. and Geoff A. Clarke. "Bill 198 and Ontario's Securities Act: Giving Investors and the OSC Added Muscle." Paper presented at the 3rd Annual Directors’ Governance Summit. November 17-19, 2003. Archived 2011-05-26 at the Wayback Machine.
  7. ^ avantisadmin (2016-09-18). "The structure of regulatory compliance in India". Avantis. Retrieved 2016-09-18. 
  8. ^ "Regulatory Management and Reform in India" (PDF). OECD. 
  9. ^ "India Inc has poor record in regulatory compliance | Latest News & Updates at Daily News & Analysis". 2014-10-12. Retrieved 2016-09-18. 
  10. ^ "Compliance Challenge: Privacy vs. Security". Dell.com. Archived from the original on 2011-02-26. Retrieved 2012-06-19. 
  11. ^ Compliance, Technology, and Modern Finance, 11 Journal of Corporate, Financial & Commercial Law 159 (2016)
  12. ^ "Special Reports and Discussions on Chapter Eight". USSC.gov. Archived from the original on November 23, 2010. 
  13. ^ The Ethics and Compliance Initiative (ECI). "Principles and Practices of High Quality Ethics & Compliance Programs". pp. 12–13. Retrieved 31 August 2016. 
  14. ^ "Explore Business Tools & Resources". Business.USA.gov. 
  15. ^ "OSHA Law & Regulations | Occupational Safety and Health Administration". www.osha.gov. Retrieved 2017-04-07. 

External linksEdit

  • Business.USA.gov, Official U.S. Government Portal for Complying with Regulations.
  • European Project COMPAS, European Project COMPAS - Compliance-driven Models, Languages, and Architectures for Services; funded by the EU 7th Framework Programme Information and Communication Technologies Objective.