What is a compliance management system?
In its most basic form, a compliance management system is a collection of policies, licences, relationships with government, and internal processes that all work together to maintain your company’s good standing in the eyes of the law. It should be cohesive enough to not miss any details or be hobbled by unforeseen circumstances, but flexible enough to adapt to any sort of regulatory shifts or changes in government. In the absence of a credible compliance management system, some companies choose to hire lobbyists in order to shift policy in their favour as opposed to adapting to it. This can become expensive and is no guarantee of results, so increasingly, companies are focusing on the strength and integrity of their compliance management systems as part of their business plans.
Who is in charge of compliance management?
Ownership of the compliance management system generally falls to the board of directors, but those responsible for actually implementing and enforcing it are usually senior management. At the top, professionals in business administration, finance, and law are typically those most trusted to shape what the company’s compliance management system does. No single discipline can take entire ownership of the system, as that could foster biases that can lead to punitive damages and strikes to the company reputation. It is therefore important that no element of your business’ operations goes overlooked.
Why compliance management is important
In Canada specifically and around the world more generally, there has been a heightened focus on environmental and social governance (ESG). While this is not exactly the same thing as compliance management, it is similar in that the directives set out by the executive suite are implemented across the organization and any failure to “live up” to these directives can cause harm to the business. The key differentiation between ESG and compliance management is the circumstances for not meeting the requirements. For example, a bank may take an ESG approach to how it hires. It may state that by a certain year, it plans to hire a certain percentage of visible minorities and women. If by that certain year, the bank does not meet its target, there are no ramifications, and it is allowed to continue to operate as usual (aside from some reputational harm it may suffer if Canadians deem it unacceptable). Now, if that same bank demonstrated a clear and consistent pattern of refusing to hire visible minorities and women and was sued in a class-action lawsuit, it would run afoul of numerous provincial, federal, and human rights laws and would suffer as a result—it would be out of compliance. In fact, hiring and laying off employees are often when companies fall out of compliance. An effective compliance management system would have flagged these issues to key decision makers long before it spiralled out of control, potentially saving the company millions of dollars in legal penalties and other administrative sanctions.
Complaints and auditing
This situation also highlights the importance of two crucial elements of any compliance management system: complaints and auditing. Every business that operates in a highly regulated industry needs a simple and anonymous complaints protocol for when wrongdoing is suspected, and it needs a fulsome and transparent auditing mechanism to be able to properly investigate such complaints.
If a product or service failure only happens to a select few customers under very specific circumstances, you may be able to dismiss it as being within the expected margin of error or failure rate of your product or service offering. If numerous customers are complaining about a specific issue, it is important for the integrity of your compliance management system to document these incidents, model the data, and make an informed decision about how to proceed before the issue spirals out of your control. This is especially crucial in instances where customers experience physical, psychological, or financial harm from your product or service offering. Ideally, the complaints are addressed and corrected within a reasonable amount of time and action is taken to prevent these issues from occurring again.
This is also where the auditing role of a compliance management system becomes important. Companies in Canada, especially those in federally-regulated industries, need to maintain a level of transparency that inspires confidence in their industry as a whole. For example, if an airline has repeated safety violations but they wave it off as just part of doing business, it won’t be long before the government cracks down on its ability to operate. Customers will lose faith in the airline to provide a safe and predictable means of travel, and before long, the company will be suffering not only reputational harm but also federal sanctions for failing to look inward and mitigate its issues. This would have a knock-on effect of customers becoming skeptical of the safety practices of other Canadian airlines, and before long, Canadian aviation as a whole is viewed in a negative light. If this same airline had a proper compliance management system in place with a transparent auditing mechanism, the safety issues would have been dealt with long before the third or fourth time they occurred (at which point, customers or employees may have experienced harm). The safety issues would not have become a public debacle, and the proper team members would have been engaged long before things spiralled out of control.
Implementing compliance management
So now you understand the principles of proper compliance management, but here comes the hard part: how to implement it. While there are some software providers that specialize in compliance management, it’s important to take a wider organizational approach to maintaining compliance. First, you need leadership buy-in. It isn’t enough to simply let company executives create a system and implement it, they also need to emphasize its importance to the broader organization. If ethics and compliance are modelled properly at the top, you can be sure that this will trickle down to the rest of your organization.
You also need to pay attention to your company’s policies and procedures. They should be easily accessible and understandable by a broad range of collaborators and not just those with professional degrees. Set regular intervals where you review these policies and procedures to ensure they follow the law of the day and aren’t at risk of becoming obsolete.
Training the entire organization on important compliance matters is your next step. Fostering a wider understanding of what your company does and how it needs to do it in order to remain operational can drive employees to value compliance and assist you in maintaining it across your organization. You will need to continuously monitor the progress of and adherence to these efforts, which is where auditing plays a major role. Keeping on top of who has which training, when they’re due to be refreshed on it, and how they are implementing it on a regular basis can safeguard your company from unexpected pitfalls and keep you compliant without interruption.
While compliance management is set from the top of an organization, it needs everyone’s participation to work. That’s why you need to maintain open channels of communication between all levels of your company. If an employee spots a potentially problematic compliance issue that would never be picked up on by someone in the C-suite, they need a channel to voice their concerns. They also need a feedback mechanism to be able to see their suggestion in action. Keeping documentation isn’t enough on its own.
It’s easy to overlook the importance of compliance management. After all, if your company is compliant, it’s the last you hear about the issue. It’s only when things go sideways and your company is operating illegally and you are caught in the act that things become serious. Don’t be one of those companies. Implement a compliance management system today to save yourself the hassle of rectifying these issues in the future.
