What is a compliance management system?
In its most basic form, a compliance management system is a collection of policies, licences, relationships with government, and internal processes that all work together to maintain your company’s good standing in the eyes of the law. They are both cohesive enough to not miss any details or be hobbled by unforeseen circumstances, but flexible enough to adapt to any sort of regulatory shifts or changes in government. In the absence of a credible compliance management system, some companies choose to hire lobbyists in order to shift policy in their favour as opposed to adapting to it. This could become expensive, however, and is no guarantee of results, so increasingly, companies are focusing on the strength and integrity of their compliance management systems as part of their business plans.
Who is in charge of compliance management?
Ownership of the compliance management system generally falls to the board of directors, but those responsible for actually implementing and enforcing it are usually senior management. At the top, professionals in business administration, finance, and law are typically those most trusted to shape what the company’s compliance management system does. No single discipline can take entire ownership of the system, as that could foster biases that could lead to punitive damages and strikes to the company reputation. It is therefore important that no element of your business’ operations goes overlooked.
Why compliance management is important
In Canada specifically, and around the world more generally, there has been a heightened focus on environmental and social governance (ESG). While this is not exactly the same thing as compliance management, it is similar in that the directives set out by the executive suite are implemented across the organization, and any failure to “live up” to these directives could potentially cause harm to the business. The key differentiation between ESG and compliance management is the circumstances for not meeting the requirements. While a company that does not meet its ESG targets may suffer some reputational damage, there would be no ramifications for the organization. On the other hand, compliance management serves to remain compliant with laws and regulations.
Complaints and auditing
Complaints and auditing are important elements of any compliance management system. Businesses that operate in a highly regulated industry usually have a simple and anonymous complaints protocol for when wrongdoing is suspected, with a transparent auditing mechanism to properly investigate such complaints.
If a product or service failure only happens to a select few customers under very specific circumstances, you may be able to dismiss it as being within the expected margin of error or failure rate of your product or service offering. If numerous customers are complaining about a specific issue, it may be important for the integrity of your compliance management system to document these incidents, model the data, and make an informed decision about how to proceed before the issue worsens. This may be especially crucial in instances where customers experience physical, psychological, or financial harm from your product or service offering. Ideally, the complaints would be addressed and corrected within a reasonable amount of time and action would be taken to prevent these issues from occurring again.
This is also where the auditing role of a compliance management system becomes important. Companies in Canada, especially those in federally regulated industries, need to maintain a level of transparency that inspires confidence in their industry as a whole.
Implementing compliance management
So now you understand the principles of proper compliance management, we will provide guidance on implementing it. While there are some software providers that specialize in compliance management, organizations may also take a wider organizational approach to maintaining compliance. The first step would be to gain leadership buy-in. Rather than simply letting company executives create a system and implement it, they could also emphasize its importance to the broader organization. Modelling compliance properly at the top may help it trickle down to the rest of your organization.
The second step would be check whether your company’s policies and procedures are easily accessible and understandable by a broad range of collaborators and not just those with professional degrees. It may be helpful to set regular intervals where you review these policies and procedures to check they are up to date and aren’t at risk of becoming obsolete.
Training the entire organization on important compliance matters would the third step. Fostering a wider understanding of what your company does and how it needs to do it in order to remain operational may encourage employees to value compliance and assist you in maintaining it across your organization. Continuously monitoring the progress of and adherence to these efforts is where auditing plays a major role. Keeping on top of who has which training, when they’re due to be refreshed on it, and how they are implementing it on a regular basis could help safeguard your company from unexpected pitfalls.
While compliance management is set from the top of an organization, everyone’s participation helps make it work. That’s why it’s helpful to maintain open channels of communication between all levels of your company. If an employee spots a potentially problematic compliance issue that would never be picked up on by someone in the C-suite, they may then have a channel to voice their concerns. They may also feel more supported by a feedback mechanism to be able to see their suggestion in action.
It’s easy to overlook the importance of compliance management. After all, if your company is compliant, it’s the last you hear about the issue. It’s only when things go wrong that you may start to take a closer look. Implementing a compliance management system today could help you save yourself the hassle of rectifying these issues in the future.
