What Is Compliance?
And what it means for your organization.
- The importance of a compliance department.
- What corporate governance is.
- Common areas of compliance.
Policies and procedures provide the backbone for operations in any organization. But even the best-laid rules and strategies do no good without compliance.
So, what is compliance?
Compliance is the act of complying with a command, desire, or rule. Alternately, some give the definition of compliance as adhering to requirements, standards, or regulations.
Both of these compliance definitions are important for your organization. To be successful, your organization must take steps to make sure every staff member is complying with internal policies and rules you put in place.
You also must ensure that your company as a whole is in compliance with any external laws, regulations, or standards relating to your industry.
Get Better Compliance
Sign up to get more resources and best practices right in your inbox.
You will receive our next newsletter in your inbox soon.
What Does Compliance Mean for Your Organization?
In general, compliance in the workplace involves two important areas:
- Regulatory Compliance: the steps an organization takes to comply with relevant external laws, regulations, and guidelines.
- Corporate Compliance: the actions and programs an organization sets in place to ensure compliance with internal policies, procedures, and accepted behavior, as well as external regulations.
These types of compliance go hand in hand, and both are essential. An organization that neglects regulatory compliance may face federal fines or legal action, and could even be shut down.
An organization without a corporate compliance program may have chaotic, wasteful, or unethical practices.
Usually, companies ensure compliance by creating policies and procedures and then establishing a compliance department to make sure everyone adheres to policy.
What Is a Compliance Department?
Many organizations create a compliance department or committee to help enforce compliance. Some companies may have one primary compliance officer.
In any case, a compliance officer or department makes sure everyone does what they’re supposed to do. This may include educating employees about regulations and policies, monitoring behavior, and following through on any necessary corrective or disciplinary actions.
Compliance department members
Of course, the structure and makeup of a compliance department will look different for every organization.
Some companies may choose to create a compliance committee made up of supervisors from different areas of the organization. Others may hire a specific compliance officer who has training and experience in compliance enforcement.
The structure of the compliance department depends on the size and reach of the organization.
For example, companies that do business internationally may need several compliance officers or committee members in each region. Compliance officers will make sure that the organization complies with the local laws and standards in every area where they operate.
A compliance officer should hold him or herself to the highest degree of integrity and ethics. They should be vigilant, proactive, and thorough.
Depending on the industry, a supervisor or compliance officer may need to have certain licenses or qualifications.
For example, in the brokerage industry, compliance managers must have a general securities sales supervisory license to act as a supervisor.
What does a compliance officer do?
There are five main functions of a compliance officer:
1. Identify the risks an organization faces
Compliance officers will regularly run risk assessments and advise corporate leadership on which areas pose the biggest potential risks.
This may include looking over documentation that covers things such as: audit results, recent litigation, compliance complaints, employee claims, industry enforcement trends, and policies in each risk area.
2. Create and implement processes to protect against those risks
Once a compliance officer has identified a risk, he or she will work with organizational leaders to design controls to prevent that risk. The method of prevention will differ depending on the issue.
For some risks, it may be as simple as revising policies and procedures. Others may require an organization to conduct additional training on a topic or revamp safety and security measures.
Some measure of risk is unavoidable. But having compliance controls in place can help if your organization does end up facing a lawsuit.
As a report from Rutgers School of Law put it, “an organization that has made a robust effort to prevent and detect violations of the law by its employees and others acting for it will be treated less harshly than one that was indifferent to complying with the law.”
3. Monitor and assess the effectiveness of those risk-prevention processes
Effective compliance and risk prevention is ongoing. The compliance officer must make sure the internal controls are helping the organization comply with laws, regulations, and internal policies.
For example, perhaps a compliance officer identifies a safety risk in the company warehouse. After consulting with corporate leadership, the compliance officer decided to implement a new safety policy.
However, after a few months, the officer revisits the situation in the warehouse and realizes that the problem was not only with the policies but with an outdated piece of equipment.
The compliance officer can then take proactive steps to increase compliance before an incident occurs.
4. Resolve compliance issues
The compliance officer is the go-to person for all things compliance. They should know the organization’s policies and procedures backward and forward. They should be able to answer any questions about industry regulations and business laws.
The compliance officer should also know the company’s values, goals, and workplace culture.
All of this together will help them ensure that the organization’s operations are legal, ethical, and meeting the highest level of compliance.
5. Advise the organization on better ways to minimize risk and comply with laws and regulations
Laws, regulations, and industry standards are always changing. Compliance officers should seek to constantly improve compliance.
What Is Corporate Governance?
An organization cannot achieve compliance without strong leadership and corporate governance.
The concept of corporate governance describes the structures and relationships that determine an organization’s management, direction, and performance.
Corporate governance includes the relationship between all the company’s stakeholders, including the employees, management, board of directors, shareholders, and more.
Put more simply, corporate governance defines the guidelines for decisions and specifies who has the authority to make decisions and govern the organization. A healthy structure of corporate governance is essential for compliance.
The governing body should help create and enforce a compliance program. The compliance officer or department must have access to the organization’s governing body.
They must be able to enforce the rules and hold both employees and management accountable.
Common Areas of Compliance
There are many different areas to consider when defining the role of a compliance officer in your organization.
These will differ depending on the industry, area, and size of the company. But here are a few common areas of compliance:
The Occupational Safety and Health Administration (OSHA) creates and enforces standards for workplace safety. Your organization must comply with the Occupational Safety and Health Act of 1970 and all other relevant laws.
Under OSH, employers are required to “provide a workplace free from serious recognized hazards.” This includes:
- Performing regular safety checks and equipment maintenance.
- Providing training in a language employees will understand.
- Keeping records of work-related injuries.
- Informing employees of their rights and responsibilities.
You can find a full list of laws and standards on the OSHA website.
While there is no comprehensive federal law governing data security, there are many general communications laws that apply to data and personal information.
These include laws such as HIPAA, the Fair Credit Reporting Act, and the Federal Trade Commission Act.
Many states also have laws governing data disposal and security. Your security officer should make sure that your organization is in compliance with all data security regulations and standards.
Human resources covers some of the most important areas of compliance. It is essential to ensure that your organization is in compliance with laws covering areas such as discrimination, harassment, employee benefits, and overtime pay.
Noncompliance with laws and standards in these areas can result in serious legal ramifications.
IT compliance includes processes for complying with laws governing data security. But it also includes internal policies that cover technology and electronic communication.
IT policies should specify who has access to sensitive company data and information. They should include how the organization will monitor things such as technology use and email communication.
IT compliance can help prevent computer hacks and harmful viruses, protect information, and ensure that employees aren’t using company devices or servers to access or download illegal content.
Financial compliance covers everything from payroll to taxes to financial disclosures.
While noncompliance in other areas can lead to legal trouble, failure to pay your taxes can result in the government shutting down your organization. It’s important for your organization to be transparent with finances and ensure compliance with all federal and state laws in this area.
So, what does compliance mean for your organization?
It’s essential for your organization to make sure all your operations follow laws, regulations, and standards for your industry. A dedicated officer or department can help identify potential risks and create a plan for compliance.
Policies, procedures, and accurate records are an important part of ensuring and demonstrating compliance in key areas.