Imagine a situation where tens of thousands of companies build their own compliance programs. They build and implement them based on ‘best practices’ of what they under- stand other companies are doing, what they hear at conferences and what they think is best based on their experience. These programs are hardly ever disclosed and are rarely independently audited or verified. There are literally hundreds of laws, regulations, rules, policies and guidelines applying to the company, multiplied by the 100 countries in which the company operates and again by the 10 to 15 key risk areas that the company faces. That is a complex web of obligations that can immediately derail a compliance team if there isn’t a clear set of verifiable steps to follow.
Also imagine a situation where compliance officers come to compliance from other disciplines, such as law, accounting, finance or human relations. This mix of backgrounds brings fantastic strength, but it also brings diverse approaches, and this diversity can be a huge asset or a huge distraction. These compliance officers start their roles with little, if any, processes or procedures on which to build or improve their programs. There is no university course to study compliance – no bachelor’s degree, no masters, no detailed syllabus of any kind beyond a five-day course offered by an association. There is no real way for a common approach to be taught to new compliance teams.
You don’t need to imagine those things; this is compliance as we know it today. We are a new industry, but we need a common set of standards and a framework and we need it now.
so what is the impact of all of this on the industry and those that practice in the world of compliance? What solutions are there to this impact on the profession?
CREATE CONSISTENT PROGRAMS
It’s hard to build programs that are similar or consistent across companies without a common standard. It’s even harder to compare, measure and assess programs and know that they are working. The solution is a compliance standard. The ISO 19600 (General Compliance) and ISO 37001 (Anti-Bribery) standards are a great place to start and should be regularly referred to by every single compliance person globally. Compliance officers can use the standards to refine their programs until they meet the outlined requirements. These ISO standards will only get more known, utilised and established, so now is the time to be a leader and adopt them under your terms instead of someone else’s.
GET CERTIFIED
Building a compliance program under a common global standard makes perfect sense. It also makes sense to have an independent auditor validate that program against the standard.
This adds a significant validation step and also provides a benchmark to add value back to the business.
BE TRANSPARENT
Companies that use the ISO standards and get certified should be transparent about their approach, results and compliance with the standards without fear of retribution from regulators. This will enable compliance officers to level the playing field by under- standing their programs and how they compare to others and adding a layer of comfort that their programs are fit for purpose.
LEARN AND TEACH
Compliance officers should be doing everything they can to build the knowledge of the ISO standards across the world so they can be part of the solution to the compliance industry and make things simpler for their peers and the compliance officers of the future.