The first time I heard the term “corporate compliance,” I must confess it didn’t sit well with me. The term seemed to transform social responsibility – or worse yet, ethics – into mere compliance with policy, norms and rules as dictated by law and regulation or corporate self-regulation. (An example of the latter would be best practices established by a company or trade association.) Of course my initial reaction was, “this can’t be it.”
This cannot be it because social responsibility or ethics cannot be reduced to a checklist. “But, hey, if we’ve checked all the boxes, we are responsible, right?” As the saying goes, every rule is made to be broken, or at least every law has its loophole. As occurs frequently, companies can go to great lengths to “comply” with the law on the surface, while slipping irregularities through loopholes. The worst part is that this type of “compliance” is all about appearance: As Marx said (not Karl, Groucho), “The secret of life is honesty and fair dealing. If you can fake that, you’ve got it made.”
And yet, I think I have come to terms with the concept of “compliance” as “regulatory compliance.” However I do still think there is the risk of misinterpretation, and this possibility is actually very appealing to many companies. Indeed, it is merely about an instrument and not about social responsibility’s essence. Here essence is key, for without it we can end up with the manipulation of compliance mentioned before. And of course, instruments are as necessary as the essence for without them, social responsibility would go no further than lip service and good, yet futile, intentions.
Why is Compliance Necessary?
Compliance is in fact necessary for one additional and very important reason. Many countries, including Spain, are introducing legislative changes that oblige companies to adapt their practices to certain standards. This precisely is the task of the regulatory compliance department. Those legal changes force companies to assume the responsibility for their management and employees’ actions unless they can demonstrate that they have done everything possible to curb or dissuade inappropriate conduct.
Some examples would be adhering to fiscal regulation and transparency in financial reporting, corporate activities that have an environmental impact, and HR hiring practices that could be discriminatory.
This means that companies have to be able to demonstrate, for example, that they offer employees training about how to avoid corrupt practices providing guidelines and insights about the resources available to confront such activity if they should come across it. It also means that a company carries out regular oversight to identify inappropriate activity, especially that which is not isolated but rather organized and coordinated across the organization. In other words, this goes well beyond actions by particular departments or divisions, whether the legal department, marketing, HR, finance, etc.; this is the duty assigned to the regulatory compliance department, whether under this name or another.
This means that a company should definitely be concerned about ethics and social responsibility and utilize the corresponding department to carry out part of the related task: to unify guidelines for actions, organize training, develop the necessary oversight systems (certainly not for everything, but rather for the areas most directly related to social responsibility and ethics) and coordinate this approach with all departments, mainly with legal.
Compliance is not the beginning and end of social responsibilityCompliance is not, the beginning and end of social responsibility , but it does have a very important role to play, as much in the legal realm (compliance with the law), as the regulatory realm (compliance with technical, environmental and product safety regulations, etc.) and within social responsibility (observing best practices, the development of authorization processes, supervision, execution, information and control, development of reports, etc.) And that is not everything, for social responsibility should have a place in everything – strategy, policy, the day-to-day – and not because the law says so or because a regulatory agency could otherwise impose sanctions; not even because the internal code of ethics says so. Instead, compliance is carried out because it is the right thing to do
The existence of a body whose purpose it is to ensure compliance would certainly be able to detect legal violations or behavior that goes against company policy; it would be able to promptly inform the corresponding parties that should be aware of and resolve these problems, and take the necessary measures so that the breach can be corrected and so that the correction be integrated, if appropriate, into future practices, procedures and routines within the organization. It is in the end, a highly effective policy to reduce risks.
To summarize, companies in developed countries have the legal obligation to comply with regulation. Yet doing so is also desirable in many cases for the smooth functioning of an organization. It would be wise, then, for companies to get a head start in implementing regulatory compliance since it will help them to avoid problems and unnecessary costs. Above all, compliance will yield better practices and a greater sensitivity about the topic, which at the same time is likely to be a competitive advantage with regard to other companies.
This is especially the case if you consider that compliance is not a passing fad, but rather, that it is on its way to becoming a regular practice – if it has not already done so. It affects the entire organization, starting at the top, where it really needs to be taken seriously. (The suspicion that the boss is only really worried about paying lip service to the law or implementing cursory compliance will kill any chance that it has in becoming something beneficial for the entire organization.) The key is not about following the law, but rather it lies in instilling within the company the conviction that doing so is not an option, the understanding of why it must be followed and why it is actually in the organization’s interest. This is not only a legal issue but also ethical. And it is also about good governance and social responsibility. Certainly, we either strive for excellence or compliance becomes a dead weight .