Don’t be complacent with your corporate compliance.
As a normal citizen, you deal with compliance every day whether or not you’re aware of it. Every time you obey traffic lights and stop your car when the light turns red, you’re being compliant with local traffic laws. When you stand clear of the train doors after a subway announcement, you’re compliant with safety regulations.
Compliance is everywhere around us and the workplace is no different. Sometimes, even in the negative form of malicious compliance. But how does this everyday action translate to the business world? What does compliance mean for a company and how can businesses ensure they’re maintaining their compliance? We’ve put together a high-level guide to answer all your questions about corporate compliance and how it works into a larger GRC program.
Looking for information about a specific topic dealing with corporate compliance? Use the links below to jump ahead:
As we alluded to earlier, there is a special kind of compliance that applies to businesses and corporations separate from the ones civilians are subject to.
What is compliance?
Compliance refers to the ways in which a company ensures they are following both their own internal compliance structure and all the laws and regulations that apply to their business or industry.
Every company deals with a mix of both internal and external compliance. Compliance is about more than just following the law – businesses can have their own internal compliance structure as well. Understanding the difference between the two and how they apply to your business is key to your success.
What’s the difference between external and internal compliance?
A good corporate compliance program will include a healthy mix of both external and internal compliance. Understanding the difference between these two is key.
External compliance, also known as regulatory compliance, refers to the measures a company takes to remain compliant with state and federal laws. They are the response to the rules and regulations set for an industry outside of your company.
|Example: Hiring a third-party business to conduct an audit on your business would be considered an example of practicing external compliance.|
Internal compliance refers to the measures a company takes within its own business to set a standard and maintain a certain level of quality. This can include a code of conduct or specific business ethics a company adheres to.
|Example: Implementing a code of ethics for your employees to follow would be an example of internal compliance.|
What are the functions of corporate compliance?
Now that you understand what corporate compliance is and why it's important, it’s time to break things down further. Compliance functions are the ways in which a company can protect itself from compliance risks. A compliance risk is anything that can put the company at risk.
The functions of corporate compliance are the ways in which a compliance department maintains their compliance against these common risks. There are five main functions of compliance:
1. Risk identification
The primary focus of corporate compliance is to identify potential compliance risks before they happen. A successful compliance program will be able to zero in on a compliance issue and stop it before anything bad happens. Enterprise risk management is a key part of this step.
2. Risk prevention
Risk prevention is different from identification in one key way. The focus of prevention is to design and implement controls to protect an organization from those identifiable risks. These measures are put in place to act as a fail-safe for something a compliance officer might miss at first.
|Related: Learn more about the five types of compliance audits and why you might need them!|
3. Risk monitoring
Risk monitoring is exactly what it sounds like. A corporate compliance team will track, analyze, and monitor potential risks to the company and report of the effectiveness of the controls set in place to manage them. This step in the process is to ensure that the risk prevention and risk identification steps are working as they should.
4. Risk resolution
Even the best compliance team will deal with unforeseen compliance risks every now and again. The purpose of risk resolution is to focus on dealing with and resolving compliance difficulties when they occur.
|TIP: Don't get your terms mixed up. Corporate compliance is different from regulatory compliance, which is enforced by the government. To see an example, read up on FISMA compliance.|
5. Risk advising
Risk advisory is focused on training and advising businesses on the rules, controls, and regulations set in place to keep them compliant. This can mean training a company’s employees on proper data security best practices, to ensuring a legal team is up to date on the latest federal laws.
A well-run compliance department will utilize all five of the functions mentioned above. No compliance function is more important than the other. They all work seamlessly as a single unit to protect a business from compliance risks.
What is the purpose of compliance?
The purpose of compliance goes beyond following the letter of the law. A study from Navex Global cited that almost two-thirds of organizations (63%) believe that their compliance efforts help reduce the legal cost and resolution time of regulatory issues and fines.
Compliance is about prevention as much as it is about obeying the law. Whether you're dealing with corporate or regulatory, the right compliance strategy can keep your company out of hot water, protect your employees, and keep your company out of hot water.
Example #1: You work for a Silicon Valley tech company that manages millions of data points collected from your users. One day, a hacker targets your servers and manages to gain access to thousands of user profiles, including their names, addresses, and social security numbers.
If you follow the news, this type of story is becoming more and more common. LabCorp is the latest company to report massive mishandling of user-data, though they probably won’t be the newest culprit by the time of the publishing of this article.
This is an example of a data compliance failure. If the company in this example had created more robust fail-safes to guard their user-data, they wouldn’t be dealing with the fallout of a data breach.
Example #2: You work for a Fortune 500 financial institution. One day, two coworkers of yours are arrested at the office and accused of funneling customer funds into a personal off-shore bank account. Nobody in your company was aware of this illegal activity or your coworkers shady business dealings.
Does that sound like something straight out of a Mission Impossible movie? It’s not. It’s actually happening to Goldman Sachs right now. The company is accused of promoting a company culture that enabled two of their bankers to steal billions from the Malaysian government. The Goldman Sachs x 1MDB scandal is just the latest example of a financial compliance failure.
As you can see from the two examples above, compliance risks and failures are very common and have massive repercussions. That’s why having a compliance program designed to prevent problems before they occur is more important than ever.
Corporate compliance is about control and consideration
Is corporate compliance the most interesting part of your business model? Of course not. But it is a vital component to the health of your business. Before you decide to innovate to try and get ahead, make sure you’re staying compliant in the process.
Looking for an easy way to stay compliant? Identify your company's compliance and security risks using G2 Track.