Time for compliance programmes to become standarised

One of the wonderful things about the world is the way that most things are built, designed, and managed can become standardised. At some stage in the development of a repeatable process, someone, somewhere, will build a common set of frameworks known as standards. These standards are designed to build a common set of guidelines, rules, and frameworks so that everyone across companies, regions, countries, or even business units can talk in the same language.

Compliance officers have been slow to adopt a recognised framework for the development of compliance programmes. They have tended to follow their gut and best practices as articulated by articles, whitepapers, and speakers at conferences. They have also followed the guidance issued by regulators and tracked common issues in enforcement proceedings and litigation.

Now is the time for compliance officers to retrofit their compliance programmes into a framework that is common worldwide. The best option for a global programme that is recognised across the world is the International Standards Organisation (ISO), who have created standards that relate to general compliance programmes (ISO 19600) and anti-bribery programmes (ISO 37001).

The following are some obvious benefits in applying one or both of the standards to your compliance programme:

A common language

The standards create a common language for you to speak across business units and risk areas that are the subject to your compliance programme. Whether it is a tax compliance programme, an anti-money laundering programme, or a safety compliance programme, there is value in having a common framework.

Supports benchmarking

If everyone is using a different model, it is very hard to benchmark and compare programmes across companies. Imagine if everyone used the same framework, it would be easier to compare and judge compliance.

The ability to audit consistently

Audits are much easier when there is a standard to reference against, instead of a vague 'best practices' which are open to significant interpretation. Imagine what the finance/accounting world would be like without GAAP and IFRS.

Consistent Reporting

It is very easy to report to a board or audit committee if every group in the organisation has built their compliance programme according to the same standard. The same terminology, structure, and reporting can be used that makes it easier, clearer, and more understandable.


There is some scope under ISO to be independently certified for the appropriate standards. This adds significant value to your compliance programme, proving your compliance with and adoption of the standard.