Time for Compliance Programmes to become standarised
One of the wonderful things about the World is that the way that most things are built, designed and managed can become standardised. At some stage in the development of a repeatable process, someone, somewhere, will build a common set of frameworks known as Standards. These Standards are designed to build a common set of guidelines, rules and frameworks so that everyone across companies, regions, countries or even business units can talk in the same language.
Compliance officers have been slow to adopt a recognised framework for the development of compliance programmes. They have tended to follow their gut and best practices as articulated by articles, whitepapers and speakers at conferences. They have also followed the guidance issued by regulators and also tracked common issues in enforcement proceedings and litigation.
Now is the time for compliance officers to retrofit their compliance programmes into a framework that is common worldwide. The best option for a global programme that is recognised across the world is the International Standards Organisation (ISO) and their Standards that relate to compliance programmes generally (ISO 19600) and for anti-bribery programmes (ISO 37001).
The following are some obvious benefits in applying one or both of the Standards to your compliance programme.
A Common Language. The Standards create a common language for you to speak across business units and risk areas that are the subject to the compliance programme. Whether it is a tax compliance programme, an anti-money laundering programme or a safety compliance programme, there is value in having a common framework.
Supports benchmarking. If everyone is using a different model, it is very hard to benchmark and compare programmes across companies. Imagine if everyone used the same framework, it would be easier to compare and judge compliance.
The ability to audit consistently. Audits are much easier when they are against a Standard and not against a vague 'best practices' which is open to significant interpretation. Imagine what the finance/accounting world would be like without GAAP and IFRS.
Consistent Reporting. It is very easy to report to a Board or Audit Committee on a common way if every group in the organisation has built their compliance programme according to the same Standard. The same terminology, same structure, same reporting can be used which is easier, clearer and more likely to be understood.
Certifications. There is some scope under the Standards to be independently certified under a Standard. This adds significant value to the compliance programme and proves compliance with and adoption of the Standard.