When you engage in business, there are many forms of compliance that your company and its employees must uphold. “Compliance” refers to sticking to the rules. Meaning, you need to comply with relevant legislation, as well as any internal or external standards.
Not sticking to compliance can lead to damage done towards both the company and it’s customers. You would certainly want your employees to work in a way that protects your clients’ data from being stolen by a hacker, for example.
What is Compliance Management?
With the consequences of failing to comply with laws, regulations, and standards having such a high potential cost, compliance is clearly a very big issue for businesses. Thus, a simple definition could be:
“Compliance management is the process by which managers, plan, organize, control, and lead activities that ensure compliance with laws and standards.”
These activities can include:
- Internal audits
- Third-party audits
- Security procedures and control
- Preparing reports and providing supporting documentation
- Developing and implementing policies and procedures to ensure compliance
Two Approaches to Compliance Management
In any context, compliance management begins with a compliance benchmark. Law determines this. There will also be industry norms and approaches to the rule or standard to which your company must adhere. Now, it’s up to companies to plan for, implement, and enforce compliance. There are two ways to do that, and the one you choose depends on the type of compliance issue.
- Lay Down the Law and be an Enforcer
Think Judge Dredd or Dirty Harry: you make sure everybody knows the law, and then you enforce it rigorously. Admittedly, you’re only going to go in with guns blazing in the metaphorical sense, but you’re going to take a tough and very inflexible stance.
There are times when this can be the right approach. For example, if an employee endangers workplace health and safety by doing something that is clearly dangerous, it’s not appropriate to compromise. Other employees who may be tempted to do the same thing need to see that you take legal compliance seriously.
However, if there is any room for interpretation in the compliance benchmark, things aren’t as clear-cut. When you’re looking at contractual compliance, compliance management using this approach might not be the way to go. Here are two examples. A legally binding contract stipulates:
- “The plank must be 1.5m long.”
- “The plank must be the correct length.”
One standard is clear. The other is highly ambiguous. What is the correct length? Here’s another example:
- “When performing routine maintenance tasks, power may only be shut off between 5 AM and 5 PM on Sundays.”
- “When performing routine maintenance tasks, power may only be shut off if doing so will not disrupt essential processes.”
In the first of this pair of examples, the maintenance provider knows exactly when he may shut off the power. In the second example, there’s no clarity at all. What constitutes an “essential process?” Can you blame the maintenance guy if he doesn’t recognize one? After all, he’s the maintenance contractor, not the general manager.
The moral of the story? Check contract terms very carefully indeed and make sure they provide absolute clarity.
- Leave Room for Judgement Calls and Some Flexibility
While laws are not negotiable, other standards may be relaxed at certain times. For example, it’s possible for multiple standards to contradict or conflict with one another. Unless everything is to grind to a halt until someone can make a decision, it may be necessary to allow certain staff members to relax a standard so that work can go ahead.
Here’s a simple example of a compliance management judgment call that would lead to relaxing a standard. Your company has a contract with XYZ Company. The following standard forms part of your legal agreement:
“All orders will be delivered to site within 24 hours.”
That’s very clear-cut. But let’s suppose that XYZ Company places an order. It must be delivered to a location 25 hours’ drive away. Should the sales consultant reject the order because he or she can’t deliver according to the standard? Obviously, that would be senseless.
Would you adopt the Judge Dredd approach with the sales consultant? He or she may have accepted the order after informing XYZ about the standards issue. The client may have told the salesperson to go ahead with the delivery anyway. Your employee was acting in your and your client’s best interests.
In this example, you may find that you must ask the representative to get written permission to deviate from the standard. Thus, when contractual standards come into play, it’s important to determine which judgment calls your employees can make. Determine who is authorized to do so, under what circumstances, and in what manner. Finally, try to make sure that the contract allows for necessary variations.
How to Get Started with Compliance Management
We’ve established that compliance management is important to any business. We’ve also seen that compliance can be non-negotiable (legal compliance) or negotiable (when the standard is not a law).
This article is meant to provide you with a “what” and a “why” but we’ll take a quick look at the “how” so that you can see how it all works.
- Get top-down commitment to full legal compliance.
- Initiate a compliance-based risk assessment. It will identify what should be on your compliance checklist.
- Find out how companies similar to yours handle the risks on your checklist.
- Deploy external parties to help you with specialized knowledge as needed.
- Provide compliance training for all relevant employees.
- Allocate responsibilities.
- Tackle non-compliance incidents without delay.
- Set up a system for compliance reporting and record keeping.
- Conduct periodic compliance audits.
Why is Compliance Management So Crucial to Your Business?
Legal compliance is a must. And if you have entered into formal contracts with customers, the clauses of those contracts also become legal requirements.
Without adherence to the letter of the law, you face costly litigation and the potential of untold damage to your business and its reputation. Somebody could even end up in jail. Effective compliance management protects you from these risks.
Compliance with other standards is also important. Rules and standards don’t just come from outside your company. They can also be internal. Your standard operating procedures would be a good example.
Some authors see managing compliance with your business’ rules as part of compliance management. Others don’t. However, if you are just getting started with compliance management, it might be best to avoid muddying the waters.
Case Study: The Risks of Failing To Prioritize Compliance Management
Failing to comply with rules, regulations, and specifications could have costly consequences. The infamous Walmart Photo Center Data breach in which hackers filched customers’ credit card details was settled this year. The company will pay $450 million in compensation to clients. It will hand over affected accounts for monitoring at the cost of $350 million. And it will pay $500 million in plaintiff’s legal fees.
How did Walmart Canada get into this pickle? The court found that the company was aware of compliance requirements, but failed to implement them or enforce them.
Is Compliance Management Going to Drive me Crazy?
Compliance Management might sound like a lot of extra work. But while it will certainly require commitment and some effort, there are tools you can use to make your job easier.
Compliance checklists are among these, and thanks to modern technology, you won’t necessarily end up with a mile-long paper-trail. Tallyfy is a workflow management software that can ensure your company meets all the right compliances, whatever they may be.
Whichever methods and tools you choose, keep these basics in mind.
- Allocate responsibility.
- Keep compliance benchmarks uppermost in employees’ minds. You can do this by using relevant ones as part of task specifications when allocating work.
- Check and follow up.
- Turn compliance management into an ongoing activity that contributes to your success by limiting risk.
At the end of the day, yes, compliance management can be pretty costly and hard to implement. Without it, however, your business might end up risking a lot more.