What Are The Fundamentals of Compliance

GRC

Fundamentals of Compliance

01 What Is Compliance?

Compliance means efforts put in by the management and employees of an organization or institution, to ensure that applicable Laws, Regulations, Standards, Rules, etc are complied with.

02 Is Compliance a One-Time Process?

Compliance is not a one-time process or activity.

Compliance is a continuous process, because Regulators all around the world, continuously work on improving the regulatory framework in different domains. 

Regulatory authorities and bodies, revise the existing Regulations, Rules, etc. and they also issue new Laws, Regulations, Standards, Directives, etc. due to various reasons including changes in the market dynamics, business practices, emerging risks, use of technology, the introduction of digital payment mechanisms, etc. 

Applicable requirements issued by the relevant Regulators are required to be complied with by the relevant organizations, institutions, companies, etc. for which those are issued by regulatory authorities.   

Examples of some of the Laws, Regulations, and Standards include:

  • Anti-Money Laundering Act AML/CFT
  • General Data Protection Regulations GDPR
  • Sarbanes Oxley Act
  • International Financial Reporting Standards
  • Auditing Standards
  • Health Insurance Portability and Accountability Act
  • PCI DSS
  • Tax laws, 
  • Dodd-Frank Act etc.

03  Who Is Responsible For Compliance Culture?

All companies, institutions, organizations, and businesses are required to be operated according to the ethical standards, which require operating with transparency and doing business activities as per applicable laws and regulations.

The Board of Directors is primarily responsible to set the proper tone at the top and should set a strong Compliance Culture.

The Compliance Culture should be cascaded down the line through the Senior Management of the organization or institution. 

Senior Management must translate the Compliance Culture in the form of appropriate policies, procedures, systems, directives, notices, etc., and also implement the appropriate monitoring and review mechanism, where the health of the Compliance CUlture is checked periodically.  

04    What is Compliance Culture

Compliance Culture means the adoption and practice of the following:
  • Professional Behavior
  • Compliance Mindset
  • Ethical Conduct
  • Transparency 
  • Coordination
  • Accountability
All Compliance Culture components must be adopted and implemented in the organization and these are required to be adopted, and complied with by all the employees, including the Board of Directors, Chief Executive Officer, Management Team, Departmental Heads, Middle Managers, Line Managers, Supervisors, and all other employees working in the organization or institution.
  





05 Who Is Responsible For Compliance?

Every employee or staff working in the organization is obligated to honor the Regulatory Framework and comply with it. 

Senior Management of the organization has the responsibility to ensure that Compliance Culture is developed and implemented at all levels, and all employees must abide by internal policies, procedures, and practices that are developed considering the provisions of applicable Laws, Regulations, Standards, etc.



🔔Detailed Course on Fundamental of Compliance and Compliance Governance Model is available on Udemy   



06 What Are Key Sources of Compliance?

There are different Compliance Sources, which include the applicable:

  • Laws, 
  • Regulations, 
  • Standard, 
  • Rules, 
  • Directives, 
  • Circulars, 
  • Notices, 
  • Letters, 
  • Company's own internal Policies, Procedures, SOPs, etc.

Key Sources of Compliance are explained in this Video.
 

Disclaimer

The information shared on the Blog is for general information purposes only. The articles and information on this Blog are not opinions of any specific company, organization, or institution. You should perform your own research for GRC-related topics. The author is not responsible for any outcome that you may get, after reading the articles on the blog. The purpose of this blog is just to share broader knowledge on GRC topics.   




Usman is an experienced GRC Trainer, and Consultant. He can be reached at: liboctober@gmail.com

Newsletters and eBook

Name

Email *

Message *

Popular GRC Posts

Introduction to Compliance Risk Assessment

GRC
Image
Introduction to Compliance Risk Assessment Before starting the Compliance Risk Assessment (CRA), it is important to know about some important factors that increase the importance of performing CRA. High competition, changes in business practices, complex products and operations, adoption of technology and digital payment mechanisms, increase in expectations of customers, and increase in numbers of financial crimes, including but not limited to money laundering, frauds, insider trading, human trafficking, market abuse, etc. have led to the emergence of new risks, including compliance risks. This is because, in order to control the above-mentioned broader risk factors, the organizations or institutions are required to take appropriate and robust measures, to ensure that these risks are managed to avoid losses, including financial and reputational losses. Regulators are also working to further, strengthen the regulatory frameworks, which are required to be complied with by the organizatio
Read Article

What Is Regulatory Compliance

GRC
Image
What Is Regulatory Compliance To understand Regulatory Compliance, we need to know about Compliance first.  What is Compliance? In general terms, Compliance means the act of identifying and practicing the particular information, received from some reliable source. Now, if we think about Compliance by a business, entity, or organization, then Compliance will be defined as follows: Compliance means the identification, understanding, and practicing of the provisions of applicable laws, regulations, standards, policies, circulars, etc. that are issued by the State or the Regulatory authorities. Now, Regulatory Compliance means, compliance with the provisions of applicable regulations issued by the regulator. Who is a Regulator?  Regulator The Regulator is the supervising body or institution, which issues a license, provides directions, issues frameworks and regulations, and provides oversight to the entities or organizations, which are registered with it.  For example, The Securities and E
Read Article

Performing KYC/CDD at Different Stages of Customer Lifecycle

GRC
Image
KYC/CDD at Different Stages of Customer Lifecycle   Customers need solutions to their needs and wants and explore different financial options, to choose suitable institutions for collaboration and services. They need quick responses and easy solutions to their account opening and financing needs.  The financial objectives of the customers might include obtaining finance or funds, to utilize or invest in some profitable business or company or they may require other services that these financial institutions provide, such as credit card, payment gateway, digital payment solution, etc. When we talk about the financial service industry, such as banks, money exchange businesses, money service businesses (MSBs), remittance companies, insurance houses, payment gateways, etc. the needs of most of the consumers are linked with their financial objectives. 
Read Article

Who Is Your Customer? Know Your Customer (KYC)

GRC
Image
Who Is Your Customer?  A customer is a person, including the individual, business, corporate, organization, etc. to whom the products and services are provided, as part of the business relationship. Customers are the source of business and profits for the organizations.  Customers are required to be treated with care and in an ethical manner, and regulatory authorities require companies and organizations to ensure that fair dealing policies and practices are adopted and implemented. Types of Customers? Customers may be real person or individuals or legal businesses or entities. Customers usually include  salaried individuals,  business start-ups, sole proprietors, traders, housewives, small and medium enterprises, corporate entities, not-for-profit organizations, charitable organizations, welfare trusts, governmental organizations, etc. Nature and types of customers vary from organization to organization.  Customers may belong to different jurisdictions or countries therefore; they pos
Read Article