Regulatory compliance: Difference between revisions

Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and regulations.

Business process compliance management is a field of study involving the co-ordination of business process management and compliance systems. A compliance system is an organization wide tool that links legislative and business rules to organization policies and processes. The objective of such a system is to promote a self sustaining level of operations that minimizes the losses caused to the business through breaches of laws or internal misappropriations. We view a compliance system in a similar fashion to that of an accounting system where each process is treated as a transaction. Each process may be monitored and valuations of costing and benefits associated to each task. Both high order policy creation as well as low order transactional histories of single processes must be considered to obtain a complete picture of current operations. In this paper we discuss benefits and shortcomings in some of the currently implemented compliance schemes and present a method for measuring the degree of compliance that each business process may achieve.

The International Organisation for Standardisation (ISO) produces international standards such as ISO17799. The International Electrotechnical Commission (IEC) produces international standards in the electrotechnology area.

In general, compliance means conforming to a specification or policy, standard or law that has been clearly defined.

Corporate scandals and breakdowns such as the Enron case in 2001 have highlighted the need for stronger compliance regulations for publicly listed companies. The most significant regulation in this context is the Sarbanes-Oxley Act developed by two U.S. congressmen, Senator Paul Sarbanes and Representative Michael Oxley in 2002 which defined significant tighter personal responsibility of corporate top management for the accuracy of reported financial statements.

Compliance in the USA generally means compliance with laws and regulations. These laws can have criminal or civil penalties or can be regulations. The definition of what constitutes an effective compliance plan has been elusive. Most authors, however, continue to cite the guidance provided by the United States Sentencing Commission in Chapter 8 of the Federal Sentencing Guidelines.

On October 12, 2006, the U.S. Small Business Administration re-launched Business.gov which provides a single point of access to government services and information that help businesses comply with government regulations.

There are a number of other regulations such as GLBA, FISMA, and HIPAA. In some cases other compliance frameworks (such as COBIT) or standards (NIST) inform on how to comply with the regulations.

Standards Australia revised the standard titled "AS 3806 - Compliance Programs". While many aspects of the original standard produced in 1998 standard appear in the 2006 version there are additional principles covered. The regulators in Australia continue to endorse and encourage (by regulation) the use of the standard when establishing a compliance framework.

The regulators are the Australian Securities and Investment Commission and the Australian Prudential Regulation Authority (APRA).

Compliance demands in the superannuation industry continue to increase due to the new licensing regime implemented by APRA. The new licensing regime requires trustees of superannuation funds to demonstrate to APRA that they have adequate resources (human, technology and financial), risk management systems and appropriate skills and expertise to manage the superannuation fund. The licensing regime has lifted the bar for superannuation trustees with a significant number of small to medium size superannuation funds exiting the Industry due to the increasing risk and compliance demands.

There is considerable regulation in the UK, some of which is from EU legislation. Various areas are policed by different bodies, such as the FSA (Financial Services Authority), Environment Agency and Scottish Environment Protection Agency, Information Commissioner's Office and others.

Important compliance issues for all organisations large and small include the Data Protection Act 1998 and, for the public sector, Freedom of Information Act 2000.

Combined Code issued by the London Stock Exchange (LSE) is the Sarbanes-Oxley equivalent in the UK.

Compliance data is defined as all data belonging or pertaining to enterprise or included in the law, which can be used for the purpose of implementing or validating compliance. It is the set of all data that is relevant to a governance officer or to a court of law for the purposes of validating consistency, completeness, or compliance

• Chief Compliance Officer
• Compliance and ethics program
• Business Motivation Model. A standard for recording governance and compliance activities
• Enforcement
• Law enforcement agency
• Call Report
• Category:Law enforcement templates by country or region
• Society of Corporate Compliance and Ethics
• Health Care Compliance Association

• Business.gov, Official U.S. Government Portal for Complying with Regulations.
• RCA, RCA is a nonprofit-organization that provides firms with an all inclusive resource to effectively manage the escalating Operational Risk Management and Compliance environment.
• Society of Corporate Compliance and Ethics (SCCE)
• Health Care Compliance Association (HCCA)
• Open Compliance & Ethics Group (OCEG), OCEG is a nonprofit organization that provides numerous resources for corporate governance, risk management, compliance and business ethics.
• European Project COMPAS, European Project COMPAS - Compliance-driven Models, Languages, and Architectures for Services; funded by the EU 7th Framework Programme Information and Communication Technologies Objective.
• Microsoft Resources, Microsoft resources for corporate governance, risk management, compliance.
• International Association of Risk and Compliance Professionals (IARCP), The International Association of Risk and Compliance Professionals (IARCP).
• Regulatory Compliance Best Practice from QFINANCE.com