Chapter 11 Flashcards
11.1: What is compliance risk and what are the consequences of compliance risk events for organisations?
Compliance risk refers to the risk of legal or criminal penalties as a result of an organisation’s failure to comply with
applicable laws and regulations.
Compliance risk events can have serious consequences for organisations, including:
* fines that can run into thousands, millions or even hundreds of millions;
* the imprisonment of key staff in relation to corporate manslaughter convictions or fraud and financial crime
convictions;
* the forced closure of the organisation: for example, financial organisations that fail to meet minimum financial
solvency standards may have their licence to operate withdrawn;
* lengthy and costly legal disputes,
* liability claims and other compensation costs for third parties that have suffered from non-compliance (such as from
pollution);
* negative media coverage contributing to a loss of reputation; and
* a reduction in the share price of quoted companies, where investors will factor in the other costs above when
determining the value of the organisation and its investment potential.
11.2: Are all staff members within an organisation equally responsible for compliance management, irrespective of their
role and responsibilities?
ll employees within an organisation are responsible for conducting their duties in a way that is not knowingly non-compliant with applicable laws and regulations, but that does not mean that they are equally responsible. Responsibilities
vary according to the function they work within and their job role.
Broadly speaking, there are four levels of responsibility:
- Board members, who must assure themselves that all necessary compliance management arrangements are in place to maintain an appropriate level of compliance with applicable laws and regulations.
- Compliance, risk and governance specialists, who must ensure that the design and implementation of an
organisation’s compliance management arrangements are appropriate. - Line managers, who must follow the instructions of the compliance, risk and governance specialists, and ensure that their direct reports support the effective operation of the organisation’s compliance management arrangements.
- All other staff members, who must follow the instructions of their line manager to support the effective operation of
the organisation’s compliance management arrangements.
11.3: Does the concept of risk-based compliance monitoring mean that organisations do not need to comply in full with
laws and regulations where the level of compliance risk is low?
No. Risk-based compliance monitoring definitely does not mean that an organisation may choose to not comply in full
where the level of compliance risk is low.
Risk-based compliance monitoring only relates to the level of time and resources that are devoted to monitoring
compliance. Organisations should ensure that policies, procedures and controls are in place to maintain full compliance with all applicable laws and regulations.
That said, where the level of compliance risk is low, an organisation may decide not to devote scarce time and resources to monitoring the implementation and operation of these policies, procedures and controls. This will free up additional time and resources for monitoring more significant compliance risks, where the probability or impact of non-compliance is high.
11.4: Why does an organisation need compliance policies, procedures and codes of conduct?
Organisations need compliance policies, procedures and codes of conduct to emphasise the importance of complying
with applicable laws and regulations, and to explain what staff members must do to ensure compliance.
Compliance policies explain roles and responsibilities, as well as the basic principles and values that underpin an
organisation’s compliance-management activities. Procedures outline the actions that must be taken and how decisions should be made to ensure compliance. Codes of conduct outline how staff should behave to ensure compliance.
11.5: What role do HR controls, and whistleblowing policies and procedures, play in controlling compliance?
Human resources controls, and whistleblowing policies and procedures, have a very similar role – they exist to prevent
and mitigate compliance breaches.
The presence of HR controls and whistleblowing policies and procedures may deter staff members from deliberate acts
of non-compliance, because of a higher likelihood of detection and also because of the consequences of detection.
Where a staff member still chooses to act in a non-compliant manner, these controls should increase the chance that they are detected and disciplined as quickly as possible