Adopting effective compliance programmes requires first-rate management because leaders need to take responsibility for engaging the whole organisation
Implementing effective compliance programmes in a climate of widespread regulatory reform is one of the biggest challenges currently facing Spanish companies, says Patricia Manca Diaz, partner at PwC Tax & Legal Services in Madrid.
“Since the latest reforms carried out in our country, such as those involving the criminal code and companies act, the corporate governance code and the new EU data protection regulation [where new obligations are being imposed on boards of directors, chief compliance officers and audit committees], companies are facing new challenges in terms of regulatory compliance and risk policy,” she says. “One of the biggest challenges is what models of organisation and control, technology and management data systems should be implemented following such regulatory reforms.”
Lack of understanding
The task of implementing compliance programmes is further complicated by the fact that there is a general lack of understanding that corporate compliance relates to governance and therefore it is vitally important that it is part of the DNA of company culture, argues Manca Diaz. “Trying to implement a corporate compliance management system when there is a lack of knowledge in the company about compliance as well as a lack of belief in compliance as a value driver is one of the most common mistakes that clients make in their approach to this issue,” she explains. Furthermore, Manca Diaz says that taking a standardised approach to the issue of compliance represents another risk due to the fact that every organisation is different. “It is important that companies identify and analyse the context of the market, the company’s stakeholders, the volume of business, the goals of the business and their local and/or international presence in order to implement a company compliance programme that is better aligned with their needs,” she adds.
In addition, implementing an effective compliance management system requires first-rate managerial leadership due to the fact that it is important that “senior leadership takes the lead on this issue in terms of engaging the whole of the organisation”, says Manca Diaz. It also requires an understanding of both the need for compliance as well as the importance of the role of individuals in ensuring compliance, she adds. Also crucial is transparency as well as consistency, with the latter achieved by “leading through example”, according to Manca Diaz. She continues: “There also needs to be a definition of achievable objectives and KPI [key performance indicator] metrics.”
It is also vital that companies understand that being non-compliant brings with it governance and sustainability-related risks, says Manca Diaz. “In other words, you cannot limit the corporate compliance programme to criminal liability scenarios – other non-compliant scenarios may not necessarily involve criminal liability but they can jeopardise a company’s reputation, inflicting serious damage on its core intangible asset,” she explains.
Clients should take practical steps to ensure they are implementing effective compliance programmes, says Manca Diaz. This includes carrying out compliance evaluation – in accordance with best practice – in order to identify the regulatory environment and understand the current risk management and assessment procedures. “Ensuring the alignment of compliance with business areas and company strategy, improving governance, ensuring its efficiency and reviewing it periodically sets the basics for compliance,” Manca Diaz explains. Also beneficial is using a law firm with a wide range of practice areas, international contacts and industry knowledge, as well as an understanding of GRC (governance, risks and compliance), she says. “These challenges are an opportunity for law firms to bring best practice to their clients.”
Moreover, recent regulatory reforms and the overall regulatory environment in Spain have served to promote compliance programmes as an essential, and efficient, tool for good governance. “Awareness of compliance is definitely growing,” says Manca Diaz. Not only does this bring more comfort to board directors and managers, but companies can also implement a global company vision and culture more easily, and improve the stakeholders’ perception of the company and its reputation.