Compliance Management Reporting on legal and regulatory compliance 15 April 2015 Contact: ► ► Rahul Lovell; Partner; rahul.lovell@in.ey.com Jignesh Thakkar; Partner; jignesh.thakkar@in.ey.com Page 2 Business challenge Companies Act 2013 Multiple laws to comply with: Section 134 (5d) = Directors’ responsibility statement ► Directors are to devise proper systems to ensure compliance with the provisions of all applicable laws and ensure that these systems are adequate and operate effectively ► Multiple lines of business: ► ► Clause 49 (II/D/3) A Board is to periodically review the compliance reports of all laws applicable to a company, and prepared by it as well as the steps taken by it to rectify instances of noncompliance.. Multiple regulators and industry guidelines Constant alignment with changing regulatory policies in specific sectors Geographically spread operations: ► ► ► Page 3 Several changing from state to state Frequent changes in law Operations across multiple locations Attrition and growth Supporting documentation Addressing the challenge What are leading companies expecting? ► People must “know what they need to comply with.” ► ► ► “Compliance owners” must be proactively informed before compliances fall due They must be able to see health of compliance at any given point in time across entities and locations. Ability to hold people accountable for: ► ► ► ► Non-compliance Timely response to show-cause notices and litigation Timely closure of tax assessments Document & publish our positions under different laws Key query: simple framework that keeps us out of trouble Page 4 Meeting expectations How does EY support companies on compliance management? 1 Delineation of compliance policy and framework Provision of legal updates and quarterly reviews on compliance status 5 2 Compliance health check / basline EY 4 Automation of reporting and monitoring through EY’s Compliance Manager tool Page 5 3 Preparation of detailed checklist including compliance ownership ► Positions /Stand on law ► Alignment with process and policy Implementing a compliance management program (What does it take?) 1 Inventorying your legal obligations 2 Segregating these into two categories Category A Category B Conditions of work, infrastructure, procedures and statutory records 3 Build these into your policies and processes. Policy Process There are some procedures I want to certify? Page 6 Licenses, registration, statutory records, displays, Returns and payments Implementing a compliance management program (What does it take) 4 5 6 Compiled checklists uploaded on EY’s compliance tool. Allocate tasks, send reminders, and customize escalation. Page 7 Review of results of selfassessment and updates by users. 8 Monitoring of compliance status and publication of results for the CFO’s office. 7 Ascertain users update status and upload proof of compliance. Review Compliance Manager Scheduling of compliance on due date using EY’s Compliance Manager. 9 Dashboard EY’s USP – our Compliance Manager tool Key features Technology – MS sharepoint What this means for you 1. The tool can be easily integrated into your workflow engine. Separate modules: 1. Licenses and environment compliance 2. Follow up 3. Compliance reviews 2. Benefits for users: Mobility-APP 1. Use of APP to update, monitor and follow up 2. Supports IOS and Android 3. As a function head, you can take action on the go–you do not need your laptop to check the status and follow up Integrated with EY’s GRC suite Additional modules available on litigation,contract and controls Ownership and maintenance 1. Owned by EY 2. In-house development and maintenance team Page 8 ► Tasks are pushed automatically into their outlook calendars. ► Rather than a simple yes/no response, separate workflows are designed for events, licenses, reporting of the environment, etc. 4. As an administrator ► Special features take care of typical pain points-following up on defaulters, changing ownership of compliance at the click of a button, delegation etc. ► Changes in legislation are updated as a patch file . 5. Ongoing support and development of products 6. Seamless interplay across other GRC elements (such as controls and IA) for end-users and function heads Case study 1–a global IT company Countries covered: ► Total of 23 countries covered ► All countries completed in three quarters EY’s role ► ► ► ► Identification of applicable requirement for compliance across all markets specific to immigration, employment and payroll-related laws In-depth analysis of current business and compliance processes to identify gaps, based on review of data, evidence and discussions. Building a mapping structure that is customized to every market to suit its local needs Setting up of the PMO for centralized coordination Page 9 Canada, Brazil, Mexico, Australia, Singapore, China, Japan, Hong Kong, Malaysia, New Zealand, the Philippines, the UAE, Russia, the Czech Republic, Mauritius, Spain, Poland , the United Kingdom, Switzerland, Germany, Belgium, France and the Netherlands EY’s advantage ► ► ► ► ► Focused on business performance by aligning business processes to critical compliance requirements Integrated global approach End-to-end solution from diagnosis to execution Customization of services based on local relevance Access to leading subject matter experts on Employment Law, Immigration and Payroll Tax Case study 2–A chemicals company Key accomplishments 98% of compliance assessed by the second month of implementation ► Compliance reports presented to Board of Directors by the Compliance Manager ► About the company Our role No. of plants: 3 ► Content prepared and reviewed by legal experts every two months No. of branches: 4 ► Creation of policy and framework–1 month No. of CFAs: 63 ► Deployment and training –1 month ► Hand holding support –3 months EY’s advantage Compliance stats No. of Acts/Provisions 191 No. of users/approvers: 30 No. of compliances 2,100 No. of compliances mapped per user 40-50 Page 10 ► No extra FTE required by organization to sustain its compliance program ► Client able to extend the framework across three locations after the initial launch of the product ► Covered an extra 1,600 compliances which were not covered in organization's prior checklists Case study 3–a large consumer durables company Engagement description: assessing readiness of compliance Review of compliance Team size: >35 Duration–6 weeks ► Multi-disciplinary team across SLs–specialists from Tax , CcaSS, risk and our legal team ► India selected as pilot for global roll out ► Locations: corporate offices, two plants, regional offices, warehouses and service centers Issues addressed: Impact: 1. What are the key regulatory requirements of your company? 1. Creation of comprehensive library of regulation and controls 2. How do its processes and policies address these requirements? 2. Examination of positions taken by company 3. How should the company address requirements as part of its business? Page 11 3. Identification of gaps and benchmarking these with the practices of leading companies 4. Creation of a road-map to embed compliance in business as including expansion and new product launches Ernst & Young LLP EY | Assurance | Tax | Transactions | Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. Ernst & Young LLP is one of the Indian client serving member firms of EYGM Limited. For more information about our organization, please visit www.ey.com/in. Ernst & Young LLP is a Limited Liability Partnership, registered under the Limited Liability Partnership Act, 2008 in India, having its registered office at 22 Camac Street, 3rd Floor, Block C, Kolkata - 700016 Thanks © 2015 Ernst & Young LLP. Published in India. All Rights Reserved. EYIN1505-050 This publication contains information in summary form and is therefore intended for general guidance only. It is not intended to be a substitute for detailed research or the exercise of professional judgment. Neither Ernst & Young LLP nor any other member of the global Ernst & Young organization can accept any responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication. On any specific matter, reference should be made to the appropriate advisor.