Compliance Management of Company Law Compliances – Approach and Technology Perspective Shujath Bin Ali*, Manager (Corporate Affairs, Legal & Tax), Deloitte Consulting India Private Limited, Hyderabad. Compliance management is the management of all compliances required of the Company in order to reduce the risk of non-compliance and consequent penalties, fines or other form of punishment. The main objective of compliance management is to make sure that all compliances are made in time, reported to the management, non-compliances escalated and ultimately to prevent unnecessary regulatory and government attention. INTRODUCTION Compliance is either a state of being in accordance with established guidelines, specifications, or legislation or the process of becoming so. Compliance is usually referred to a behavior which is in accordance with legislations applicable to the company. The emphasis of the compliance management is on enabling companies acquire the skill-sets and systems to ensure continued adherence of law. Therefore there has emerged a clear need for the compliance framework to build an efficient, consistent and auditable environment; which may lead an organization to gain competitive advantage, meet customer and regulatory demand. An effective corporate compliance mechanism requires proper systems, processes, tools and dynamic systems approach that takes in its stride compliance, change in leadership as well as behavioral dimensions. With such an approach corporate compliance management becomes an integral part of risk management and value adding exercise. Compliance management for the specific company law provisions is the direct responsibility of Company secretary and ensuring proper process , systems and methods is of paramount importance. Companies will benefit if compliance management is supported by structured approach and systems proper processes, systems and methods identifying compliance levels and monitoring compliance with legislation that raises employee awareness of legal obligations and aims to embed a compliance culture in the organization. COMPLIANCE MANAGEMENT The scope of Compliance Management encompasses (1) Compliance Identification (2) Compliance Ownership (3) Compliance Awareness (4) Compliance Reporting and (5) Periodical Compliance MIS. Each of these are explained in detail as below Compliance Identification This process involves the identification of compliances under various legislations applicable to the company. The legal team has to identify the legislations applicable to the company and identify the compliances that are required under each legislation or rules and regulations made there under. Even compliances under some statutory guidelines (Like SEBI Guidelines) or some agreements could be very important and hence be considered. The list the compliances and later confirm the list with each function in the Company to ensure that any major compliance is not missed out. Compliance Ownership The next important aspect of compliance management is ownership. The ownership of the various compliances has to be described function wise and individual wise. Clear description of primary and secondary ownership is also very important. While the primary owner is mainly responsible for the compliance the secondary owner (usually the supervisor of the primary owner) has to supervise the compliance. Ex: Secretarial Officer /Asst Company Secretary may be primarily responsible and Group Company Secretary’s responsibility is secondary. Compliance Awareness The next important step in establishing a legal compliance Management is creation of awareness of the various Legal Compliances amongst those responsible. Generally compliances are handled by persons who are not fully aware of the requirements of the legislations and hence creating appropriate awareness amongst the owners is very important. This could be done in the form of meetings/trainings explaining the various compliances or some manual containing the details in a simple language. Ex. Automatic email reminders of various compliances to the responsible person. Compliance Reporting Compliances or non-compliances should be communicated to the Concerned. Reporting of non-compliances ensures that appropriate corrective action is taken by the responsible person, Ex. Automated escalation emails in case of non compliance Periodical Compliance MIS Along with the MIS on sales, production, Expenses and other MIS the management should also review periodically an MIS on Compliances. This will help the management in understanding the status of various compliances in the Company. This has to be form part of Agenda of Board meeting and presented to the Board. Role of Information Technology in Compliance Management IT helps collaborate in a controlled environment : IT provides a role-based control environment that encourages collaboration while maintaining discipline and structure. Users can effectively publish, store, share and find all information relating to corporate governance in this environment, including minutes of the Board meeting, corporate policies, risk data, corporate control, filings and other managed documents. IT promotes standard operating procedures : This provides a robust content repository for storing and controlling the documents that describe organisational charts, policies and standard operating procedures. IT facilitates effective risk management : Risk management provides knowledge gathering and notification capabilities that would ensure that internal and external risks to achievement of corporate objectives, such as changing economic, regulatory and operating conditions, are quickly discovered and assessed, and well- informed decisions are made to mitigate risk. IT gathers and disseminates relevant information : This activity provides numerous ways to identify, capture and communicate relevant information in a form and timeframe that enables people to work within their responsibilities. IT effectively monitors performance : IT enables one to effectively monitor the quality and performance of its control systems through ongoing monitoring or single evaluations. INFORMATION TECHNOLOGY TOOLS AIDING COMPLIANCE Document Management Softwares like Documentum’s eRoom Consolidation: NAS, SAN and storage management software Risk management: Business Intelligence, Business Analytics, and Risk Management applications Business Continuity: Software and hardware for backup, archival, and retrieval. The use of storage practices such as Information Lifecycle Management (ILM), Hierarchical Storage Management (HSM) Information security: Firewalls, anti-viruses, Intrusion Prevention Systems (IPSs), Digital Signatures, and encryption. Search facilities: Databases, reporting tools, and analytics Workflow management: Workflow management tools Compliance Management – Company Law Compliances Compliances under various applicable laws will be definitely more, Nonetheless compliances under company law are significant as well For example : Mr CS is Group Company secretary for a large conglomerate having diversified business across various locations and having 50 subsidiaries in India and 20 across the world and 15 Joint ventures in India and investments in 20 other companies and most of companies in the group are listed. Corporate compliances in the areas of Board Meetings, Shareholder Meetings, Statutory Records & Registers, Directors Remuneration, Office of place of Profit by Directors, Annual Filings, Director Identification Nos, Digital Signature Certificates, Remuneration of Directors, Conflict of Interest Disclosures, Accounts & Audit etc and a plethora of other compliances under Company Law based upon various events like Capital Restructuring, Mergers & Acquisitions, Intercorporate loans & Investments have to be complied with. Automated compliance management system covering the compliances under company law will be an efficient way to manage the compliances. AWARENESS AND INFORMATION SUPPORT TO DIRECTORS – A KEY Awareness and education to the directors containing, Roles, responsibilities, liabilities, actions which can be undertaken by Boards, actions which requires shareholders and government approval to be mentioned. This is important because Board needs to be aware of their powers. This is important because in this ever changing dynamic corporate world directors have to take spontaneous decisions for making an important deal, and this will help the directors. The Directors most likely are from diverse backgrounds and all the guidance notes should be in simple and easy to understand language with pictorial and graphical representations. Information Gateway for Directors through Intranet or any web based technology which Directors can access online should consist of : Agenda and Notes to Agenda of all Board Meetings & Shareholder Meetings Minutes of all Board Meetings & Shareholder Meetings Form24 AA, Disclosures of Interest, Related Parties Directors Identification No Guidance Note Digital Signature Certificate useage Guidance Note Compliance Quick updates and presentation in Board Meetings Exact corporate hierarchy & structure, Investment tree Compliance & Legislatory updates and presentation in Board Meetings Important emails- Archive Financials (Quarterly , Half yearly, Annual) MIS-Dashboards Accounting Standards simplified Charges on Assets-Detailed Chart Litigation or Pending cases relating to Corporate Laws- Detailed MIS Key compliances under Company Law of overseas subsidiary companies Details about meetings organized by professional bodies like ICSI, NFCG etc on Directors etc The JJ Irani Committee was of the view that law should facilitate use of technology to carry out statutory processes efficiently. Meetings of the Board of Directors by electronic means (Teleconferencing and video conferencing included) to be allowed and directors who participate through electronic means should be counted for attendance and form part of Quorum. Minutes should be approved/ accepted by such directors who attended by way of teleconferencing/ videoconferencing Signature may be accepted by use of digital signature certification. If any director has some reservation about the contents of the Minutes, he may raise the issue in succeeding meeting and the dissent, if any, may be recorded in the minutes of that meeting. The information gateway through web based technology will be of great help for online Board Meetings. Shareholders Information : The intranet portal can be given access to the shareholders with information to the extent shared. This would be good practice and classic example of good corporate governance. CEO /CFO CERTIFICATION & COMPLIANCE CERTIFICATEGREAT AID FOR COMPLIANCE MANAGEMENT Various certifications play a dominant role in overall process of compliance management covers the audit of the compliances and the reports give a confidence to the stakeholders. Presence of automated compliance management systems gives confidence to Directors when they can see the documented proof of all compliances in an automated system in detail and when they can access the whole documents and the transaction trail. Certification by independent company secretary irrespective of whether mandatory or not is a good practice and companies should start taking certificates from company secretary in practice. Automated compliance management and certifications help Corporate Restructing, Mergers, Takeovers, Acquisitions, Buyback, Re-organizations in the process of Due diligence. MCA 21-WAY AHEAD Keeping in tune with the eGovernance initiatives the world over, Ministry of Corporate Affairs (MCA), Government of India, has initiated the MCA21 project, to enable an easy and secure access to MCA services in a manner that best suits the corporate entities and professionals besides the public. MCA21 is intended to achieve the objectives of a versatile eGovernance project. The MCA21 project is designed to fully automate all processes related to the proactive enforcement and compliance of the legal requirements under the Companies Act, 1956. This will help the business community to meet their statutory obligations. From the customer perspective, the Front Office operations assume significance, which would be administered through the Front Office portal. The entire Back Office operations of the MCA would be automated so as to achieve the objective of a user friendly computerized environment. MCA portal is the single point of contact for all MCA related services, which can be easily accessed over the Internet by all users. The Ministry is all set to exploit the benefits of its ambitious e-Governance programme - MCA21, which is considered to have been successfully implemented by the Government of India as one of the Mission Mode Projects under the NeGP. Compliance management is under serious review. The Ministry has decided its priorities clearly and is keen to take up the issue of non-compliance of filing of statutory returns by the defaulting listed companies, public limited companies, Government companies and those with an authorized capital exceeding Rs. 1.00 crore in the first phase. “About 75% of the companies in this group are already compliant in filing the Annual Returns and the Balance Sheets. The target of Ministry is to take this to at least 90% compliance level in this group before the year end”. The Ministry is clearly demonstrating that level of compliance management and efficiency through use of Technology. May be in future if the intranet portals maintained by company with all information is given access to the Department when need for inspections the complete governance will be online and automated, their will not be a need of physical inspections and department can act through email notices and responses from company thus making a 100% online compliance management by Department ROLE OF COMPANY SECRETARY With the advent of MCA 21 and emerging technology and dynamic business and compliance era as Company Secretary and compliance officers we should start adopting the new technology and methods towards compliance management. Some of the requirements are as under : Online Libraries of Bare Acts, Rules, Regulations, Circulars, Notifications Repository Important Judgments of Company Law, SEBI guidelines Annual Reports of Top companies across various industry domains Memorandum and Articles of Association of Top companies across various industry domains Shareholders and Joint venture agreements Drafts Listing of Websites (Department and Legal information) providing complete information Active part in online groups, discussions forums, blogs and networking with professionals Having subscriptions with magazines like Chartered Secretary & other subscriptions Understanding of Business domain Use of Microsoft Office tools like Power point, Access, Project, Outlook Special presentation tools like Adobe, Flash Player etc. Conclusion The emphasis of the Compliance management is on enabling companies to acquire the skill-sets and systems to ensure continued adherence of law Compliance is one of the steps in corporate governance initiatives since governance is a strategy while legal compliance is an operational plan of action. Core to good corporate governance is compliance with the laws of the land. This assists companies in their endeavor towards being a good corporate citizen Today compliance is not an option; it has become cost of doing business and the best possible way of managing risks. Compliance management solution addresses this with the help of integrated framework supported by an automated IT solution and strong management commitment. Compliance management when automated provides sustainable framework and a predictable and proactive way of managing compliances. FOOTNOTES *Disclaimer : The views expressed by the author are his personal and not that of his employer.