- No category
Compliance Roles & Responsibilities: A Framework Guide
advertisement
© 2020 UCT/ GetSmarter All Rights Reserved MODULE 1 UNIT 2 The roles and responsibilities of the compliance function Table of contents 1. Introduction 3 2. Compliance frameworks 3 3. Roles and responsibilities of the compliance function 4 4. The human element of compliance 6 5. The scope of compliance 7 6. Conclusion 8 7. Bibliography 8 © 2020 UCT / GetSmarter All Rights Reserved Tel: +27 21 447 7565 | Fax: +27 21 447 8344 Website: www.getsmarter.com | Email: info@getsmarter.com Page 2 of 9 Learning outcomes: LO4: Outline the roles and responsibilities of the compliance function. LO5: Review the scope of compliance. 1. Introduction This set of notes introduces one of the most valuable tools in a compliance officer’s arsenal: compliance frameworks. It also explores the roles and responsibilities of the compliance function that these frameworks seek to enable, and how the scope of compliance in an organisation shapes the mandate, resource allocation, and responsibilities of the compliance function. 2. Compliance frameworks Compliance frameworks are suggested guidelines, processes, principles, and practices that enable a compliance function to meet its mandate. This course draws on concepts from the ISO 19600 framework and the Generally Accepted Compliance Principles (GACP) framework, among others. These two frameworks serve the following purposes: • ISO 19600: Conceived by technical committees at the International Organization for Standardization, this framework “provides guidance on compliance systems and recommended practices” (International Organization for Standardization, 2014:V para. 7). This framework is an international standard and, as such, applicable globally. This means that the tools and methodology that underlie the ISO 19600 can be applied wherever you are in the world, and to any organisation. • GACP: The GACP combines recommendations from the ISO 19600, the King IV Code, and the ISO 31000 – which focuses on general risk management – to outline a more “practical approach to regulatory compliance” (Compliance Institute of Southern Africa [CISA], 2018:1). The GACP is also aligned with other codes of best practice published globally by similar bodies. You can learn more about CISA and the GACP by watching Video 1, which features the CEO of CISA: Rianné Potgieter. © 2020 UCT / GetSmarter All Rights Reserved Tel: +27 21 447 7565 | Fax: +27 21 447 8344 Website: www.getsmarter.com | Email: info@getsmarter.com Page 3 of 9 Video 1: CISA and the GACP framework. (Access this set of notes on the Online Campus to engage with this video.) The ISO 19600 and the GACP compliance frameworks provide a common point of reference for compliance and allow practitioners to adopt similar principles and concepts in their approaches to compliance management. Each organisation has different compliance requirements, burdens, and risks. There are a number of factors that cause variation between organisations and their management of compliance risk. However, what is more relevant here is that two organisations operating in an identical market (i.e. regulated by the same regulatory universe) can have very different responses to their regulatory universe. This may be because the resources allocated to compliance practitioners and their operations are different, the systems and structures of their organisations may be different, or there may be different levels of compliance training and awareness within the organisations. Effective compliance frameworks give compliance practitioners, who operate in the compliance function, the tools to perform their functional duties. These duties are introduced in the following section. 3. Roles and responsibilities of the compliance function Unit 1 introduced the mandate of the compliance function, which is to assist the governing body in meeting its compliance obligations. In order to fulfil the mandate of the compliance function, compliance officers tend to assume several roles and responsibilities. The Basel © 2020 UCT / GetSmarter All Rights Reserved Tel: +27 21 447 7565 | Fax: +27 21 447 8344 Website: www.getsmarter.com | Email: info@getsmarter.com Page 4 of 9 Committee on Banking Supervision (BCBS, 2005:13-14), for example, states that the compliance function is responsible for the following: • Advice: Providing advice on compliance matters to the senior management of the organisation • Guidance and education: Teaching employees about compliance matters, and drafting policy guides and other training materials • Identification, measurement, and assessment of compliance risk: Proactively monitoring the various risks and risk drivers for the organisation and suggesting amendments to measure them • Monitoring, testing, and reporting: Monitoring and testing compliance, and reporting the results to the relevant parties • Statutory responsibilities and liaison: Communicating with external bodies, which is especially relevant when such communication is mandated by legislation or regulations • Compliance programme: Executing the overall compliance programme, which refers to all the activities and initiatives established and run by the compliance function Interactive infographic 1 illustrates how these roles and responsibilities are executed in a compliance officer’s daily work. Interactive infographic 1: The roles and responsibilities of the compliance function. (Access this set of notes on the Online Campus to engage with this interactive infographic.) © 2020 UCT / GetSmarter All Rights Reserved Tel: +27 21 447 7565 | Fax: +27 21 447 8344 Website: www.getsmarter.com | Email: info@getsmarter.com Page 5 of 9 To download the transcript for this interactive infographic, right-click here and choose “Save link/Target as”. The roles and responsibilities outlined in the interactive infographic allude to how important it is for compliance officers to have soft skills. Compliance officers need to be able to place themselves in the shoes of others who do not understand the need for compliance and convey it to them in terms that they can understand. They must be able to alleviate fears and anxiety around process changes and training. Soft skills are crucial in anticipating, preventing, and mitigating the human element of compliance, which is the ever-present possibility of human error. 4. The human element of compliance Compliance officers can build seemingly infallible controls that should, in theory, prevent any risk of non-compliance. However, sometimes human nature prevails, and individuals compromise these controls through human error. In Video 2, James Leach describes the human element of compliance. Video 2: The human element of compliance. (Access this set of notes on the Online Campus to engage with this video.) To download this video, right-click here and choose “Save link/Target as”. To download the transcript for this video, right-click here and choose “Save link/Target as”. © 2020 UCT / GetSmarter All Rights Reserved Tel: +27 21 447 7565 | Fax: +27 21 447 8344 Website: www.getsmarter.com | Email: info@getsmarter.com Page 6 of 9 By now, you may have realised that the scope of compliance extends beyond considering only formal legislation and regulations; it entails taking on various roles and responsibilities to achieve the compliance function’s mandate. Compliance officers must be involved in all facets of compliance, because there are overlaps across these facets and relationships between them. The section that follows illustrates the scope of compliance with reference to certain facets of compliance. 5. The scope of compliance So far, this set of notes has elaborated on the complexity of compliance by exploring the roles and responsibilities of compliance officers, which must be undertaken in all parts of an organisation and in all facets of compliance. As mentioned in Unit 1, overlaps in compliance management exist between corporate governance, the law, human resources, and risk management. Compliance isn’t just about establishing and maintaining systems of control. Compliance officers must consider the structure and processes of an organisation, which fall within the domain of corporate governance, because they can introduce regulatory risks. The law informs the regulations that an organisation must abide by, and often the regulations associated with the legislation are far more relevant and introduce a greater degree of compliance risk to the organisation than the legislation itself. While handling corporate governance, risk management, and legal obligations, compliance officers must also manage people and relationships. Legislation and regulation: The content in this course will often make reference to legislation and regulations, which are frequently conflated. Therefore, it is important to understand how they differ. Legislation refers to an act that has been passed by Parliament. Legislation usually defines broader rules, while regulations are means or processes that individuals or organisations must adhere to in order to be compliant with the broader rules (Collier-Reed & Lehmann, 2010:11). Consider Section 22 of the Companies Act, 2008, which prohobits reckless trading. Among other requirements, it states that companies cannot trade when they are insolvent, and that a commission can isssue a notice to show cause for why they cannot trade. Conversely, the Companies Regulations, 2011 – which supports the Act – describes specific requirements for addressing “reckless trading or trading under insolvent circumstances” in Section 19. One of these requirements is that a specific template should be filled out by the relevant commission, which will then be sent to the company that is suspected of trading illegally. You will learn more about the law and compliance in Modules 4 and 5. The compliance function is not confined to one department and, in larger organisations, it is sometimes segmented and distributed throughout the organisation. The interactive © 2020 UCT / GetSmarter All Rights Reserved Tel: +27 21 447 7565 | Fax: +27 21 447 8344 Website: www.getsmarter.com | Email: info@getsmarter.com Page 7 of 9 infographic introduced you to the roles and responsibilities of the compliance function by illustrating what a compliance officer’s duties might look like. Each of these duties requires specific resources and skills. Guidance and education, for example, require a compliance practitioner to create an opportunity for stakeholders to learn about compliance management initiatives in the form of workshops, forums, training interventions, or simple meetings. The scope of compliance is broad, and the nature of compliance is complex; therefore, it is essential that the compliance function is well-resourced and equipped to fulfil its mandate. Explore further: The following two resources explore the role compliance officers play in ensuring companies remain legally compliant. The first resource looks at 27 Financial firms which failed to provide their customer relationship summaries (Form CRS) to retail investors in a timely manner. The consequence was a total levied penalty of $910,092 as charged by the Securities and Exchange Commission (SEC). The second resource provides an example of VW neglecting the Triple Bottom Line. This is a regulation concept that posits that companies should focus on more than just financial gain. The Triple Bottom Line maintains that companies should focus on their social and environmental impact too. VW failed to do this when they neglected the people and planet through false online advertisements and the selling of vehicles that emit harmful substances. 6. Conclusion This set of notes introduced you to the roles and responsibilities of the compliance function and what this means for the scope of a compliance officer’s work. Has the material covered in this module changed your perspective on compliance management? The discussion forum in this unit gives you the opportunity to reflect on the perspectives you and your peers have on compliance management. 7. Bibliography Basel Committee on Banking Supervision. 2005. Compliance and the compliance function in banks. Available: https://www.bis.org/publ/bcbs113.htm [2019, November 18]. Companies Act, No. 71 of 2008. 2008. Available: https://www.gov.za/documents/companies-act [2019, September 19]. Companies Act, 2008. Regulation. 2011. Government gazette. 34239. 26 April. Government notice no. R351. Pretoria: Government Printers. © 2020 UCT / GetSmarter All Rights Reserved Tel: +27 21 447 7565 | Fax: +27 21 447 8344 Website: www.getsmarter.com | Email: info@getsmarter.com Page 8 of 9 Compliance Institute of Southern Africa. 2018. Generally Accepted Compliance Practice Framework. Gauteng: Compliance Institute of Southern Africa. International Organization for Standardization. 2014. Compliance management systems – guidelines. [ISO 19600:2014(E)]. Switzerland: ISO. Lehmann, K.H. & Collier-Reed, D.W. 2010. Basic principles of business law. Rev. 2nd ed. Durban: LexisNexis. © 2020 UCT / GetSmarter All Rights Reserved Tel: +27 21 447 7565 | Fax: +27 21 447 8344 Website: www.getsmarter.com | Email: info@getsmarter.com Page 9 of 9
0
advertisement
Download
advertisement
Add this document to collection(s)
You can add this document to your study collection(s)
Sign in Available only to authorized usersAdd this document to saved
You can add this document to your saved list
Sign in Available only to authorized users