- Regulatory compliance
-
"Compliance (regulation)" redirects here. For other uses, see Compliance (disambiguation).
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and regulations.
Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls. [1] This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources.
Contents
International compliance
The International Organisation for Standardisation (ISO) produces international standards such as ISO17799. The International Electrotechnical Commission (IEC) produces international standards in the electrotechnology area.
Compliance in the USA
Corporate scandals and breakdowns such as the Enron case of reputational risk in 2001 have highlighted the need for stronger compliance and regulations for publicly listed companies. The most significant regulation in this context is the Sarbanes-Oxley Act developed by two U.S. congressmen, Senator Paul Sarbanes and Representative Michael Oxley in 2002 which defined significant tighter personal responsibility of corporate top management for the accuracy of reported financial statements.
Compliance in the USA generally means compliance with laws and regulations. These laws can have criminal or civil penalties or can be regulations. The definition of what constitutes an effective compliance plan has been elusive. Most authors, however, continue to cite the guidance provided by the United States Sentencing Commission in Chapter 8 of the Federal Sentencing Guidelines.[2]
On October 12, 2006, the U.S. Small Business Administration re-launched Business.gov[3] which provides a single point of access to government services and information that help businesses comply with government regulations.
There are a number of other regulations such as PCI-DSS, GLBA, FISMA, Joint Commission and HIPAA. In some cases other compliance frameworks (such as COBIT) or standards (NIST) inform on how to comply with the regulations.
Compliance in Australia
Standards Australia revised the standard titled "AS 3806 - Compliance Programs". While many aspects of the original standard produced in 1998 standard appear in the 2006 version there are additional principles covered. The regulators in Australia continue to endorse and encourage (by regulation) the use of the standard when establishing a compliance framework.
The regulators are the Australian Securities and Investment Commission and the Australian Prudential Regulation Authority (APRA).
Compliance demands in the superannuation industry continue to increase due to the new licensing regime implemented by APRA. The new licensing regime requires trustees of superannuation funds to demonstrate to APRA that they have adequate resources (human, technology and financial), risk management systems and appropriate skills and expertise to manage the superannuation fund. The licensing regime has lifted the bar for superannuation trustees with a significant number of small to medium size superannuation funds exiting the Industry due to the increasing risk and compliance demands.
Compliance in the UK
There is considerable regulation in the UK, some of which is from EU legislation. Various areas are policed by different bodies, such as the FSA (Financial Services Authority), Environment Agency and Scottish Environment Protection Agency, Information Commissioner's Office and others.
Important compliance issues for all organisations large and small include the Data Protection Act 1998 and, for the public sector, Freedom of Information Act 2000.
Combined Code issued by the London Stock Exchange (LSE) is the Sarbanes-Oxley equivalent in the UK.
Compliance in Canada
see Bill 198 commonly known as C-SOX
Definitions Related to Compliance
Compliance data is defined as all data belonging or pertaining to enterprise or included in the law, which can be used for the purpose of implementing or validating compliance. It is the set of all data that is relevant to a governance officer or to a court of law for the purposes of validating consistency, completeness, or compliance
See also
- Axentis
- Business Motivation Model. A standard for recording governance and compliance activities
- Call Report
- Chief compliance officer
- Compliance and ethics program
- Enforcement
- Health Care Compliance Association
- Law enforcement agency
- Law enforcement templates by country or region
- Society of Corporate Compliance and Ethics
References
External links
- Business.gov, Official U.S. Government Portal for Complying with Regulations.
- RCA, RCA is a nonprofit-organization that provides firms with an all inclusive resource to effectively manage the escalating Operational Risk Management and Compliance environment.
- Society of Corporate Compliance and Ethics (SCCE)
- Health Care Compliance Association (HCCA)
- Open Compliance & Ethics Group (OCEG), OCEG is a nonprofit organization that provides numerous resources for corporate governance, risk management, compliance and business ethics.
- European Project COMPAS, European Project COMPAS - Compliance-driven Models, Languages, and Architectures for Services; funded by the EU 7th Framework Programme Information and Communication Technologies Objective.
- Microsoft Resources, Microsoft resources for corporate governance, risk management, compliance.
Categories:
Wikimedia Foundation. 2010.
