Compliance, and in particular, regulatory compliance, has become an increasingly important aspect of an organisation’s risk management framework. This is partly due to the frequency of scandals concerning fraud and corporate mismanagement (for example the collapses of Barings Bank, Enron and more recently the alleged unauthorised trading at Société Générale and UBS), the increasing complexity of the regulatory environment through globalisation of regulatory regimes, and the increasing size and complexity of many organisations.

In recent years, regulators have been given increased powers which they have exercised to crack down on companies and industries which had been deficient in their compliance systems resulting in a breach of regulatory laws. A good example is the well-publicised inquiry in 2004 by the New York Attorney-General alleging conflicts of interest, bid rigging and client steering in the insurance industry, which resulted in some landmark settlements being paid to US regulators. This triggered an investigation in Australia into conflicts of interest in the insurance industry. The impact in Australia arose through the imposition of US regulatory standards upon the activities of US businesses overseas. Similarly, one of the consequences of the earlier Enron collapse was the introduction of the US Sarbanes-Oxley laws (for more information see soxlaw website), which likewise had extra-territorial effect.

A more recent example is the ongoing scandal surrounding alleged rigging of the London inter-bank lending rate (LIBOR) by international banks including Barclays and UBS. This scandal has led to regulatory investigations in a number of jurisdictions. A number of banks have already been fined, and, as of 2013 regulation of the LIBOR is currently under review by the European Union.

These examples serve to illustrate why compliance has become such a topical issue for corporations today. Not only can the payment of a fine have a material financial impact on a company affecting its share price; there is also potentially significant consequential damage to the corporation’s reputation that compounds any share price impact.

This guidance note looks at the regulatory requirements and relevant standards and guidelines for compliance frameworks. It outlines the role of government bodies such as ASIC, APRA, AUSTRAC and the ACCC, as well as compliance standards of the Bank for International Settlements and Standards Australia.

See Regulatory requirements for compliance frameworks.

By implementing an effective compliance framework, a company ensures not only that it meets its obligations to various regulatory bodies, but it also provides measurable assurance as to whether a company is on target to implement its overall business strategy. An effective compliance program is one that is embedded in the company’s business processes and procedures and forms an integral part of its corporate culture. That is why a compliance program must be implemented on an enterprise-wide basis, ensuring that it meets the organisation’s risk appetite.

See Features of an effective compliance framework.

This guidance note looks at how to implement compliance frameworks, providing practical tips for implementation and traps to avoid.

See Implementation of the compliance strategy.