Regulatory compliance for beginners
Regulatory compliance is a broad term that describes an organization’s efforts to comply with applicable laws and regulations. Here is an overview of how this process works and what you need to know to avoid legal proceedings.
What is regulatory compliance?
Regulatory compliance refers to the efforts that any organization makes for its policies, processes and procedures to comply with the different laws, regulations, standards or guidelines set within the industry. Identifying, implementing, and maintaining controls means reducing the risk of legal, financial and business repercussions.
The best approach to regulatory compliance is to find the set of regulations you need to follow, learn the rules for those regulations, and then make sure that you have the business processes and procedures in place to meet those requirements. Note that failure to comply with these guidelines and regulations can land you in trouble. Fines can range from a few thousand to millions, depending on how serious the non-compliance is.
Note that regulatory compliance should not be looked at as a one-time solution. As you deal with new regulations and formulating new policies and procedures, you should review your existing ones as well.
And yes, maybe sometimes this will require some help from a professional or a consultant who understands the regulations and has experience in helping organizations meet them. The good news is that once you have a solid plan in place, that compliance, process, and procedure work is a lot easier to maintain than it would be if you were just guessing at what needed to be done without any help.
Why is regulatory compliance important?
The main purpose of regulatory compliance is to ensure that companies comply with all relevant laws and regulations. Compliance is not just limited to legal requirements; it includes ethical standards and social responsibility. Companies must make sure that they do not violate any law or regulation, even if it is unintentional. They should also take steps to prevent unethical practices and protect consumers.
All employees, contractors, suppliers, customers, and others who interact with the company should comply with all applicable laws and regulations. Compliance policies should include procedures for identifying risks, developing strategies to mitigate those risks, and implementing controls to ensure that the risk continues to be mitigated.
Avoiding legal repercussions
One of the clear benefits of complying with regulations is protecting the organization from any fines that could potentially be imposed. Let us review some of the most famous cases of companies not complying.
JP Morgan
J.P. Morgan Securities LLC (JPMS) was ordered to pay a $200 million penalty for widespread and longstanding failures by the company, and its employees, to maintain and preserve written communications. As part of the implementation of robust improvements to its compliance policies and procedures, JPMS agreed to retain a compliance consultant.
Forex Scandal
Five banks were fined by the United Kingdom's Financial Conduct Authority (FCA) for manipulating exchange rates on the forex market for their own financial gain. Even though the fines total $1.7 billions, only one person was arrested, but many more lost their jobs.
Libor Scandal
This was a scheme in which bankers at several major financial institutions conspired with each other to manipulate the London Inter-bank Offered Rate (Libor), for the banks to seem more creditworthy than what they actually were. It is considered the greatest financial scandal, and “led to more than $9 billion in fines for major financial institutions”, reported Bloomberg.
HSBC Scandal
HSBC was fined in 2021 for 64 million pounds, as the Financial Conduct Authority (FCA), the UK’s financial watchdog, found "serious weaknesses" in the way the banking giant’s automated systems monitored the hundreds of millions of transactions a month to identify possible criminal activity.
The importance of having a regulatory compliance policy cannot be overstated. It shows that the company is committed to ensuring that all employees comply with the law and regulations governing their industry. It also demonstrates that the company takes the issue of regulatory compliance seriously.
What types of regulatory compliance are there?
Every industry has its own laws and regulations that organizations must adhere to, and these also vary between different countries or regions. There are also dedicated bodies that oversee the implementation of practices put in place to protect customers and stakeholders from the company’s potential mistreatment of information. The compliance laws are also set to help organizations’ reputation and avoid any liabilities.
Regulations, standards, laws, and guidelines vary between different countries or regions; here are some of the most noticeable legislations and entities around the globe.
United States
Foreign Account Tax Compliance Act (FATCA)
FATCA was passed as part of the HIRE Act, and it generally requires Foreign Financial Institutions and certain other non-financial foreign entities to “report on the assets held by their US account holders or be subject to withholding on withholdable payments”. Moreover, the HIRE Act also requires US persons to report their foreign financial accounts and foreign assets, depending on the value.
Dodd-Frank Act
This federal law came after the Great Recession of 2007-2009, and it was intended to increase financial stability by “improving accountability and transparency in the financial system”. Even though its economic effects have been questioned, studies have shown that this act has improved consumer protection.
Sarbanes-Oxley Act (SOX)
SOX was enacted in 2002 and focuses on record keeping and reporting. It intends to “protect investors by improving the accuracy and reliability of corporate disclosures”. This act comes after several accounting scandals such as Enron –largest bankruptcy reorganization in U.S. history at that time and biggest audit failure– and WorldCom –orchestrated scheme to inflate earnings to maintain its stock price–.
Federal Trade Commission (FTC)
The FTC focuses on protecting consumers by “preventing anticompetitive, deceptive, and unfair business practices”, and developing policies and enforcing laws. It is the only federal agency that has jurisdiction in both consumer protection and competition across different sectors of the economy.
National Institute of Standards and Technology (NIST)
Now part of the U.S. Department of Commerce, the NIST was established by Congress to “remove a major challenge to U.S. industrial competitiveness at the time”. This challenge was a second-rate measurement infrastructure that wasn’t up to the standards and capabilities of other economic rivals such as the United Kingdom and Germany. The NIST develops guidelines used to meet regulatory compliance requirements in industries such as data security and IT.
European Union
The European Union (EU) is a voluntary supranational union; it has an economic, social, and political integration of the member countries, including a common market, border control, supreme court and regulations.
European Systemic Risk Board (ESRB)
In 2010, the ESRB was established as a board that would oversee the European Union’s financial system in order to “prevent and mitigate systemic risk”. With its establishment, other independent entities were created such as the European Banking Authority (EBA) –which ensures an effective and consistent prudential regulation and supervision across the European banking sector– and the European Securities and Markets Authority (ESMA) –which enhances the protection of investors and promotes stable and orderly financial markets–.
General Data Protection Regulation (GDPR)
The GDPR, put in place in 2018, is thought of as the toughest privacy and security law. It aims to protect “natural persons with regard to the processing of personal data”, meaning that even though most countries or organizations are not in the EU, if they target or collect data related to people in the EU (not necessarily citizens), they must comply with the GDPR.
If the privacy and security standards set by the GDPR are violated, harsh fines will take place. These could be up to 20 million euros or 4% of global revenue (whichever is higher), and this does not include the compensation for damages that data subjects could seek for.
British Commonwealth
Financial Conduct Authority (FCA)
The United Kingdom has its own standards and entities for regulatory compliance. The Financial Conduct Authority (FCA), for example, is in charge of regulating financial services by “protecting consumers, keeping the industry stable, and promoting healthy competition between financial service providers.”
Corporate Law Economic Reform Program Act 2004 (CLERP 9)
Australia initiated this program in 1997, which is in charge of continuously reviewing and reforming corporate and business regulations, making sure that they are “modern, responsive and promote business activity”.
Other countries
Common Reporting Standard (CRS)
CRS is an agreement of over 100 countries to exchange information of financial holdings held by a citizen of another CRS member country. CRS reporting happens annually under local law, and is coordinated by the Organisation for Economic Co-operation and Development (OECD).
Deutscher Corporate Governance Kodex (DCGK)
The DCGK, or the ‘Code’, focuses on making the dual German corporate governance system transparent and understandable. It does this by “describing legal regulations for the management and supervision of German listed companies”. It also makes recommendations and suggestions about the international and national standards that might be considered good and responsible corporate governance.
Canada
There are no federal regulatory agencies in Canada for securities, but they are within provinces and other territories. These collaborate continuously to regulate trading in the industry.
What are the benefits of implementing regulatory compliance?
There are several benefits that come with complying with regulations and laws. Those organizations that have a regular and consistent management of regulatory compliance will experience those benefits in the short term, and in the long term. Some of the benefits include:
Avoids legal issues
A correct implementation of regulatory compliance in an organization ensures that all the necessary obligations are met. This means that there will not be any legal and financial repercussions for any laws violated, even if unintentional. When the cost of compliance is compared to that of any potential fine, it becomes clear that the way to go is complying.
Efficiency and safety
As mentioned before, compliance is not limited to legal requirements; it also includes ethical standards and social responsibility. If rules against discrimination, harassment and bullying are implemented, then the workplace can become a healthy environment which will result in increased efficiency, productivity, and a feeling of safety.
Profitability
It is important for organizations to increase their profitability, and a simple way to do that is by implementing regulatory compliance. Complying with laws and regulations allows the company to continue securing the trust of its customers and stakeholders, by showing them that they have implemented protocols against data breaches and making them feel secure and thought of.
So… What happens if I don’t comply?
Apart from the monetary penalties that could be implemented, as seen in the examples above, there are three other repercussions to non-complying: time loss, reputational risk, and revenue loss.
Time loss
When a company is being investigated for not complying with regulations, one of the disadvantages is the time lost. This is certainly true in the case of financial services, as employees will have to spend time on reporting, audits, and other aspects.
Reputational risk
An investigation of a company for non-compliance is an ominous sign that, at the very least, will have an impact on the company's reputation. Needless to say, time and time again we see companies failing in this area. And often, the damage done is so severe that the company doesn't survive the investigation.
Revenue loss
Customers and stakeholders will not enjoy seeing the company they are part of under investigation, which will result in a decrease in customer confidence and, in the long run, losses in revenues that could potentially mean the end of the organization.
How to ensure regulatory compliance?
Compliance is about doing things right. It’s about being aware of your legal obligations and making sure that you do everything possible to avoid breaking any laws. To achieve this, you need to know what those laws are, how they apply to your business, and how you can comply with them. Remember that compliance is a continuous process, and every organization must be up to date on the different regulations in its area.
To sum up:
- Investigate what regulations, laws and standards apply to your company and industry.
- Develop some guidelines for your company to follow for every employee to be on the same page.
- Save all your documents for, at least, the minimum time required. And then save them for a little bit longer.
- Regularly review the compliance laws that apply to you.
- Invest in a compliance consultant, and don’t forget that this is cheaper, and better, than paying fines.
- Make sure you have an automated way to keep up with your compliance, which will save you time and money.
How is Trans World Compliance (TWC) working towards regulatory compliance?
The estimated $427 billion in missed tax revenue is the driving force for global economies to pursue this issue aggressively. Trans World Compliance’s (TWC) solutions provide all stakeholders with the tools to fight for a more equal and just world while improving efficiency and lowering costs. We are in the right place and time and have the solutions to assist with this worthwhile cause.
TWC assists tax authorities, financial institutions, and MNE’s in combating tax avoidance and evasion with world-class rule-based technology that improves efficiency and lowers costs, a multilingual top-notch support, to ensure the best customer experience, and a team composed of experts in IT, compliance, and taxes.
In conclusion
Regulatory compliance is not something to ignore, and it is not something that any conscientious business owner or manager should want to ignore. The benefits of regulatory compliance are numerous, and the costs of noncompliance can be significant. If you're serious about protecting your company, check up on your requirements now and stay on top of them in the future.