Synergies between risk and compliance regulations

Since the Corporate Compliance model was brought in Spain in 2015, with the reform of the Penal Code, companies have found it necessary to establish performance standards that enable them to identify and classify possible risks at an operational and legal level within the framework of their business activity and to adopt the necessary prevention, management and control measures to address any potential non-compliance with the regulations on their part.

The problem this model brings about is the integrated management of such a wide variety of national and international regulations. Regulations that companies need to comply with depending on the nature of their activities and relationships with third parties. Also, to achieve an integrated management of regulatory compliance that favours risk mitigation, organisational and policy strategies are required that foster communication and the development of a culture of compliance. In this regard, the biggest challenge faced by companies is achieving a synergy between the different areas involved, the respective risk analysis and the execution of controls that ensure regulatory compliance when undertaking their business activity. In the strictest sense, having a reasonably integrated compliance management system.

Currently, we take ERM management models (Enterprise Risk Management) as a reference to the extent that they include synergies and joint areas of action between risk management and compliance. The implementation of this type of model involves an organised, ongoing process for managing the company’s risks and also the development and implementation of integrated systems.

For the implementation of this type of model you need to do the following:

• Define the scope and ensure it is sufficiently clear that the business activity of the company can be understood.
• Identify the risks that affect the company, for which detailed knowledge is needed of the company, the market in which it operates and also the legal, political and social environment in which it operates.
• Develop a shared and coherent vision with the strategy and objectives to be achieved, including factors that are critical for its success.
• Assess the risks in terms of probability and impact.
• Establish monitoring of the measures defined to mitigate the risks identified.

Likewise, the features that characterise ERM include the following:

• It is an additional resource for establishing and prioritising the company’s objectives.
• It offers interaction with and feedback from the different stakeholders and interdependencies of processes.
• It is a resource that supports setting up strategies and decision-making based on the analysis of the risks identified.
• It enables the centralisation of controls, offering improvements in the quality of the information, perception and effectiveness of data governance.
• It addresses compliance requirements such as SOX, COSO, ITIL, among others.

Companies that carry out integrated risk and compliance management, and who also adopt measures to ensure regulatory compliance, can reap many benefits, which may include:

• Extending the scale of opportunities available, taking into account all the possibilities.
• Identifying and managing risks throughout the organisation and, as a result, sustaining and improving development.
• Increasing advantages at the same time as negative situations are reduced, which is a result of identifying risks and establishing appropriate responses.
• Maintaining high quality standards and a good company image.
• Professionalising compliance function, providing resources and processes that guarantee its effectiveness.
• Reducing legal and administrative problems.
• Improving resource deployment due to having access to sound information on risks that enables an assessment to be made of general resource needs and priorities to be set for their deployment and allocation.

So, we can conclude that it is of great importance for companies to implement a comprehensive risk and compliance management system. Not only because it will guarantee the smooth running of their business activities, but also because it will bring many economic, social and work-related benefits. Not forgetting that achieving synergies between all the areas of the organisation in terms of risk and compliance will help to mitigate the risk of potential regulatory breaches.