Does your compliance operation meet the requirements?
Being responsible or accountable for organizing compliance with legal, policy and contractual obligations is central to the business compliance function. We can also say that the compliance operation feeds business risk management with underlying findings and scenarios for improvement. The purpose of the compliance operations is to enable top management to better direct business activities.
Under pressure from new legislation and related supervision by competent supervisors, the supervisory or compliance burden is increasing. Companies of any size are used to compliance pressures. This pressure is new for small businesses. They often experience this as oppressive.
What is our service?
Organising compliance with legal, policy and contractual obligations is our primary focus. While performing the compliance work, we are happy to advise on points for improvement in the administrative organisation and internal control, the protection of company and personal data and the more effective organisation of business activities using business processes that include management and security measures “by design”.
What are the benefits?
If management perceives compliance efforts as a burden or expense, the compliance operation develops with difficulty. If the management recognizes that the position can contribute to the continuity of business operations, then added value is created, see example applying accountability.
How can we help you?
Do you have questions about organising, implementing or expanding your compliance operations? Our service owner, Caroline Willemse AA RE RFG or her colleagues, would be happy to discuss your specific case.
Baseline measurement on your compliance operations
During a baseline measurement, we check the following points: “what is the status of the (company) compliance function? Is the compliance in line with the business activities and what are the bottlenecks and points for improvement? How can the business compliance function be organized effectively and what does that yield?”
Managing company specific baselines
Top management uses a variety of cohesive generally accepted and company specific baselines and specifications. New and more detailed explanations of legislative, policy and contract obligations as well as improving control measures give rise to regular adjustments to baselines. Management’s responsibility includes both the “static” baselines and the compliance process.
Periodically, a company determines the effective functioning of control and security measures taken in systems that support business processes and with which business activities are organized. In the compliance work, the baselines help the employee or professional to estimate the maturity level of the control. The internal control measures can be organized “by design” in systems or are carried out by employees.
Contract management and compliance
We can see the continuous determination of compliance with contractual obligations and sufficient use of the rights as a special form of compliance. In the contract life cycle it is called contract management. Given the pioneering role of our professionals in organizing an effective corporate legal function, we pay special attention to this.
Compliance operations training program
Applying compliance operations requires company management, department management and employees to pay attention to the performance of compliance activities. Most employees will wonder why compliance is necessary and what the added value is for the company, the department and the employee. Awareness and knowledge programs are necessary to transfer knowledge about compliance before they can properly implement this in their daily work.
Compliance support on demand
We assume that a company is able to organise the compliance operations with the help of the knowledge bases, webinars, and training. If parts of this are not the case, the company can call on the compliance professionals on call.
Drawing up a suitable business case
Organising compliance operations can only be successful if there is sufficient added value for the company, the department and the employees. At each step, a business case is needed with revenue and cost flows.
Blogs about compliance operations
In this blog, Anne-Wil Duthler, the managing lawyer at First Lawyers and Ans Duthler, legal professional at Duthler Associates, discuss the step-by-step optimisation of legal operations by smart contracting. Organising effective and cost-efficient legal operations is essential for business continuity. We discussed this theme in the blog ‘seven legal trends of 2020′. This theme is17 March 2021
The purpose of this day is to better inform European citizens about their rights regarding the use of their personal data by governments, companies and other organizations. Companies and organizations are also encouraged to improve the protection of personal data on this day. The choice for this day lies in the “Convention for the Protection29 January 2021
By: Caroline Willemse Organizations now know that – before engaging a processor – they must satisfy themselves that the processor has taken proper measures to protect the personal data. And that clear agreements must be made about this and recorded in a processor agreement. Unfortunately, it is considered less self-evident if an organization engages another22 January 2021
Frequently Asked Questions
There is no unambiguous definition of compliance. In the financial sector, the role of compliance officer has been elaborated and the purpose of compliance is to establish compliance with laws and regulations.
We see and provide more and more new (European) legislation with compliance arrangements. The subjects, usually the companies and the management, are responsible for organising compliance with legal and contractual obligations. They must account for the (degree of) compliance. This places the supervisory burden on the subjects.
As this legislation is pushed through with compliance arrangements, companies – regardless of size and type – will need a practical, integrated and effective approach to compliance.
We apply such a compliance approach to companies.
A company that takes responsibility – and disseminates accountability – for the realisation of its own mission and vision or its policy gains the trust of its partners (customers, employees and suppliers). It enhances her reputation.
No, organising an integrated compliance approach can be organised in a traditional way. To organise an effective compliance operation, it is recommended to use the trust network. The basis for an effective compliance operation is reliable company and personal data.
We describe a baseline as an overview of management objectives that a company wishes to maintain or achieve. The measures (per maturity level) are stated here, through which a company can measure whether the objective has been achieved and can make adjustments if necessary.
The baselines are based on general standards frameworks such as ISO and NEN (good practices) and legal frameworks such as the GDPR. Baselines can be made company specific by supplementing them with company objectives and contractual rights and obligations.
A baseline can also be drawn up specifically for a business activity, for example a baseline with functional and non-functional specifications for the purchase of an application in the cloud or the purchase of an IT system.
We recognize no difference:
- Chartered accountants, charged with the audit of the financial statements, use the term ‘administrative organization and internal control’. Legislators and regulators use the term “compliance (with law)” for being responsible for organising compliance with legal and contractual obligations.
- Operationally, as part of the effective organisation of business activities with business processes that include control measures, company employees often talk about internal control.
We can regard contract management as a special form of compliance. A company makes agreements with its partner about providing a service against payment. The parties wish that the obligations are met on both sides as agreed. In terms of compliance, the partners can agree on a baseline that everyone adheres to.