What is legal compliance?
Legal compliance is the process by which a company adheres to the complex rules, policies and procedures that regulate business practices in a particular jurisdiction.
Compliance involves knowing and understanding the legislation that applies to the organization and demonstrating that the business and its entities are in compliance at all times.
- A robust compliance process includes, but is not limited to:
- Keeping records of checks
- Having policies and procedures in place around the legislation
- Retaining evidence that the right people are taking responsibility for compliance
A failure to provide the appropriate amount of attention to your legal compliance program can lead to a company not only falling foul of regulators but also facing fines, censures, reputational damage and, in some instances, the prospect of jail time for directors. Organizations can mitigate these risks when an effective compliance program is in place.
Compliance requirements differ by jurisdiction, making evaluating legal compliance a difficult and sizeable responsibility for CCOs and other professionals tasked with its strategy and tracking.
Here we discuss:
- The importance of compliance and legal departments working together
- The requirements of legal compliance
- How to evaluate legal compliance
- How compliance tools — like policy and training management solutions — can help achieve legal compliance in your organization
Is Compliance Part of Legal?
Compliance and legal are separate concerns, yet the two are firmly interlinked; a foremost responsibility of an organization’s legal department is to ensure, promote and facilitate compliance.
In-house counsel plays a crucial role in protecting the company, its directors and its employees. Thomson Reuters Practical Law’s compliance and ethics toolkit states that legal departments can ensure compliance by:
- Implementing effective compliance policies
- Educating employees on those policies
- Staying informed of the various regulations with which the company must comply across all jurisdictions in which it operates and staying abreast of any changes; and
- Identifying issues that may turn into potential violations and ensuring there are procedures in place to address the issues
What Are the Legal Requirements of Compliance?
An organization’s legal requirements are two-fold in terms of legal compliance. Firstly, to ensure compliance with the laws and regulations set out for a business to operate in good standing within a particular jurisdiction. Secondly, to implement sound internal compliance systems, imposed by a legal department, in accordance with rules and processes.
A sufficiently comprehensive legal compliance program should include seven key elements, as advised by the Department of Health and Human Services, Office of Inspector General (OIG):
- Standards, policies and procedures
- Compliance program administration
- Screening and evaluation of employees, vendors and other agents
- Communication, education and training on compliance issues
- Monitoring, auditing and internal reporting systems
- Discipline for non-compliance
- Investigations and remedial measures
What Is the Difference Between Compliance and Legal?
An effective compliance program relies heavily on co-operation and support from an organization’s legal department.
While legal professionals advise on the law and best legal practice, it is the role and responsibility of compliance professionals to develop the procedures, policies and systems to ensure that the company operates within clearly defined parameters.
Meanwhile, in-house counsel plays a fundamental role in delivering training, undertaking due diligence, providing legal guidance and analysis, and, on occasion, conducting internal investigations.
By working in close partnership with compliance, a legal department can ensure that the organization is operating effectively and ethically.
What Are the Steps for Evaluating Legal Compliance?
How can in-house counsel, company secretaries, legal operations and compliance teams work together to measure compliance and keep the company and its entities legally able to operate in every jurisdiction? The following seven steps provide a solid framework for success.
Step 1: Know the Regulation
The first step, applicable to all businesses, is to do your research: Know the regulations in your industry and jurisdiction, understand the requirements of your entity concerning each regulation and make plans for how you can fulfill those requirements. Make sure you consider all aspects, including, among others:
- Data protection
- Health and safety
- Environmental responsibilities and ESG
- Financial and accounting requirements
- Employment law
- Tax law
- Advertising regulation
- Corporate law, such as the U.S. federal sentencing guidelines for organizations
Step 2: Clarify Your Reporting Duties
Reporting requirements will differ depending on the sector, industry and jurisdiction in which your organization operates. The plethora of acronyms — FATCA, CRS, SOX, BEPS — all come with reporting duties, but other bodies require regular filings, too.
Consider the terms of any funding, or of any ethical bodies or industry organizations that your company is a member of, and check whether a quarterly or annual report is needed. It’s advisable to keep a calendar of reporting deadlines to make sure none are missed.
Step 3: Take Stock of Policies
All legal compliance policies you put in place must be closely adhered to and remain up to date. While evaluating legal compliance, check that your policies are still fit for purpose. Are all changes in your business or industry reflected in your policy updates? Are your people aware of and working within the policies? These are important questions to ask frequently; an annual review is essential to successfully evaluating legal compliance, supported by regular spot checks.
Step 4: Check Your Records
Ensure all record keeping within the organization and across all entities is strong, that your compliance teams know what to keep a record of, and that it’s stored safely in an easy-to-access central repository; the quality of records is integral to successful legal compliance evaluation.
Entity management is important, but also aim for entity governance, where compliance teams have enough strategic oversight of the corporate structure to forecast the downstream effects of changes to regulations and laws. Strong entity governance is driven by evaluating legal compliance regularly.
Step 5: It’s Not Just About Laws
You must also consider non-legal requirements when evaluating your organization’s compliance. Has the company signed up to any industry codes of practice? Are operations following all ethical guidelines? Do you remain compliant with the requirements of any licensing, funding or tenancy agreements? Cast your net wider when taking steps to evaluate legal compliance and ensure you’re getting the complete picture of your company’s compliance health.
Step 6: Remember Your Employees
Compliance policies and processes will only succeed by clearly communicating these requirements to everyone in the organization. Ensure all employees, from the board level downwards, know and understand their responsibilities regarding compliance: organize training and education programs, and schedule regular check-ups to ensure everyone is entirely on board.
Step 7: Schedule Regular Compliance Checks
An easily missed step for evaluating legal compliance is continuously monitoring your organization’s third parties. These checks go beyond your employees; make sure any automated filings are happening as they should, that there are no new deadlines or regulations you need to know about and your processes remain current and correct. You must have access to real-time data on your third parties to get the bigger picture and be prepared to make necessary changes due.
How to Ensure You’re Fully Legally Compliant
A business’s state of compliance can be evaluated at two levels:
- Compliance with the external rules imposed upon the business as a whole by Government or industry body regulations, including compliance with laws or ethical standards; and
- Compliance with the internal systems of control imposed by the business to help it achieve compliance with those externally imposed rules.
Robust legal compliance requires easy and quick access to up-to-date, real-time data; measuring using old or incorrect data can actually cause compliance to slip, which can have a long-lasting financial and reputational impact on an entity or larger group of entities.
Technology’s Role in Legal Compliance
The best compliance software can aid in various legal compliance tasks to help create credible and defensible compliance programs.
Compliance solutions can:
- Help organizations say on top of regulatory compliance obligations
- Assess, screen and continuously monitor third parties
- Centralize policy and training management