30.06.2023
Compliance – part VIII – procedures
The compliance system ensures that the organisation operates in compliance with legal regulations, industry rules and rules of ethics in areas susceptible to risk.
An effective compliance system requires creating appropriate tools, in particular policies, procedures and codes. The documentation to be implemented in the organisation as part of the compliance system is primarily determined by the scope of the organisation’s operations and type of risks present.
The documentation referred to above should in particular provide information about operating procedures within the organisation, roles and tasks of individual persons and rules of conduct, e.g. in the event of specific irregularities.
Standard procedures of the compliance system include:
- Code of Ethics. The code is the base document of the compliance system, stipulating the most important rules and ethical standards applicable within the organisation, both in internal and external relations. It also specifies the values followed by a given organisation as part of its operations.
- Code of Conduct. A document formulating specific practices and behaviours which should be followed or limited within the organisation. Such codes are addressed in particular to all members of a given organisation, but in some cases they may also apply to entities outside the organisation.
- Anti-corruption procedure. The purpose of the procedure is to reduce the risk of any abuse within the organisation to a minimum. Its effective implementation prevents situations where the organisation becomes criminally liable if a person in executive position abuses their rights or fails to comply with their duties as a result of accepting a financial or personal benefit. Furthermore, implementing an anti-corruption procedure is proof of the organisation’s zero-tolerance policy in respect of corruption and confirms that the organisation follows ethical rules, as a result improving the organisation’s credibility with customers, investors or business partners.
- Abuse reporting procedure. The procedure specifies rules and guidelines concerning the reporting of potential irregularities and investigating such reports.
- AML procedures. AML procedures are related to obligations resulting from the act on preventing money laundering and funding terrorism, and entities considered to be obligated institutions under the terms of the act are required to implement its provisions. The purpose of implementing the provisions of the act is to prevent the flow and use of funds originating from illegal sources.
- Corporate governance procedures. They are a set of primary rules, practices and processes used to manage the organisation and control its operations. The aim of the rules are to reinforce the management systems of the organisation, in particular in matters related to risk management, compliance and internal audit.
- Procedures concerning the protection of personal data (GDPR). In certain organisations, it is recommended that the compliance system also include the processing of personal data through implementing rules governing the protection of privacy and organisational measures as per GDPR, as failing to comply with personal data protection rules may run the risk that the organisation may receive severe administrative penalties.
- Procedures related to labour law. Procedures related to labour law play a key role in the area of employment, as they constitute an important source of information for employees on rules applicable within the organisation that they must follow. Furthermore, in many cases such procedures allow the organisation to avoid potential administrative, civil and criminal liability. Procedures related to labour law include anti-harassment policy and non-discrimination and equal opportunity policy.
- Procedures related to environmental protection. Environmental protection is an important and broad area where all businesses should ensure compliance. Environmental protection law includes a number of acts of law, i.e. bills and regulations, that businesses must comply with. Breaching environmental regulations, for example by failing to comply with reporting obligations or failing to obtain required permits, may have far-reaching, negative consequences for the organisation. The procedures are meant to ensure that the organisation’s actions comply with provisions and requirements of environmental law, as well as current “green” trends prevalent in a given industry.
The above is purely illustrative and is not an exhaustive list of all procedures and policies forming part of the compliance system. Such documentation is always drafted based on the needs of a given organisation and accounting for laws that regulate a given type of business activity. Implementing all of the above procedures will not be required in every case. The scope of implemented procedures may be narrower or broader, depending on individual needs.
Depending on the nature of operations of a given organisation, other procedures and policies that can be implemented include: preventing unfair competition, proper procedures when entering into contracts, tax policies, policies related to proper bookkeeping, business partner verification and use of company vehicles.
Please read our other articles on compliance:
Compliance – part III – Who is affected by the compliance system and how it is implemented.