Legal compliance is the process by which a company adheres to the complex rules, policies and processes that regulate business practice in a particular jurisdiction.
Compliance involves not only knowing and understanding the legislation that applies to the organization, but also being able to demonstrate that the business and its entities are in compliance at all times.
A robust compliance process includes, but is not limited to, keeping records of checks, having policies and procedures in place around the legislation, and retaining evidence that the right people are taking responsibility for compliance.
A failure to pay attention to measuring compliance can lead to a company not only falling foul of regulators, but also facing fines, censures, reputational damage and even, in some instances, the prospect of jail time for directors.
Compliance requirements differ by jurisdiction, making evaluating legal compliance a difficult and sizeable responsibility for entity managers tasked with its tracking.
Is compliance part of legal?
Compliance and legal are separate concerns, yet the two are firmly interlinked; a foremost responsibility of an organization’s legal department is to ensure, promote and facilitate compliance.
In-house counsel plays a crucial role in protecting the company, its directors and employees. Thomson Reuters Practical Law’s compliance and ethics toolkit states that legal departments can ensure compliance by:
- Implementing effective compliance policies
- Educating employees on those policies
- Staying informed of the various regulations with which the company must comply across all jurisdictions in which it operates and staying abreast of any changes; and
- Identifying issues that may turn into potential violations, ensuring there are procedures in place to address the issues.
What are the legal requirements of compliance?
When it comes to legal compliance, an organization’s legal requirements are two-fold. Firstly, to ensure compliance with the laws and regulations set out for a business to operate in good standing within a particular jurisdiction. Secondly, to implement sound internal compliance systems, imposed by a legal department, in accordance with rules and processes.
A sufficiently comprehensive legal compliance program should include seven key elements, as advised by the Department of Health and Human Services, Office of Inspector General (OIG):
- Standards, policies and procedures
- Compliance program administration
- Screening and evaluation of employees, vendors and other agents
- Communication, education and training on compliance issues
- Monitoring, auditing and internal reporting systems
- Discipline for non-compliance
- Investigations and remedial measures.
What is the difference between compliance and legal?
An effective compliance program relies heavily on co-operation and support from an organization’s legal department.
While legal professionals advise on the law and best legal practice, it is the role and responsibility of compliance professionals to develop the compliance controls, procedures, policies and systems to ensure that the company operates within clearly defined parameters.
In-house counsel, meanwhile, plays a fundamental role in terms of delivering training, undertaking due diligence, and providing legal guidance and analysis – as well as, on occasion, conducting internal investigations.
By working in close partnership with compliance, a legal department can ensure that the organization is operating in both an effective and ethical manner.
What are the steps for evaluating legal compliance?
How can in-house counsel, company secretaries, and legal operations and compliance teams all work together to measure compliance and keep the company and its entities legally able to operate in every jurisdiction? The following seven steps provide a solid framework for success.
Step 1: Know the regulation
The first step, applicable to all businesses, is do your research: Know the regulations in your industry and jurisdiction, understand what’s required of your entity in relation to that regulation, and make plans for how you can fulfil those requirements. Make sure you consider all aspects, including, among others:
- Data protection
- Health and safety
- Environmental responsibilities and ESG
- Financial and accounting requirements
- Employment law
- Tax law
- Advertising regulation, and, of course,
- Corporate law, such as the U.S. federal sentencing guidelines for organizations.
Step 2: Clarify your reporting duties
Reporting requirements will differ depending on the sector, industry and jurisdiction in which your organization operates. The plethora of acronyms – FATCA, CRS, SOX, BEPS – all come with their own reporting duties, but there will be other bodies that require regular filings, too.
Consider the terms of any funding, or of any ethical bodies or industry organizations that your company is a member of, and check whether a quarterly or annual report is needed. It’s advisable to keep a calendar of reporting deadlines to make sure none are missed.
Step 3: Take stock of policies
All legal compliance policies that you put in place need to be closely adhered to and remain up to date. While evaluating legal compliance, check that your policies are still fit for purpose. Have there been changes in the business or in the industry that need to be reflected in any updated policies? Are your people aware of and working within the policies? These are important questions to frequently ask; an annual review is essential to successfully evaluating legal compliance, supported by regular spot checks.
Step 4: Check your records
Ensure all record keeping within the organization and across all entities is strong, that your compliance teams know what to keep a record of, and that it’s stored safely in an easy-to-access central repository; the quality of records is integral to successful legal compliance evaluation.
Entity management is important, but also aim for entity governance, where compliance teams have enough strategic oversight of the corporate structure to be able to forecast the downstream effects of changes to regulations and laws. Strong entity governance is driven by evaluating legal compliance regularly.
Step 5: It’s not just about laws
It’s essential to also consider non-legal requirements when evaluating your organization’s compliance. Has the company signed up to any industry codes of practice? Are operations following all ethical guidelines? Do you remain compliant with the requirements of any licensing, funding or tenancy agreements? Cast your net wider when taking the steps to evaluate legal compliance and make sure that you’re getting the full picture of your company’s compliance health.
Step 6: Remember your employees
Compliance policies and processes will fail without clearly communicating these requirements to everyone in the organization. Ensure all employees, from Board level downwards, know and understand their responsibilities when it comes to compliance: organize training and education programs, and schedule regular check-ups, to make sure everyone is fully on board.
Step 7: Schedule regular compliance checks
An easily missed step for evaluating legal compliance is the scheduling of regular checks throughout the organization. This goes beyond your employees to also making sure any automated filings are happening as they should, that there are no new deadlines or regulations you need to know about, and that your processes remain current and correct. Make sure you have ready access to real-time data on your entities to get the bigger picture, and be prepared to make necessary changes as a result of the check-up process.
How to ensure you’re fully legally compliant
A business’ state of compliance can be evaluated at two levels:
- Compliance with the external rules imposed upon the business as a whole by Government or industry body regulations, including compliance with laws or ethical standards; and
- Compliance with the internal systems of control imposed by the business to help it achieve compliance with those externally imposed rules.
Robust legal compliance requires easy and quick access to up-to-date, real-time data; measuring using old or incorrect data can actually cause compliance to slip, which can have a long-lasting financial and reputational impact on an entity or larger group of entities.
Technology’s role in legal compliance
Entity management software has emerged as a solution to getting and storing essential data.
The main objective of legal entity management software is to store and maintain all subsidiary-related information to establish a single source of truth for all entity-related information. It allows for the implementation of processes and procedures across all global entities to ensure precision, accuracy and timeliness with your compliance program.
Get in touch with us and schedule a demo to discover how Diligent’s entity management software can support your compliance team in achieving control and visibility of governance, risk and compliance goals, and help you to get clarity on how to evaluate legal compliance.