Share this post
Share on facebook
Share on google
Share on twitter
Share on pinterest
Share on print
Share on email
Unsurprisingly, it is our view that compliance matters. We say this in the context of a business environment characterised by increasing and increasingly complex regulation.
Despite various governments now having ‘deregulation’ Ministers or Departments, the truth is that regulation is increasing. Whether it’s driving home from work in complying with the Road Rules or speaking to a customer at work in complying with the National Energy Retail Rules, much of what we do on a day-to-day basis is regulated.
The purpose of regulation is to codify society’s expectations. Society’s expectations are constantly changing, and so, regulation is constantly trying to catch up. This is evident in industries that are marked by technological advance with regulation constantly lagging technological advances. Despite various shortcomings, regulation -by and large – does its job and does it well.
The consequence of additional regulation and additional complexity in regulation is regulatory burden. Regulatory burden is felt both at an organisational level and at an individual (senior executive and director) level. Personal liability on directors continues to expand, including recently personal liability with unpaid PAYG, meaning that directors can no longer rely on the protection afforded to them by the corporate veil.
A lot of regulatory burden can be lifted with simple rules based automation, but not all. Ask any lawyer who has argued about the meaning of a specific sub-section of an act in the Supreme Court whether all legislation can be codified and be prepared to be laughed at.
Businesses should understand and operate to the expectations of the society in which they operate. A business that is not operating in a compliant manner is typically operating outside of society’s expectations and often with negative consequences for its customers, employees, and wider society.
Compliance is closely linked to ethics. Ethical conduct is typically compliant conduct and unethical conduct is often non-compliant. When making a business decision, rather than starting with your lawyer on a technical question of interpretation, first ask yourself if the outcome would be ethical.
The first step every business should take in seeking to comply is identifying the various applicable obligations and standards. Many businesses have not taken this first step and operate without knowing what they should or indeed must be doing. All businesses should have a regulatory obligation register that sets out all of the key applicable obligations and standards. All businesses should have a process in place to ensure that their regulatory obligation register is up-to-date at all times.
Once your business has an obligation register it needs to consider what steps it will take to ensure compliance. The steps that a business takes to ensure compliance are the controls that it has in place. Controls can take the form of training, regular meetings, updates, systems, and policies and procedures.
Once controls have been mapped to obligations, on an ongoing basis, your business should consider whether those controls are adequate and fit for purpose. This means monitoring non-compliance as you would monitor any other risk. The consequence of non-compliance is obvious and may include fines, negative PR, loss of revenue, and termination of licence.
Of all the businesses that we are involved with, we can predict future non-compliance with close to absolute certainty based on the attitude demonstrated by its directors and senior executives. When we come across a senior executive in a business that has no interest in compliance we can tell that that business is significantly more likely to be found to be non-compliant, to be fined, to lose revenue, or to lose a licence.
In order to ensure compliance, senior executives and directors must have a good understanding of their businesses’ regulatory obligation registers and the function of each control. If, for example, you are a senior executive in an energy retail business you must read the National Energy Retail Rules and the various other regulatory guidelines. Once you have done so, you should then ask your business whether it has adequate controls in place, whether it is monitoring the effectiveness of those controls, and whether your business is operating in the way that society would expect it to.