As an accompaniment to our biweekly series on What Every Multinational Should Know About various international trade, enforcement, and compliance topics, below find an update to our series on compliance checks that every multinational company should consider. Give us two minutes, and we will give you five suggested compliance best practices that will benefit your international regulatory compliance program.
Identifying core compliance policies is essential for establishing a comprehensive and effective compliance program within an organization. A key first step for multinational companies is to consider what compliance policies they consider to be their "core" compliance policies. At most multinational organizations, as a rough rule of thumb, these core policies cover between 18 and 22 areas.
The best compliance is always tailored compliance, which reflects the multinational company's business and risk profiles as well as its internal operation of its compliance program. When coming up with a tailored set of core compliance policies, five items to consider are as follows:
- Start with an Understanding of Typical Core Compliance Areas: Foley has published a list of core and suggested compliance policies, which is a good start for multinational companies looking to benchmark the scope of their own programs.
- Understand Legal and Regulatory Requirements: You should ensure that you have a good understanding of your organization's risk profile and how it is impacted by industry-specific regulation. A good starting point for gaining this understanding is to conduct a thorough review of relevant laws, regulations, industry standards, and contractual obligations that apply to your organization to identify the key compliance areas and requirements that your organization should be addressing. The specific risks and vulnerabilities faced by your organization based on its industry, size, geographic locations, business operations, and regulatory environment inform the types of compliance policies that need emphasis at your organization.
- Review Industry Standards and Best Practices: Multinational companies should prioritize compliance areas based on their importance to the organization's operations, exposure to risk, regulatory scrutiny, and potential impact on stakeholders. One good guide to identifying these risk areas is to research industry-specific standards, best practices, and guidelines for compliance in your business sector. In some cases, industry associations have established recognized frameworks or model policies that can serve as a starting point for establishing core compliance areas and then modifying to tailor them to your organization. You also can consider international standards and best practices for compliance, such as ISO 19600 (Compliance Management Systems) or ISO 37001 (Anti-Bribery Management Systems), as potential starting points.
- Review Existing Policies and Procedures: Particularly for core compliance polices, it is important to have up-to-date and complete policies. You should review existing policies, procedures, and internal controls within the organization to identify gaps, redundancies, or areas for improvement. Determine which policies are outdated, ineffective, or no longer relevant to the organization's operations, or which ones cover core compliance areas only in passing.
- Ensure Your Core Compliance Permeates Your Compliance Structure: A well-functioning compliance system carries the core compliance policies throughout its compliance structure, in a coordinated way. This means that core compliance areas should be covered in the company's ethics statement, within individual compliance policies, and implemented by tailored internal controls. Compliance training, as well, should stress core compliance areas, including coverage of the internal controls that implement the core compliance measures.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.