Compliance is a company’s capability to correspond to norms and rules – both external and internal, as well as to be responsible for business management. And actually do it, not just talk about it. If you don’t control risk zones you will endure not only financial but reputational losses as well. At the same time, you have to understand that even if you decided to completely meet the norms of the law and you’ve taken all necessary steps in this regard, it doesn’t mean that your company is totally protected from compliance risks.

Which types of compliance risks exist?

Compliance risks are potential losses and legal sanctions arising from violation of laws and regulations. There are six main sectors where they can emerge. Furthermore, critical situation in one sector can lead to the responsibility in another one.


Ecology and environment


The activity of any company can lead to ecological risks: environmental pollution, negative impact on fauna. In the majority of cases, it concerns extracting and production enterprises.


In 2013 King Pharmaceuticals LLC, the subsidiary company of Pfizer has paid the fine in the amount of 2,2 million following the EPA (the United States Environmental Protection Agency) charges. The institution found out that the manufacturer of medicines violated the Clean Air Act.  


Health and safety at the workplace


Health and safety at the workplace is a responsibility of any company. Besides observance of the occupational safety rules, it also includes risks of injuries and industrial accidents.


In March 2005 the company BP Products North America, Inc. was charged with $21 million fine by the USA Occupational Safety and Health Administration (OSHA). The investigation was launched after the blast and fire happened at one of the production facilities which resulted in the death of 15 and injury of 170 employees. In 2009, the repeated inspection identified 760 violations (both new and old ones which the company pledged to fix) resulting in another $87 million fine.


Corruption and fraud


As a rule, organizations are responsible for acts of corruption of its employees and agents, as well as for the bribery and fraud cases.


In 2014 BNP Paribas paid a record-breaking fine of $8,9 billion for the violation of the USA sanctions regime. The bank concealed $30 billion worth operations conducted with the participation of residents from Iran, Sudan, and Cuba – states under the USA sanctions.   


Social responsibility


This concept is related to the risk that you commercial activity can harm employees as well as local communities.  


Hugo Boss was obliged to pay £1,2 million fine in 2013 after the 4 years old boy died in course of the accident in one of its shops. A 114 kg mirror felt onto the child and even emergency surgery didn’t save his life.   


Quality


This risk emerges in case of a low-quality product or service production which doesn’t match the expected quality standard or violates laws and rules.


In 2016 the Vietnamese branch of Coca-Cola received a $16 million fine for the manufacturing of substandard quality products. The energy drink Samurai produced by the company had a lower content of folic acid and B9 vitamin than it was indicated on the label.    


Operational activity


This risk means that your operational activities can have a negative impact even if the processes are well-organized and optimized.


Exxon Mobil was charged with $5 billion fine. The shipwreck of the tanker Exxon Valdez near Alaska shores resulted in a massive oil spill when over 11 million gallons (42 million liters) of oil were spilled into the sea having polluted 2’000 km of the coastline. Though, the company managed to decrease the amount of fine down to $500 million.  

How to manage compliance risks?

The key to effective management of these risks is the setting of supervision measures which ensure that this organization observes internal and external requirements on regular basis. It means that the processes in your company should be structured in a way that you can learn immediately about the smallest violation of rules and regulations as well as will be able to prevent them. Effective compliance risks management consists of three crucial stages.  


Risk assessment


Identify areas where your company encounters the majority of risks and establish general criteria of their assessment. It will help to estimate the level of business vulnerability and impact of risks on it. Such approach allows to control the emergence of compliance risks as well as helps to optimize efforts related to its identification.  


Optimization of standards and requirements


Replace complicated and puzzling work-related and regulatory documents with clear and understandable instructions. The sequence of actions should be very clear: what and when should be done, how to report this, etc. It will provide a better understanding of the responsibilities of concerned parties. All key data should be put into ERM in order to make it accessible for searches and timely reporting on all changes and new developments. Such optimization will decrease the burden related to tracking of compliance risks in business processes.


Internal control


Make sure that all employees know which rules they should observe from the political and company’s processes point of view, especially in the identified risk zones. Hold training sessions. You should also supervise the observance of instructions – conduct periodical checks in order to confirm that employees observe the rules. There might be some processes where compliance isn’t observed. Probably, the provided explanations weren’t sufficient or there are some reasons (and opportunities) for employees to consciously violate existing rules. You have to identify and eliminate these issues at the organizational level, as well as shut down opportunities for rules and norms violation.


None of the companies should expect that it will never violate any law or won’t be caught up following such violation. Ignoring these risks is a big mistake. You need to identify and understand your risks and then proactively and responsibly mitigate them through the application of the internal control measures. While corporations can allow themselves pay multi-million dollar fines and continue to run their businesses as they have considerable financial backup and resources for restoration of their reputation, the majority of companies will face big difficulties in overcoming serious violations.