Debnath: What are the key ingredients for an effective compliance function?

Anthony: Today, an effective compliance function is an essential part of an organisation’s ability to build trust with its customers, suppliers, employees and other stakeholders. For a compliance function to be effective, there are several key ingredients it must contain. It must have a designated chief compliance officer (CCO) who has a direct reporting line to the board. The CCO should have a clear mandate to identify, rectify and prevent compliance failures. The compliance function must enjoy sufficient independence from the business to perform its role objectively, including a direct line of communication from staff to the CCO. It must also have the ability to accurately assess the organisation’s risk and design, and implement appropriate controls based on those risks. There must also be written policies and procedures in place that clearly set out what is and what is not acceptable, together with the relevant sanctions. Adequate training must also be provided in order to ensure that key policies and messages are well understood by all staff. Finally, the compliance function must be adequately resourced and made up of a skilled team which is able to perform its role, including training, auditing and monitoring, effectively.

Eastwood: There are many factors that underpin an effective compliance function. First and foremost, the board and the company’s senior management team must understand, respect and support the compliance function. This is a critical foundation block. Compliance personnel must also have relevant experience and qualifications, the staffing and budget, ideally a standalone budget, to carry out their responsibilities effectively. Internal relationships are a crucial ingredient of success. The compliance team should work closely with other functions, such as legal, risk, finance, human resources, procurement, sales, internal control and internal audit, all of whom should recognise and carry out their own responsibilities for delivering effective compliance. The compliance function should also have a direct reporting line to one or more board members and to the audit committee. Compliance reporting to the board and audit committee should be documented. Finally, the compliance function should form relationships of partnership and trust with external counsel who should provide complementary technical expertise, experience, independence and challenge.

Jul-Sep 2019 Issue

Nokia Corporation

FTI Consulting

Mayer Brown