In general, compliance
means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance
describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and regulations.
Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls. This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources.
The International Organisation for Standardisation (ISO) produces international standards such as ISO17799. The International Electrotechnical Commission
The International Electrotechnical Commission is a non-profit, non-governmental international standards organization that prepares and publishes International Standards for all electrical, electronic and related technologies – collectively known as "electrotechnology"...
(IEC) produces international standards in the electrotechnology area.
Compliance in the USA
Corporate scandals and breakdowns such as the Enron
Enron Corporation was an American energy, commodities, and services company based in Houston, Texas. Before its bankruptcy on December 2, 2001, Enron employed approximately 22,000 staff and was one of the world's leading electricity, natural gas, communications, and pulp and paper companies, with...
case of reputational risk
Reputational risk, often called reputation risk, is a type of risk related to the trustworthiness of business. Damage to a firm's reputation can result in lost revenue or destruction of shareholder value, even if the company is not found guilty of a crime...
in 2001 have highlighted the need for stronger compliance and regulations for publicly listed companies. The most significant regulation in this context is the Sarbanes-Oxley Act
The Sarbanes–Oxley Act of 2002 , also known as the 'Public Company Accounting Reform and Investor Protection Act' and 'Corporate and Auditing Accountability and Responsibility Act' and commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002, which...
developed by two U.S. congressmen, Senator Paul Sarbanes
Paul Spyros Sarbanes , a Democrat, is a former United States Senator who represented the state of Maryland. Sarbanes was the longest-serving senator in Maryland history, having served from 1977 until 2007. He did not seek re-election in 2006, when he was succeeded by fellow Democrat Ben Cardin...
and Representative Michael Oxley in 2002 which defined significant tighter personal responsibility of corporate top management for the accuracy of reported financial statements.
Compliance in the USA generally means compliance with laws and regulations. These laws can have criminal or civil penalties or can be regulations. The definition of what constitutes an effective compliance plan has been elusive. Most authors, however, continue to cite the guidance provided by the United States Sentencing Commission
The United States Sentencing Commission is an independent agency of the judicial branch of the federal government of the United States. It is responsible for articulating the sentencing guidelines for the United States federal courts...
in Chapter 8 of the Federal Sentencing Guidelines.
On October 12, 2006, the U.S. Small Business Administration
The Small Business Administration is a United States government agency that provides support to entrepreneurs and small businesses. The mission of the Small Business Administration is "to maintain and strengthen the nation's economy by enabling the establishment and viability of small businesses...
Business.gov is sponsored by the U.S. Small Business Administration to provide small business owners with access to federal, state and local government resources from a single access point. The site provides innovative information services that save time and money, engage citizens to participate,...
which provides a single point of access to government services and information that help businesses comply with government regulations.
There are a number of other regulations such as PCI-DSS, GLBA, FISMA, Joint Commission and HIPAA. In some cases other compliance frameworks (such as COBIT
COBIT is a framework created by ISACA for information technology management and IT Governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.-Overview:...
) or standards (NIST) inform on how to comply with the regulations.
Compliance in Australia
Standards Australia was established in 1922 and is recognised through a Memorandum of Understanding with the Australian government as the peak non-government standards development body in Australia. It is a company limited by guarantee, with 72 members representing groups interested in the...
revised the standard titled "AS 3806 - Compliance Programs". While many aspects of the original standard produced in 1998 standard appear in the 2006 version there are additional principles covered. The regulators in Australia
Australia , officially the Commonwealth of Australia, is a country in the Southern Hemisphere comprising the mainland of the Australian continent, the island of Tasmania, and numerous smaller islands in the Indian and Pacific Oceans. It is the world's sixth-largest country by total area...
continue to endorse and encourage (by regulation) the use of the standard when establishing a compliance framework.
The regulators are the Australian Securities and Investment Commission and the Australian Prudential Regulation Authority
The Australian Prudential Regulation Authority is a statutory authority and the prudential regulator of the Australian financial services industry.-Regulatory scope:...
Compliance demands in the superannuation industry continue to increase due to the new licensing regime implemented by APRA. The new licensing regime requires trustees of superannuation funds to demonstrate to APRA that they have adequate resources (human, technology and financial), risk management systems and appropriate skills and expertise to manage the superannuation fund. The licensing regime has lifted the bar for superannuation trustees with a significant number of small to medium size superannuation funds exiting the Industry due to the increasing risk and compliance demands.
Compliance in the UK
There is considerable regulation in the UK, some of which is from EU legislation. Various areas are policed by different bodies, such as the FSA (Financial Services Authority
The Financial Services Authority is a quasi-judicial body responsible for the regulation of the financial services industry in the United Kingdom. Its board is appointed by the Treasury and the organisation is structured as a company limited by guarantee and owned by the UK government. Its main...
), Environment Agency
The Environment Agency is a British non-departmental public body of the Department for Environment, Food and Rural Affairs and an Assembly Government Sponsored Body of the Welsh Assembly Government that serves England and Wales.-Purpose:...
and Scottish Environment Protection Agency
The Scottish Environment Protection Agency is Scotland’s environmental regulator. Its main role is to protect and improve Scotland's environment...
, Information Commissioner's Office and others.
Important compliance issues for all organisations large and small include the Data Protection Act 1998 and, for the public sector, Freedom of Information Act 2000
The Freedom of Information Act 2000 is an Act of Parliament of the Parliament of the United Kingdom that creates a public "right of access" to information held by public authorities. It is the implementation of freedom of information legislation in the United Kingdom on a national level...
Combined Code issued by the London Stock Exchange
The London Stock Exchange is a stock exchange located in the City of London within the United Kingdom. , the Exchange had a market capitalisation of US$3.7495 trillion, making it the fourth-largest stock exchange in the world by this measurement...
(LSE) is the Sarbanes-Oxley equivalent in the UK.
Definitions Related to Compliance
is defined as all data belonging or pertaining to enterprise or included in the law, which can be used for the purpose of implementing or validating compliance. It is the set of all data that is relevant to a governance officer or to a court of law for the purposes of validating consistency, completeness, or compliance
- Business Motivation Model
The Business Motivation Model in enterprise architecture provides a scheme and structure for developing, communicating, and managing business plans in an organized manner...
. A standard for recording governance and compliance activities
- Call Report
All regulated financial institutions in the United States are required to file periodic financial and other information with their respective regulators and other parties. For banks in the U.S., one of the key reports required to be filed is the quarterly Report of Condition and Income, generally...
- Chief compliance officer
The chief compliance officer of a company is the officer primarily responsible for overseeing and managing compliance issues within an organization...
- Compliance and ethics program
There has been a long history of business and government excesses and subsequent legal, public and political reaction. Response to criminal misconduct has resulted in legal sanctions, governance practices, compliance standards and cultural transformation...
- Health Care Compliance Association
The Health Care Compliance Association is a nonprofit, individual membership association which provides resources for ethics and compliance professionals in the United States. It serves over 7,200 members through publications, education programs, conferences and professional networking including...
- Law enforcement agency
In North American English, a law enforcement agency is a government agency responsible for the enforcement of the laws.Outside North America, such organizations are called police services. In North America, some of these services are called police while others have other names In North American...
- Law enforcement templates by country or region
- Society of Corporate Compliance and Ethics
The Society of Corporate Compliance and Ethics is a nonprofit, individual membership association which provides resources for ethics and compliance professionals from various industries...
- Business.gov, Official U.S. Government Portal for Complying with Regulations.
- RCA, RCA is a nonprofit-organization that provides firms with an all inclusive resource to effectively manage the escalating Operational Risk Management and Compliance environment.
- Society of Corporate Compliance and Ethics (SCCE)
- Health Care Compliance Association (HCCA)
- Open Compliance & Ethics Group (OCEG), OCEG is a nonprofit organization that provides numerous resources for corporate governance, risk management, compliance and business ethics.
- European Project COMPAS, European Project COMPAS - Compliance-driven Models, Languages, and Architectures for Services; funded by the EU 7th Framework Programme Information and Communication Technologies Objective.
- Microsoft Resources, Microsoft resources for corporate governance, risk management, compliance.