Governance and Compliance Risk – Governance, Risk Management, Compliances and Ethics Important Questions
Question 1.
“A corporate compliance program is a formal program specifying an organization’s policies, procedures and actions within a process to help prevent and detect violations of laws and regulations”. In this context discuss the essential of an effective compliance program.
Answer:
Following are the elements of an Effective Compliance Program:
1. High level company personnel who exercise effective oversight : The governing body should have the overall responsibility for the compliance program and shall ensure the effectiveness of it. It should be knowledgeable about the effective compliance program A Compliance Officer shall be designated by the organization’s governing body, who shall periodically report to the higher level management/governing body. The Compliance Officer should be given adequate resources with appropriate authority and direct access to the governing body.
2. Written policies and procedures : The employees of the organization should be made known the legal requirements so that employees understand their obligations. The employees should be encouraged to report suspected fraud and other irregularities without fear.
3. Training and education : The employees of the organization should be provided reasonable training to understand the organization’s compliance programme and its policies and process.
4. Lines of communication : Information about the compliance program must be widely communicated at all levels of an organization.
5. Standards enforced through well-publicized disciplinary guidelines : The organization’s compliance and ethics program should be promoted and enforced consistently through well-publicized guidelines that provide, incentives to support the compliance and ethics program, disciplinary measures.
6. Internal compliance monitoring : The organization shall take reason-able steps, including monitoring and auditing, to, ensure that the organization’s compliance and ethics program is followed, periodically evaluate the effectiveness of the organization’s compliance program.
7. Response to detected offenses and corrective action plans : After monitoring and auditing of the compliance program, the organization shall take reasonable steps to, respond appropriately to any violations of the law or policies to prevent future misconduct, modify and improve the organization’s compliance and ethics program.
Question 2.
You have been appointed as Company Secretary of a newly incorporated public limited company, which is engaged in providing logistic services across India. The company has come out with a public issue and its shares are listed at BSE and NSE. How would you implement a Corporate Compliance Management culture in the company?
Answer:
Being a Company Secretary Le. ‘Compliance Manager/Officer’ of the company, I would ensure that the company is in total compliance with all regulatory provisions. I would ensure that all statutory and non-statutory disclosures are made to shareholders and other stakeholders in true letter and spirit. I would draft a Corporate Compliance Management Policy and put up before the board of directors for their approval and implementation. The policy would contain following aspects :
Background and business strategy of the company: This will include the brief background of the company, area of operation, competition prevailing from the peer companies and SWOT analysis of the company, marketing strategies to be adopted, use of technology in providing better services to the customers.
Identification of applicable laws: This will include identifying the applicable laws, application of control measures to mitigate the risk, generation of reports for identifying the non-compliances, reminder before the due date for compliances and having internal control on compliances.
Individual responsibilities on compliances to be clearly defined: Responsibility with respect to compliances would be clearly defined in the compliance management program, which will enable the compliance officer to co-ordinate with the respective officials in respect of deviations if any.
Evaluation : Compliance management system would have a proper evaluation methodology through questionnaires for departmental heads etc. at regular intervals.
Bridging the gap between compliance in letter and compliance in letter and spirit: The compliance management system would be made in such a manner that the compliance is made in letter and spirit.
Updation : Updation of compliance management program is very essential as and when there is any change in any of the applicable law.
Question 3.
A successful compliance-risk management program which is an essential for sound and vibrant operational system contains certain elements. Point out such elements.
Answer:
The compliance framework needs to be comprehensive, dynamic, and customizable, allowing the organization to identify and assess the categories of compliance risk to which it may be exposed.
Elements of compliance-risk management program – A successful compliance-risk management program which is an essential component for sound and vibrant operational system contains the following elements:
| Elements | Meaning |
| Active board and senior management oversight | An effective board and senior management oversight is the cornerstone of an effective compliance risk management process. |
| Effective policies and procedures | Compliance risk management policies and procedures should be clearly defined and consistent with the nature and complexity of an institution’s activities. |
| Compliance risk analysis and comprehensive controls | Organizations should use appropriate tools in compliance risk analysis like self-assessment, risk maps, process flows, key indicators and audit reports; which enables in establishing an effective system of internal controls. |
| Effective compliance monitoring and reporting | Organizations should ensure that they have adequate management information systems that provide management with timely reports on compliances like training, effective complaint system and certifications. |
| Testing | Independent testing should be conducted to verify that compliance risk mitigation activities are in place and functioning as intended throughout the organization. |
Question 4.
“Corporate Compliance Management should broadly include compliance of various laws”. In view of this, what are the Commercial Laws and Fiscal Laws, which should be complied with by every organization?
Answer:
With reference to Corporate Compliance Management, the following Commercial Laws should be complied by an organization:
- Indian Contract Act, 1872
- Transfer of Property Act, 1882
- Arbitration and Conciliation Act, 1996
- Negotiable Instruments Act, 1881
- Sale of Goods Act, 1930
Following Fiscal Laws should be complied with by an organization :
- Income-tax Act, 1961
- Central Excise Act, 1944
- Customs Act, 1962
- GST Act. 2017
Question 5.
“Compliance Management plays the significant role to comply with a steady stream of complex regulations”. What can be added to the significance of the Corporate Compliance Management?
Answer:
As the organizations face mounting pressures that are driving them towards a structured approach to enterprise wise compliance management, the key drivers of compliance management encompass, the complexity of today’s business, dependency on IT and hi-tech processes, growth in business partner relationships.
Increased liability and regulatory oversight has amplified risk to a point where it demands continuous evaluation, of compliance management systems. Furthermore, the multiplication of compliance requirements that organizations face increases the risk of non-compliance, which may have potential civil and criminal penalties. The following may add to the significance of the corporate compliance management:
- Image building of a responsible corporate citizen.
- Stake holders can trust in the working of the corporate.
- Prevent improper conduct in the organization.
- It keeps things running smoothly and minimizes risks.
- It helps the company in maintaining a good reputation.
- Real time status of legal/statutory compliances.
- Prevent unintended non-compliances/prosecutions.
- Higher Productivity in the Company.
- Building Positive Reputation.
- It enhances credibility/creditworthiness being a law abiding company.
Question 5(A).
Compliance Management is the most important part of any business. Highlight the risk of non-compliances.
Answer:
Following are the risk of non-compliance:
1. Penalties and Fines: Penalties include financial fines, limitations on activities, additional barriers to approval and even imprisonment.
2. Criminal Charges: Criminal charges are a potential consequence for certain regulatory non-compliance. Criminal Liability may arise for Misstat ements in Prospectus, Search and Seizure under section 209(3) of Corripanies Act, 2013 may be done. Investigation may be made into affairs company by Serious Fraud Investigation Office.
3. Reputational Damage: A business’ public image is a key to its success. When a company is thrust into the public eye for failing to comply with regulations, there are reputational repercussions, which eventually lead distrust, loyal customers may leave, new customers may be put off – and potentially beneficial partnerships may never develop.
4. Access to Markets and Product Delays: Businesses are required to meet u host of regulations if they wish to do business with government. Companies that place value on corporate compliance may avoid doing business with companies which are non compliant as they would want to ensure that they meet their own regulatory obligations. Non compliances may also result into financially damaging events like having products/services blocked at the border, forced to issue a recall or forced to destroy merchandise due to compliance issues etc.
5. Roadblock in Funding: The pre-requisite of any funding exercise either from bunks or venture capitalists is the status of tax and regulatory compliances. A company cannot get funded, even in the seed investment level, whose compliances are not up to date.
Question 6.
Why Shann Turnbull, an Australian expert in corporate governance recommended ‘Corporate Senate’?
Answer:
The Aust ralian Government has undertaken a set of reforms to improve Corporate Governance and disclosure norms of financial information and to update accounting rules.
Shann Turnbull, a very well-known Australian expert in corporate governance recommended that there should be a ‘Dual Boat ‘d Structure along with a ‘Corporate Senate’ to oversee the regular board, functioning (senate means a council).
The Corporate Senate was recommended to determine accounting policies, direct audit activities, arbitrate on board conflicts, advice AGM on director’s benefits. The senate would also nominate directors on the Board and would act as trustees for any Employees Stock Option Scheme (ESOP).
The Corporate Senate would comprise of maximum of 3 (three) members who would be elected on the basis of ‘One Vote per Shareholder’ instead of ‘One Vote per Share’ principle. The corporate senate would have no proactive power of any kind. However, it would have the ‘veto’ power over any activity in which the board has a conflict of interests, and even that can be overridden by a vote of 7596 of the shares.
Question 7.
Write a short note on the following; compliance risk?
Answer:
“Compliance risk” is exposure to legal penalties, financial for feature and material loss an organization faces when it fails to act in accordance with industry laws and regulations, internal policies or prescribed best practices.
Compliance risk is the threat posed to a company’s earnings or capital as a, result of violation or non conformance with laws, regulations, or prescribed practices. Compliance risk is also known as integrity risk.
The Basel Committee on Banking Supervision in its paper on ‘ Compliance and the compliance function in banks’ defined the compliance risk as:
“The risk of legal or regulatory sanctions, material financk d loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organisation standards, and codes of conduct applicable to its banking activities.”
This risk is closely interconnected with:
- Operational risk
- Legal risk
- Reputation risk
Question 8.
What is compliance risk management?
Answer:
Compliance risk management is the process of managing corporate compliance to meet regulations within a workable time frame and budget. Compliance Risk management is part of the collective governance, risk management and compliance discipline.
The traditional and narrow outlook that compliance is limited to statutory filings, required to run a business, has widened considerably. Compliance practices are now a cross-functional responsibility.
As compliance risk continues to be a focal point for regulators, compliance officers are encouraged to take steps to ensure that compliance risk is adequately managed. Best practices for compliance management ensure that compliance risk is adequately managed.
Question 9.
What are the steps in compliance risk management?
Answer:
Following steps should be followed for risk management compliance:
- Understand compliance obligations
- Assess risks
- Address all compliance risks
- Evaluate performance
Question 10.
The success of any compliance management and monitoring programme depends on the existence, functioning and integration of these lines of defence in the performance of their duties. Explain the three lines of defence.
Answer:
Following are the defences:
| Defences | Comprises of |
| Management | 1. Assists in setting and executing strategies.
2. Provides direction, guidance and oversight. 3. Promotes a strong risk culture & sustainable risk return thinking. 5. Ongoing monitoring and management of risks. |
| Risk Management, Legal & Compliance | 1. Formal, robust and effective risk management with in which the organisation’s policies and minimum standards are set.
2. Objective oversight and the ongoing challenge of risk mitigation, management and performance while reporting is achieved across the business units. 3. Overarching risk oversight across all risk types. 4. Compile and maintain a legislative universe for the organisation. 5. Facilitate the risk prioritisation of all pieces of legislation in the regulatory universe. 6. Initiate new legislative requirements within the organisation. 7. Analyse and send out alerts on the new law to inform the organisation of the new requirements. 8. Facilitate an executive review of the legislation by Legal analysts. 9. Facilitate the completion of the Compliance Risk Management Plan(“CRMP”) 10. Update compliance monitoring plans on the CRMP. 11. Escalate compliance matters to management. 12. Undertake quarterly compliance reporting. |
| Internal Audit & other Independent Assurance Providers. | 1. Independent and objective assurance of overall adequacy and effectiveness of governance, risk management and internal controls within the organisation.
2. Ability to link business risks with established processes and provide assurance on the effectiveness of mitigation plans to effectively manage organisational risks. |
Question 11.
“Governance, risk management, and compliance are three related facets that aim to assure an organization reliably achieves objectives, addresses uncertainty and acts with integrity” Explain the statement.
Answer:
Many companies take an integrated approach to these three areas, referring to them collectively as Governance, Risk Management and Compliance (GRC).
Governance:
Governance is the combination of processes established and executed by the directors or the board of directors that are reflected in the organization’s structure and how it is managed and led toward achieving goals.
Governance describes the overall management approach through which senior executives direct and control the entire organization, using a combination of management information and hierarchical management control structures.
Risk management:
Risk management is the set of processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization’s business objectives. The response to risks typically depends on their perceived gravity, and involves controlling, avoiding, accepting or transferring them to a third party, whereas organizations routinely manage a wide range of risks.
For example: technological risks, commercial/financial risks, information security risks etc.
Compliance:
Compliance refers to adhering with the mandated boundaries (laws and regulations) and voluntary boundaries (company’s policies, procedures, etc.). Compliance means conforming with stated requirements. At an organizational level, it is achieved through management processes which identify the applicable requirements (defined for example in laws, regulations, contracts, strategies and policies), assess the state of compliance, assess the risks and potential costs of non-compliance against the projected expenses to achieve compliance, and hence prioritize, fund and initiate any corrective actions deemed necessary.