(by Biagino Costanzo, Company Manager and Aidr partner) Compliance… this unknown!
Many definitions were accompanied at the end. Anyone who has applied it in the operational management of a company, be it small, medium or large, knows that Compliance is one of the very few effective methods to put order to the management model and to both public and private company organization.
Compliance, from a corporate point of view, can be defined as the set of organizational processes that govern all activities in terms of procedures, standards, best practices, legal provisions and codes of conduct.
In recent years, the controls by national and international Authorities on compliance with laws and regulations have increased exponentially and the lack of adherence to correct organizational practices and contractual compliance can expose the company to sanctioning risks, measures of an operational nature (such as for example the stop of the activities) and, last but not least, reputational and image damage towards customers, partners and stakeholders.
The issues with the greatest impact from a procedural and organizational point of view that fall within the operational perimeter of the Compliance function are:
- The Italian Constitution
- Corporate governance
- Legislative Decree 231/01 on the administrative liability of legal persons and associations
- Legislative Decree 81/2008 on safety in the workplace
- Risk management
- Privacy and protection of personal data
- Information security
- Control procedures - Internal and external audits
- National and international certifications - Audit of management systems
- Business continuity management
- Anti-money laundering
- Ethical code (italian)
It is easy to understand that the context in which Compliance operates encompasses corporate ethics, compliance with regulations, risk management, reliability and the success of the company itself.
The transversal nature of the topics dealt with makes the presence of this function essential as a support to corporate operations and necessary for aligning the business with the legislation, defining the perimeter and the methods within which the business - whatever it is - can be successful .
It is essential to consider Compliance as a primary asset as an integral part of the corporate culture and policy: this is possible through the implementation of constant dialogue and an information flow between the various organizational functions.
Furthermore, the presence of a structured and efficient Compliance function is the formal expression of the Management regarding the legality and the objectives to be achieved.
From a practical point of view, to meet compliance needs, it is essential to put in place all the tools that allow you to respect the rules of the game, triggering a sort of virtuosity in adhering to best practices, thus making the company competitive on the market. .
The tools that Compliance uses are, therefore, an in-depth risk analysis, the careful study of the critical issues to implement concrete prevention, the adoption of policies and procedures to address any mitigation actions of the risk itself, the definition of responsibility and timing, staff training and the choice to implement continuous improvement as a daily process.
The macro-risks of non-compliance
The benefit of corporate compliance, or its competitiveness, is not quantitatively obvious. However, the opposite can certainly be said: when non-compliance occurs, the consequences are disastrous.
Just in these days, from 27 to 30 November the World Protection Forum ™ (WPF) was held at the Ariston theater in Sanremo, the first, authoritative, qualified permanent forum dedicated to the protection of the human being in all its aspects and which has seen the prestigious participation of experienced guests of national and international level. From the idea of the founders of the first Risk-Rating Agency in the world, the World Protection Forum ™ (WPF) aims to deepen the "science of risk" and to disseminate on a global scale the discoveries in the field of Risk Protection for People, Companies and Organizations.
It is good to analyze some of the macro-risks that an organization is exposed to when it chooses to be disinterested in Compliance.
Sanctioning risks
The sanctions for non-compliance due to non-compliance can take on an administrative or criminal nature: the Legislative Decree 231/01 introduced in the legal system a form of administrative liability (which, attention, is in fact criminal) against companies and associations with legal personality, for illegal activities deriving from crimes committed by natural persons operating in the name and on behalf of these
In this case, it is foreseeable that the organizations will be called to answer on individual and collective behaviors that have constituted illegality.
The chronicle presents bulletins, now daily, of small, medium and large companies that have chosen the illicit as a cultural foundation and the consequent damages have concerned, not only the companies directly involved but, unfortunately in the worst cases, also the users or collaborators of the same.
There are innumerable cases in which non-compliance linked to safety in the workplace has created inestimable damage for workers and families.
The uncomfortable reality of undeclared work, in which speaking of non-compliant is an euphemism, takes us directly to the next level, that is the "no-contract" that betrays the first and most profound of the issues pertaining to Compliance: the Italian Constitution .
More recent, but no less important, are the risks associated with data processing.
The right to the protection of personal data, combined with other fundamental ones - first of all, in fact, transparency - has a significant impact in organizational and also IT terms: the growing process of corporate digitalization is not negligible in terms of regulatory compliance in the field of privacy, data and information security.
The GDPR clearly establishes the rules and penalties for non-compliance with these can be of an economic nature (and reach up to 20 million euros or up to 4% of the total annual turnover) or, in some cases, provide for the imprisonment of managers (such as happens, for example, with the fraudulent acquisition of personal data subject to large-scale processing). Therefore, in this historical moment it assumes particular importance and deserves special attention.
Operational-strategic risks
A non-compliance condition can affect a company's core business and operations.
The need to constantly adapt to the requirements of the law regarding functional efficiency and production methods represents an economic and organizational effort that is certainly important for the highest levels of organizations, but the downside can involve the closure or the suspension of specific activities and / or business lines.
The lack of internal controls can also be considered lethal from a strategic point of view, undermining the possibility, for example, of implementing corporate growth, sale or acquisition operations in an irreversible manner.
Economic risks
We have already mentioned the economic damage deriving from sanctioning actions by the authorities and from the choice not to regulate one's business.
To these, we must add the exorbitant cost of implementing the corrective actions necessary to comply with non-conformities found by third parties: in this case, very often, we find ourselves having to bear significant amounts and timing.
This last element is easily controlled by choosing continuous improvement as a company philosophy.
Following the emergency due to Covid-19, from a first estimate of the current impact of the coronavirus with respect to the trademark value set on January 1, 2020, it emerges that the 500 main brands in the world could even lose up to 1 trillion euros , that is a billion billion, of value originating from image and reputation (source Markup). From the new ranking of the 100 main European brands, sorted by value originating from image and reputation, it emerges that the overall negative impact on the trademark value was only 13%, while the same brands have lost about 25% of business value .
Reputational risks
The most correct definition of corporate reputation is strictly connected to the expectations, perceptions and opinions with respect to the actions of an organization that determine its general attractiveness in the eyes of its interlocutors (employees, customers, suppliers, investors, etc.).
Reputation is to be considered the most important intangible asset for the organization: it is intrinsically the guardian of the company's history and it is the impassive judge of the choices and management approach to the market. Precisely for this reason it must be protected.
Compliance plays a decisive role in consolidating the corporate image and in ensuring the transparency and credibility necessary to increase its competitiveness in the medium-long term.
When a company is certified, for example, it presents itself on the market with a better image.
The effectiveness of the compliance structure gives a quantitative estimate of a company's seriousness and competence and builds its value. Compliance also means social responsibility.
From a research "The State of Corporate Reputation in 2020: Everything Matters Now", conducted by Weber Shandwick, a communication and marketing agency, in partnership with KRC Research, it emerges that on average, managers around the world attribute 63% of the market value of the company to reputation. The survey, conducted online by Weber Shandwick, was aimed at 2.227 executives from around the world and from large companies by revenue, operating in 22 different markets. In addition to reputation, the research also considered culture, employee activism, crises and risks.
A direct proportionality between the respect of the rules, the reliability and the success of an organization is thus evident. Compliance is deeply correlated with company performance, be it financial, strategic and today also digital.
In fact, the increasingly pressing, just and necessary request for a massive spread of digital technology throughout the country and in all work activities, which has increased with the current health emergency (from smart working, to DAD, to webinars, to conference calls), leads with it the ability to protect the quality of services and consequently avoid that the digital can also become a vast prairie of hackers, of haters who instrumentally flood systems with cyber garbage, with the consequent decline in reputation. Not to mention the many cyber attacks, which endanger the system itself as a whole, with the relative risks of damage to public and private infrastructures, theft of industrial secrets, sensitive data or simply, but no less serious, privacy. of each.
Choosing to adhere to the law always and in any case drastically reduces operational, reputational and therefore economic risks and is essential for the development and growth of a company or organization.
So Compliance is "THE" method. On the other hand, the term derives from the ancient Greek and precisely from the union of the words "meta" (in the direction of, in search of ...) and "òdos" (way, road). Adopting a method, therefore, means choosing a path and following it.
The metaphor is clear, powerful and very current, on the map of everyday problems we are all looking for a path that leads us to solutions. Everyone has their own method but the real challenge is being able to choose a healthy, valid and safe one.