Complying with regulation impacts every business. For some, it’s central to their industry, others are seeking to minimize the time and money they need to spend on compliance and for those expanding internationally, it can be a whole new world.
The key takeaway is that every country has different laws and local regulations. Complying with those tend to be mandatory, although sometimes best practices or industry certifications are voluntary and can enhance the reputation of a business with its customers, employees or peers. The approach to compliance often depends on the size of the business, its focus and its budgets.
The starting point to understand the need to comply overseas is to identify which regulations apply to your business. In the EU, many of the requirements apply throughout the region although sometimes can be interpreted or enforced in different ways in different countries. That leads to a risk-based analysis and consideration as to whether a generic approach can be taken to comply with most of the regulation in most places, or whether the nature of the market you are entering and the type of customer you work with, will require full compliance to be able to legally operate.
Examples of the type of regulation which a global compliance program will often cover include:
- Health & safety - ensuring an appropriately safe and appropriate workplace for your employees and or customers.
- Know your customer - identifying your customer and the source of its funds to ensure you are not inadvertently supporting money-laundering activity.
- Data protection and privacy - ensuring that you are receiving, maintaining and using the personal data of an individual in an appropriate way.
- Product standards - maintaining appropriate product standards and labelling to allow you to distribute your products within your chosen market.
- Consumer protection regulations - complying with local laws to enable you to sell – in person or remotely – your products or services.
- HR and anti-corruption policies - ensuring your workforce or those who represent you behave in an appropriate way when hiring, firing, working alongside colleagues and selling to customers.
- Advertising and marketing - presenting your business in a locally appropriate way through advertising and promoting your product or service.
This is the tip of the iceberg and each industry or sector will apply different laws and regulations. Some of these topics have been covered in greater detail in a previous article in our series. It is clear that local professional support is needed to understand what is mandatory and or customary within the local market.
Once you have identified what is required, then implementation will need to follow. Sometimes this can be through self-certification or through following specific steps to obtain certification / accreditation. What surprises many US businesses is the extent that compliance systems need to be documented. For more complicated compliance areas, external counsel can be hired to help assess the risks faced by the business, institute procedures, write policies and provide training. Ultimately, compliance starts with a number of pro-active tasks but also requires ongoing monitoring and updating to ensure that policies are adhered to, employees understand their obligations and changes to laws or regulation are reflected in the operations and procedures of your business. Most importantly, compliance systems need to be dynamic and flex with the business so that they are practical and actually utilized.
But compliance is not just about the systems and procedures. To really succeed at compliance there is a need to create a culture of compliance. It is significantly easier to maintain an effective compliance system when the culture is right. Unfortunately, things can go wrong – either through lack of engagement or appropriate implementation or by individuals failing to follow or enforce policies which have been designed to comply with laws. It is in these circumstances that there are usually specific rules to follow – often requiring notification to regulators, sometimes communications to employees or customers and in some circumstances legal action (sometimes with criminal sanctions) being taken against offenders or the offices/directors of the business. Usually, self-reporting and co-operation goes a long way to avoid the latter, but delay or attempting to avoid or hide non-compliance can result in drastic consequences. Legal advice is always needed and formal investigations will follow. The first line of defense in Europe is to demonstrate the system you have in place and how it has been implemented. That is why documenting your compliance systems is so important.
As the world becomes smaller but cultures remain distinct and standards of doing business vary from country to country, global compliance programs are vital and much care should be taken to ensure you start early, you take it seriously and you engage.