Danuta Pajewska: A well-functioning compliance division lets management sleep easier | In Principle

Danuta Pajewska: The “compliance” concept arose in the United States in the 1990s following a wave of corporate scandals. The US Supreme Court held that every firm should comply with certain standards to protect its directors and officers from liability. It is crucial that the rules be consistent at all levels of the corporate structure, vertically and horizontally. Everyone in the company must know what they are supposed to do and know their own scope of responsibility and authority. Corporate boards must organise supervision over all processes within the firm in such a way that they can be monitored and managed. It is also necessary to have certain mechanisms in place for reviewing procedures and identifying and eliminating risks. It is important to teach people that procedures are not just a whim from the higher-ups, but a method for achieving understanding and cooperation within a company. The purpose of compliance procedures is to eliminate the consequences of instances in which both the external law and the internal rules are vague or unclear in practice.

The compliance concept spread beyond the US with the creation of companies with numerous offices, subsidiaries and entire capital groups. Procedures became necessary in order for companies to function in a uniform way.

In Poland, compliance principles have entered the law. The Polish Banking Law and regulations governing brokerages and investment funds require that a financial institution have a risk management system in place, as well as a “compliance officer”—a kind of internal policeman who checks whether all rules are being observed. This person is also responsible for adapting procedures to suit new laws. Compliance divisions are not limited just to companies in highly regulated fields. We know from practice that compliance specialists are also hired in production companies and in the pharmaceutical and food industries. Anywhere that there is a risk of liability or violation of certain norms, compliance issues will be particularly relevant. It is important to make sure that everything is in order within the company and that there are people responsible for executing and monitoring compliance. A well-functioning compliance division lets management sleep easier.

A lack of rules may create serious risks for a company. Legal compliance programmes help companies avoid a whole series of risks, from poor reputation, through a declining share price, to fines, invalidation of contracts, withdrawal of operating licences, and even insolvency.

It is crucial for internal rules and procedures to bind the company with standards that function vertically and horizontally, to insure information exchange and cooperation between units operating at the same level, even though vertically they answer to different people. We have seen how a lack of such procedures exposed a bank to liability to customers. Debt securities were issued in unit A and sold to investors in unit B. Later unit A learned that one of the issuers was threatened with insolvency, but it failed to share this information with unit B, which continued to sell the securities. The result was liability claims. The cause was improper flow of information.

In financial institutions this is defined by specific regulations. For example, it is very important for the compliance officer to be positioned correctly within the corporate hierarchy. The compliance officer should not be subordinated to too many people, who may pressure the officer to overlook certain areas of the company’s operations.

It is also important for companies to review their own regulations from time to time. Our law firm has experience in such projects. It may turn out during the course of such reviews, for example, that certain areas of the company’s operations are not covered by the regulations at all, and procedures do not govern all aspects of the business. We have also seen from our experience that even when employees know how they are supposed to act in practice, if there is no relevant provision laid out in the company rules, then in the event of any irregularities the employees will claim that they were never told in writing that they were supposed to act in a certain way. This also means that there will not be proper grounds to charge the employee with violation of specific rules and obligations, which is key from the point of view of holding employees accountable.

In one company the management board hired us to examine whether staff and managers running specific divisions are aware of the risk of criminal activity in their divisions, or whether they think about these issues at all. We began the study by selecting the offences that might be relevant to the particular type of operations, and then we raised these issues in interviews with the staff. We were concerned that employees would not want to talk frankly with us because they might suffer repercussions if any shortcomings were exposed. But in fact their awareness and willingness to talk were huge. The staff perceived areas of risk, and during the review they saw the benefits of developing the right preventive measures.

Of course, even the most effective compliance division cannot guarantee that there will never be any violations. The fact that we have criminal laws on the books is not enough to stop people from killing or stealing.