Compliance: what is it? Definition, description

2024 Author: Howard Calhoun | [email protected]. Last modified: 2023-12-17 10:16

In the difficult conditions of the Western sanctions policy against our country, compliance control is becoming one of the important tools in the banking sector management system. What is Compliance? What do foreign business partners pay attention to when talking about compliance procedures in Russian companies? And what benefits do they provide? Let's try to figure it out.

History of Appearance

It all started with Russia's accession to the WTO (World Trade Organization). There have been many changes not visible to the naked eye. For example, domestic companies and organizations began to be subject to international standards for the implementation of standards to combat money laundering, corruption, the financing of terrorist organizations and other areas of the compliance system (what compliance is, will be discussed below).

What is compliance?

This is the observance by commercial organizations of laws, standards and regulations in force in the territory of the country aimed atprevention of corruption. In other words, compliance is the compliance of the activities of any organization with a set of codes and rules that are provided for by the regulators of the relevant sector of the economy. Today, the presence of a compliance control system in an organization is a necessity when doing business to prevent risks (in particular, raider takeovers) and protect the company's reputation. That is, it is a kind of foundation on which the control system of any organization is built, and one of the most important parts of management.

Modern realities are such that non-compliance with compliance rules leads to loss of business. However, adjusting this system to the internal routine and rules is actually extremely difficult.

What is the point?

Any modern organization assumes in the course of its activities several types of control over technical, human and administrative resources in order to comply with regulations and requirements. They are formed during the creation of the enterprise by drawing up statutory documents and developing principles for managing organizations. But as business processes become more complex and the enterprise matures, it becomes more and more difficult to comply with established norms and rules.

The growth of technological processes, the expansion of the product range and the introduction of new ones, the increase in efficiency, the expansion of staff require a complex management system.

Why comply with compliance

On the one hand, you can show good results, but on the other hand, fail the testregulatory authorities and receive serious pen alties and other troubles. This is the so-called regulatory risk, which leads to a loss of market share, a decrease in demand, sales volumes, etc. Parallel to this, legal risks also appear. For example, in the event of a decrease in the indicators of financial activity, the borrower may apply with a requirement to repay the debt ahead of schedule.

It turns out that the rules and regulations that originally appeared in the organization must be observed. And we also need a person who is responsible for ensuring that, before the start of their application, a technology is introduced for the emerging new norm or rule, which makes it possible to continue business development, but already in compliance with the introduced norms and requirements. In foreign countries, this function is performed by a special compliance manager.

Requirements for system documents

Any new order or regulation must go through a series of steps before implementation. This is:

• Appearance (project development).
• Approval (signing of the drafted document).
• Entry into force.
• Transformation (planned or sudden change of parameters).
• Cancellation of a document (with a new one or for another reason).

To form new activities of the organization by analogy with the existing ones is the task of the manager responsible for compliance (translated from English - compliance, compliance, consent). And this means that this employee must have a large set of skills, abilities and knowledge, participate in the creation of a documentary base and supervise personnel training issues. He alsocan justify additional budgetary expenses for the implementation of a new administrative document, if necessary.

Definition of compliance for the banking sector

In this industry, the concept of "compliance" involves the provision of information to the parent organization - the Bank of Russia, and within a strictly specified time frame. As well as the exclusion of the involvement of financial and credit organizations and their employees in any type of illegal activity.

What is compliance control in banks? It is a set of specially defined functions, which are divided into mandatory and optional. The former include legislative norms, non-compliance with which leads to a loss of reputation and almost always to pen alties. The second includes the orders of the organization's management and functions, the execution of which is associated with the expectations of business partners.

Given the described features, the compliance system in the bank should be managed by the security service. But in reality, this system is almost always multi-level, so most of its functions are distributed among structural divisions.

Introduction features

Compliance control in Russian banks is regulated by Regulations of the Bank of Russia No. 242-P, No. 06-29/PZ-N and a number of other documents.

They indicate that each employee of the credit institution should be involved in the performance of the functions of this system within their job descriptions andcompetencies. A dedicated employee is responsible for the implementation of the system.

Building a system has the following goals:

• Anti-Fraud and Corruption.
• Identification of risks associated with non-compliance with external (internal) standards (these are compliance risks).
• Compliance with international standards and Russian legislation.
• Responding to customer complaints.
• Compliance with information security principles.

To implement the described functions in banking organizations, personal information systems and platforms should be used to make it possible to systematize the process of monitoring and subsequent analysis.

The task of automating compliance control in banks (which is described above) is currently a priority for most banks. In addition, this system requires a clear organization of the company's activities - potential problems must be identified and resolved in real time and as soon as possible.

Principles of the banking system of compliance control

The person responsible for the implementation of the system in the bank (manager), attracts employees and organizes work to comply with external rules and requirements, internal and to identify compliance risk (this is a priority task in compliance control).

The basic principles of the system are as follows:

• The compliance policy implemented by the bank must be approved by the board of directors, which, in turn, at certain intervalsevaluates its effectiveness.
• The organization must allocate the required amount of resources to the system.
• The manager responsible for the operation of the system is obliged to organize training for the personnel involved in compliance (what compliance is, was described above).
• The person responsible for the implementation and operation of the system must have a high status in the company (for example, report directly to the head or be a member of the executive bodies).
• Some of the tasks of compliance control can be performed through outsourcing (in this case, the control is carried out by the responsible manager or head of the banking organization).

Implementation of system functions sometimes meets resistance within the bank. Most often, this occurs, for example, due to a decision to cut off one or more untrustworthy partners or clients, which at first glance contradicts the financial interests of the banking organization.

But at the same time, the work of compliance (translated from English, as mentioned above - compliance, compliance, consent) is aimed at protecting the bank's reputation, and therefore, at its financial success. In addition, the introduction of this system simplifies interaction with partners from abroad, since the main point among their requirements is the existence of a compliance policy, a recognized norm in almost all countries.

Compliance System Policy

Almost every banking organization develops it. It consists of the following. This is the policy:

• Corporate Conduct (that is, a general document designed to regulate the behavioral standards and job responsibilities of employees).
• Combating Corruption and Terrorist Financing (a document designed to prevent the penetration of funds acquired or earned dishonestly and the financing of terrorism).
• Aimed at resolving conflicts of interest (documents that set behavioral standards in case of conflicts of interest.
• Interactions with regulators and supervisory authorities (minimizes possible complications and ensures effective and complete interaction).
• Control transactions and purchases of securities.
• Receive customer complaints and take action.
• Data confidentiality and non-disclosure (so as not to harm the organization).
• Due customer identification.

The list is quite general. Each organization has the right to add or remove any of the events described.

Compliance at Sberbank

In one of the largest banking organizations in the country, each employee is involved in the implementation of compliance functions within their job description.

The implementation of the functions of this system requires the automation of all banking processes. Sberbank is actively cooperating with CIO offices for this. An example is an IT platform based on Oracle. It makes it possible to systematize the processes of monitoring the financial condition andoptimize the structure of the bank organization.

A few years ago, a law came into force, according to which all banking organizations in the world are required to transfer to the tax service of America all data on the accounts of its taxpayers. Sberbank has introduced such a product and will further adapt it to the Russian market.