By Blandine CORDIER-PALASSE, Revue RH&M n°53 p.52
What company would naturally remain exposed to a risk of which it was aware? Logically, the answer is obviously none. However, the risk of non-compliance with legal and extra-legal standards is now a major risk for companies. Originally, the Sarbanes-Oxley Act only targeted the financial sector and listed companies. Now, all business sectors are affected.
Compliance is becoming the cornerstone of companies' response to the emergence of new risks. Behind this Anglo-Saxon expression, which is too often confined to simple compliance with laws and regulations, there is a much broader approach. Beyond that, Compliance implies respect for all other standards, whether professional or ethical. We would add respect for values. Non-compliance could have negative consequences for the company and its management. Financial damage, loss of reputation, civil or criminal liability are all at stake.
To deal with this, managers are responsible for ensuring that their company complies with the criminal law. They must also comply professionally with the standards applicable to their environment. To this must be added ethical compliance to deal with the risk to image and reputation.
Together, these three layers make up a compliance policy. This would be seen as a burden on the company. However, implementing good compliance is, on the contrary, a guarantee of respect for the expectations of its direct environment: from suppliers to end customers.
Compliance covers several fundamental aspects, the scope of which varies depending on the company and its business. To be relevant, this approach must first be based on risk mapping.
The prevention of corruption is directly concerned, whether active or passive, public or private. There are many different practices. Insider dealing and conflicts of interest with customers or suppliers are just as relevant. They should be considered in the same way as antitrust practices arising from distortions of competition, cartels or agreements. Then there are environmental risks and export control.
Social risks in particular are the subject of a study. This refers to risks such as discrimination and practices that run counter to human rights in general. These practices range from child labour to the management of personal data. This happens both within the company and with its suppliers.
Lastly, compliance encompasses the criminal risks of managerial liability (abuse of power, breach of trust, misappropriation of corporate assets, etc.) and the moral responsibility of the company.
Compliance has a dual function: structuring in principle, it becomes organisational in nature. We need to define the rules and behaviours, explain the need for these rules, their benefits, adapt them and give concrete examples.
Once it has been put in place, it needs to be monitored, quantified and qualified. Deploying such a programme will only be effective if the company is sure of the support it needs, through targeted awareness-raising and training initiatives. all the company's partners and its employees. In addition the involvement and exemplarity of the Chairman and top management, and the determination of lines of responsibility.
By putting in place effective ethical codes or charters, the Compliance programme standardises behaviour. It reflects the common values of the company, a state of mind shared by all levels of the Group and its partners.
It is a tool for organisation, development and and risk mitigation. It is a competitive advantage and a source of performance. It is also an asset of trust for customers and suppliers, of pride for employees. These include cement for fragmented companies. Shareholders, for their part, will welcome the protection of the company's reputation and image, as well as its smooth running. Compliance has gone from being a constraint to a powerful lever for supporting the transformation and growth of companies.