Compliance is a common, not unusual, action. It is something each of us learns right from childhood. Parents provide a code of behaviour that every child knows must be followed. This is the beginning of the training we all receive for leading a compliant life. This is followed by rules, regulations, and ordinances arising from religious beliefs and social customs, traditions, and practices.In short, training for compliance starts very early in life.
Compliance encompasses the laws and regulations of the country, as well as the applicability of international laws of universal nature. The United Nations sanctions are a case in point. As an example, many Western European countries in the Eurozone offer developing countries GSP (Generalised System of Preferences) for imports into their countries, which usually involves concessional tariffs. The GSP states align with maintaining strict conformity to their demands relating to basic hygiene and higher ideals of human rights. Readers may recall that there was a complete clampdown on the acceptance of carpets from Pakistan into Europe due to the much-publicised deployment of ‘child labour’. Similarly, Far Eastern countries, which continue to be the largest importers of seafood products, slowed down imports due to concerns over hygiene and cleanliness in seafood sheds.
Regulatory frameworks are not static but dynamic. New technologies and the introduction of newer products and services into the marketplace mandate changes in regulatory demands, which market participants must meet.
By being compliant – an entity ensures that it is engaging in business aligned with doing the right thing; and above all, it makes good business sense not to violate the framework.
Compliance must not be viewed as a constraining factor for either conducting or enhancing business. Following regulatory requirements provides assurance against the emergence of unethical conduct or even flagrant violations of the law. Compliance requirements and standards set by regulators are not ‘suggestions’ but ‘commands’. Just as Moses, when he came down from Mount Sinai, brought not mere suggestions, but commandments. Suggestions can be accepted or rejected, but commandments must be observed.
Compliance must become a habit. Acceptance of requirements shouldn’t be coercive but must come voluntarily. Compliance allows us to face demands and challenges with full preparedness, instead of waiting for a catastrophe or calamity to hit.
Markets are under constant change. The revolution ushered in by Artificial Intelligence (AI) in business and the corporate world places a huge responsibility upon regulators worldwide to be vigilant in making reviews, revisions and refreshing compliance standards and demands. Some aspects of business change frequently, but these are cloistered and nested within several other aspects that do not change with similar rapidity. Organisations must remain cognisant of addressing hidden compliance issues on their own.
The general resistance to compliance stems from its inherent requirement of submitting, whether willingly or otherwise, to the dictates and demands of others. The human mind generally resists commands, especially if they conflict with one’s internal makeup; the only institution where you cannot reason or question a command is the armed forces, and this is universal – it is to do or die. There can never be room to deviate from the command.
The Chief Compliance Officer (CCO) is assigned to ensure that the entity/organisation is fully compliant with the rules, regulations, policies, and procedures, regardless of whether these are framed internally or enshrined in the legal framework of the country or produced externally. There should be no confusion about the need not to overstep the laws. No organisation can risk operating outside the regulatory framework or even the fringes of the law; the reputational loss is too major a risk to be taken lightly.
Regulators in shepherding organisations and markets need not behave tyrannically; instead, they must use moral suasion to encourage willing compliance. It mustn’t be made to look evil, an embodiment of black laws. Compliance on a wholesome basis assures all stakeholders of the institution’s reputation and longevity.
The organs of the State have to work in harmony with the requirements of the Constitution of Pakistan. All citizens are expected to adhere to constitutional norms in their daily lives and activities. No institution is permitted to overstep its role or come into conflict with other constituents. The pillars of the State must work in conformity with the Constitution’s requirements; any attempt to violate, ignore, challenge, or hold it in abeyance, partly or fully, is dealt with by death penalty; the punitive actions are described in Article 6.
Several boards, chairmen, owners and even CEOs look down upon the compliance function as an evil requirement inspired by regulators to curb growth. Compliance and its growing requirements understandably entail heavy costs, in terms of setting up the necessary IT structures, architecture and platforms; and no board likes to see growing compliance and operating costs because these bite deeply into the profitability of the institution.
Compliance must be supported from the highest levels of the hierarchy. A CEO who places emphasis on meeting statutory compliance needs in letter and spirit conveys through belief and action to the entire workforce that non-compliance will not be tolerated. Complying with regulations is key to the growth, strength and sustainability of the institution.
As CEO of financial institutions, I saw the compliance function in an entirely different dimension. Adhering to business ethics and morality, in my view, is the best guarantee for strengthening internal controls and thus the institution. A compliant institution assures that all aspects of protecting the institution are in place; such institutions are held in esteem by the regulators.
Those CEOs and senior managers who show disdain for compliance actually weaken the institution; no systems and processes, based on best practices, are given attention, which ultimately is to the peril of the organisation.
Compliance demands can be either vocal or conveyed through subtle recommendations. Organisational compliance sets it apart from other market participants. Reputation is built through adherence to rules and regulations. The impact of adherence is ultimately reflected in the entity’s financial performance. Boards love financial accounts that have no items or penalties paid due to non-compliance.
Compliance culture is a necessity; it needs attention from the board, to imbibe and inculcate it. Not only should the enunciated laws, rules and guidelines be followed, but institutions must have unwritten compliance requirements. Honesty and truthfulness in business matters must be a given. The presence of the highest ethical standards must be reflected in the institution’s dealings. Tax evaders do not present this picture.
Compliance must be embraced, not feared. Compliance is not a curse but a blessing, both in the short and long term.
Sirajuddin Aziz
The writer is a retired senior army officer with experience in international relations.