English, Etik ve Uyum Yönetimi

Reactive or Pro-active compliance?


I recently met one of the managers of a large organization from outside of Turkey to discuss potential support in their ethics & compliance matters. That manager asked me whether they need to be reactive or pro-active in their compliance? It was a great question and the manager wanted to really help their organization, because in the opinion of the manager there were a few areas where they could be a bit more pro-active and establish a better compliance system. My response to that was whenever we select healthier lifestyle and go to a doctor, usual advice of doctors is to be pro-active not reactive, no doctor would say just sit there and wait until bad things happen to your health and then react! Doctors in such cases would usually advise being pro-active in physical and mental health, which will include dietary and other advice.

We therefore both quickly agreed that pro-active is really better! And with some quick guidance in their matters, we were able to discuss ways of managing their concerns. But let’s discuss all this a bit further.

Reactive compliance

First of all, let’s go back to reactive compliance. There is an option of being reactive in compliance of course. Just react when a bad day comes! Do nothing in the compliance area and wait for that bad day. One of such bad days is when a local or international regulator knocks on your organization’s doors for breach of anti-bribery and corruption laws for example. There are multiple examples of how badly such knocks on the doors may end up for organizations. These examples vary from small organizations and end up with some of the well-known international energy or service organizations (take the recent example of German company called SAP – “the market leader in enterprise application software”, which was found in breach of the US Foreign Corrupt Practices Act of 1977 (FCPA) by paying bribes abroad). And this is one of the rare instances in life when something is guaranteed – which is that your organization will react to such a bad day, for sure it will react! However, it may be a too expensive of a reaction, not only in financial terms but also from the perspective of individual liability of your employees. A number of legislative acts of such countries as the US, UK etc. impose, among other things, personal liability, which may include imprisonment of involved personnel for breach of such laws as the UFCPA and the UK Bribery Act of 2010.

Another angle of reactive compliance is international business. We see more and more organizations remembering about compliance when attempting to do an international business, especially with the US, UK or EU organizations. And all of a sudden, a simple clause with some basic anti-bribery and anti-corruption undertakings becomes a major issue because no one else in the organization faced with that before! The organization gets into almost an emergency mode, because guess what, the organization is ready to win that tender based on many other aspects and is fully capable, save for the compliance! And the organization ends up paying more to prepare something in the compliance area withing a short period of time, something which they never had before.

Pro-active compliance

Being pro-active in compliance has many benefits (and we may need a longer article to discuss all of them!) which will help mitigate matters, as above and make your organization prepared when/if such bad days come. But, how can an organization ensure that? First and foremost, by having a well-drafted compliance program, where, one of the main elements should be – ensuring a culture of compliance. Your organization may have very sophisticated compliance program, but if your employees are not knowledgeable enough about what is right and wrong under your compliance program or if your employees know ways of circumventing that program, then your compliance program may not help much. Existence of such culture is a wonderful asset for organizations and helps in excelling in many areas of the organization’s activities. This culture should also help overcome the resistance which you may face at your organization. If, for years, your teams have been in reactive compliance mode, a lot of them will not want a change, but in a culture where being pro-active becomes a norm, this resistance will gradually fade away.

Therefore, as part of pro-active compliance it is not enough to have a compliance program on paper where your employees have no proper understanding of what compliance is, how it works and quite importantly what the role of the employee in that whole process is. “Compliance? Go and talk to our compliance department. I am too busy with that stuff!” – this should not be a response internally when asked about compliance! A culture of compliance, as described above, is essential therefore.

But what is after all a well-drafted compliance program?

When we talk about a well-drafted compliance program, it is the one which is formulated under best international practices consisting of reasonably drafted policies and procedures. For example, one of the elements of a good compliance program under such practices is having organization’s code of conduct. What is it? Put simply, it is how you conduct your business in an ethical and compliant way while following applicable local and international rules and regulations. It outlines how you treat your employees and how you work externally. It is also a great tool to have a nice touch with the employees on a continuous basis. And by the way, this does not mean that, smaller organizations should have a sophisticated compliance program. It may have some elements of a well-drafted compliance program and a compliance culture and still excel quite well.

Final remarks

Compliance is more than just complying with the applicable legal requirements, which of itself is already a huge and important part of any organization’s activity. Compliance is a great way of, among other things, creating a great reputation for your organization, where you embed proper compliance not because others are watching but because that is the right thing to do.

“You reputation precedes you” as the saying goes, compliance pro-active compliance is a great way of ensuring that!

So, which one is it – reactive or pro-active compliance?!

Yazı: Elshad Rustamov – Founder & Managing Director

The Consultant Danışmanlık Anonim Şirketi


Makalelerdeki görüş ve yorumlar yazar veya yazarlara ait olup , Etik ve İtibar Derneği’nin konu ile ilgili düşüncelerini yansıtmamaktadır.