What NOT to do to comply with increasing regulation


Author: Sophia Purkis


This article previously appeared on www.realbusiness.co.uk.

Regulation can, if handled correctly, enable a business to enhance a culture of ownership with its employees, foster goodwill with its suppliers and customers, and be seen in the wider market as being professional and entrepreneurial.

Don’t let compliance stifle the culture of your business – but don’t ignore the risks either! Businesses face a rising tide of regulation and increasingly aggressive prosecuting authorities (e.g. the FCA, SFO, HMRC and OFT) willing to pursue companies and individuals for what they perceive to be regulatory breaches and criminal offences. The growing number of duties placed upon employers and service providers also means a corresponding increase in the opportunities for civil claims. Directors and company officers may find themselves personally liable for wrongdoing committed during the course of business and companies face large fines and, of course, reputational damage.

Serious stuff. But creating thick tomes of compliance manuals and expecting staff to read and digest it all is not the answer. People simply won’t read them! Staff usually want communication that is short, sharp and to the point. Provide that and there’s far more chance that they will actually read it in the busy-ness of the working day – and, crucially, remember and act upon it.

Don’t be paranoid – but do recognise unregulated businesses are not excused from the regulated regime.

Employment, anti-discrimination, data protection, anti-bribery and money laundering legislation affect all businesses. In today’s market being diverse, inclusive and environmentally and socially aware means a better working environment for people and improved market position.

Health and safety is an important area; statutory requirements aim to protect employees, consumers and the general public. The Health and Safety Executive brings 500-600 prosecutions every year and local authorities an additional 100-150.

Businesses should conduct an appropriate risk assessment to identify sensible measures to control workplace risks. The law does not expect you to remove all risks but to protect people by putting in place measures to control those risks. A safer working environment also means happier staff and customers and fewer claims.

Remember, you can’t remove all risks, but you can put procedures in place to minimise these risks and control them as best as you can.

Practical policies and procedures provide a framework to protect a business and its employees. They can also facilitate business development.

For instance, under the Bribery Act 2010 the presence of “adequate procedures” will provide an organisation and its officers with protection in proceedings under parts of that Act and may help prevent allegations of wrongdoing. The procedures relate to six key anti-bribery principles:

  1. Proportionate procedures;
  2. Top level commitment;
  3. Risk assessment;
  4. Due diligence;
  5. Communication; and
  6. Monitoring and review.

Emphasis is upon measures being a priority for those at the top taking direct responsibility. Policies should inform individuals in an organisation of the boundaries which apply to their actions and enable them to deal with any potentially uncomfortable situations.

Don’t obsess about the paperwork – it’s what happens on the ground that’s important.

Regulatory compliance must be current and effective. Practices and people change. New challenges and experiences call for policies to be reviewed. Conversely nothing demonstrates more clearly to a prosecutor that compliance is not being taken seriously than a policy which is out of date.

Knowing your regulator too well can be a bad thing – because it can breed complacency and that can be a management team’s undoing.

Regulated businesses are often very savvy. They know what their regulator expects. However, they cannot afford to become complacent.

As the high profile investigations into the banking sector have demonstrated, market practice changes over time. Legislation introduced, for example, in light of the Libor scandal to combat the making of misleading statements and manipulative practices (Part 7 Financial Services Act 2012) and potentially now to deal with the allegations concerning Forex, can be slow to catch up with events and does not have retrospective effect. However, that does not mean that those who operated in different times are not still subject to today’s judgments and that contemporaneous legislation cannot be used to prosecute individuals. The reputational damage and loss of market confidence from scandals such as these is palpable.

Compliance within the regulated sectors needs to be visible, accessible and fair. If your compliance team can demonstrate to others that they are there to assist and to enable business, it improves staff buy-in to the enterprise. An organisation and its employees are better and feel better protected.

Prosecutors’ powers are extending. They too are subject to market approval and objectives. They are looking for results. If your business or staff should find themselves faced with an investigation or potentially the subject of claims, instruct professionals to consider and review the evidence and advise objectively. Deal with the issue head-on. It is often quicker and cheaper to deal with a problem when it arises rather than if it has been left to fester.

Try to embrace regulation to make it work for you, thereby espousing, in regard not only to your staff but also to your customers, a culture of professionalism. Prevention is better than cure; having systems in place in relation to bribery, health and safety, anti-money laundering and data protection, amongst others, will clearly stand the business in good stead.

Sophia Purkis, Partner, Fladgate LLP (spurkis@fladgate.com)

View by author:


Would you like to hear more?