Reporting and communication mechanisms must be enabled to gather and report information systemically and identify any breach or non-compliance patterns indicating compliance process loopholes. Compliance control processes should include verifying key information in the corporate compliance reports to be shared with the compliance committee and the board.
The independent monitoring, review, and reporting procedures adopted by the corporate compliance function must be standardized, relevant, and sufficiently consistent with organizational activities. Compliance issues and status are reported to the management, compliance committee, and the board-level compliance committee. Reporting may be in the form of formal compliance reports or other formal communication, such as memos addressed to the board member.
Reporting and Communication
The purpose of the regulatory enforcement activities is to ensure that those charged with governance are made aware of the organization’s compliance status and risk profile so that they may take or suggest corrective actions to be taken by management. It is the responsibility of the management to present the true and meaningful information in Infront of the board members and the compliance committee.
The compliance function must regularly carry out independent corporate compliance reviews based on a representative sample of material and high-risk transactions. Non-compliance may be identified as having serious regulatory implications on the organization’s reputation, financial stability, and branding.
The compliance reviews should cover processes like awareness of compliance risk, adequacy of internal controls, the accuracy of information submitted to the regulatory authority, and the management actions required to fulfill the control lapses or breaches.
The compliance officer decides the areas for regular compliance risk reporting to the compliance committee and the board. Based on compliance reports, the compliance officer reports to the compliance committee and the board on the findings of compliance risks and lapses.
Compliance reports must be in a manner that allows the compliance committee and board to clearly understand the regulatory compliance risks the organization is exposed to and the adequacy of key internal controls to manage the corporate compliance risks.
The compliance reports should facilitate the board in the performance of its oversight responsibilities for compliance risk. The board should review and determine the type, content, and frequency of reports to satisfy itself of receiving the necessary information to carry out its oversight role.
The compliance reports as a communication tool must include the following:
- The results of the compliance risk assessments undertaken during the assessment period, highlighting key changes in the compliance risk profile
- A summary of breaches and incidents of regulatory non-compliance and deficiencies in the management of compliance risk
- An assessment of the impact of compliance incidents on an organization, such as penalties imposed by any regulatory authority
- Compliance issues involving departments or members of management and the status of investigations or actions being taken
- An update on changing landscape of the regulatory environment owing to changes in regulatory approach or instructions
- Recommendations of corrective actions to address compliance breaches and internal controls deficiencies
- A record of corrective measures taken and the effectiveness of such measures
Communication is an unavoidable and critical aspect of the operations of any business. It is especially critical to communicate effectively. However, this is not easy because it is a more nuanced skill than many people realize. Some may dismiss its relevance in the world of finance, arguing that finance teams can get away with being less personable due to the analytical nature of their roles.