top of page

Achieving Risk Management and Compliance Standards - Fear of law or Fear of penalty

For this topic, to be useful, it is important to first understand what is meant by Corporate Governance. Corporate Governance means and include principles, rules, laws, practices, and processes that govern, operate, regulate, and control the organization One of the essential elements of Corporate Governance is Compliance which means “Doing right thing in right and regulated way.”

In today’s era, Compliance does not only include adhering to the state and central laws but it also includes organization set up policies and procedures.

Every individual forming part of the organization is expected to abide by internal code of conduct (includes internal policies, procedures, journals, directives, values etc.) and external laws governing the organization, this is what makes an organizationcompliant and its adherenceapplies right from an intern to themanagement.

Why organizations need to have compliance standards?A question in minds of all with possible reasons as under:

  1. Being a Responsible Citizen: Organization runs by and for various stakeholders evenwhether you are profitable organization or non-profitable organization, you owe them since you use their resources to run your business and hence it is a duty of an organization to comply by law and take utmost care for the benefit of all stakeholders.

  2. To build trust: Trust is built through honest and transparent communication and meeting commitments. This can only be achieved if organizations have strict standards and protocol revolving around the above and ensure adherence of the same.

  3. Prevent the risk of reputational damage: We all hear how the penalties and punishment to any organization or person in charge of the organization or officers in default due to non-compliance, fraud, mischief etc. damages the reputation of the organization and leads to downside of an organization (loss of customers, bearish trend in organization share price, loss of employees, excessive regulators supervision etc.). Many Big Shot companies have suffered badly from being non-compliant.

  4. Define organization values& principles: Compliance standards helps the organization to understand its mission which leads driving and defining value and ethical principles.

  5. Leads to organization growth: Compliant organization attracts stakeholders’ eyes and helps in organization growth both financially and non-financially.Government also recognizes the organizations which are beyond compliant in many ways. Compliance standards also serves as powerful driver for long term changes in terms of articulating and redefining/modifying organizational values.

  6. Leads to error free environment and de-risksfines & confiscation: If you have Compliance Standards and controls, there is no chance that you do a mistake or error. Non-compliance can lead to heavy fines and even confiscation of organization assets and officers in default. NSE & BSE publishes the list of listed companies on an ongoing basis who are charged with fines for doing non-compliance. SEBI also publishes the orders against the companies in their website.Many reputed companies in 2019have suffered the consequences of being non-compliant.

  7. To prevent closure of business: For example, Section 248 of Companies Act, 2013 defines certain ground on which Registrar has right to close the company. In a Dec’2022 Article of economic times,more than 5.57 lakh companies were struck off the records in the last five years due to non-compliance with various provisions of the company’s law, according to the government. Minister of State for Corporate Affairs, Rao Inderjit Singh stated that 5,57,055 companies were struck off under Section 248 of the Companies Act, 2013 read with the Companies (Removal of Names of Companies from the Register of Companies) Rules, 2016 in the country in the last five years.

How you can achieve compliance standards

  1. Compliance Risk Management For an organization to achieve Compliance Standards, it is important to implement compliance risk management in your organization which means and include the process of identifying, assessing,and monitoring the risks to your organization’s compliance with regulations and industry standards. This includes all internal controls that you put in place to assure that your organization complies with those obligations and monitoring those controls to confirm they are effective on an ongoing basis.It is document thatdefine the potential losses, penalties, fines, and liability that your organization could face for being non-compliantand steps to be taken to prevent/reduce the risk at bearing level.

  2. Have a robust Governance, Risk and Compliance (GRC) model It is a model for managing governance and compliance risk in organization. It involves identifying the key policies and processes that can drive the organization toward its goals. By adopting a GRC framework, you can take a proactive approach to mitigating risks, making well-informed decisions, and ensuring business continuity.

  3. There are three main components of GRC: Governance — Aligning processes and actions with the organization’s business goals Risk — Identifying and addressing all the organization’s risks Compliance — Ensuring all activities meet legal and regulatory requirements

  4. Seek direct advice from Regulators -All regulators in today’s era be it Reserve Bank of India, Securities Exchange Board of India, Stock Exchanges, Ministry of Corporate Affairs have come out with lot of guidelines in the form of FAQs to help you the right way of doing the business. In case you are stuck, they even provide immense support to help you with doing necessary compliance and in case something is missed out from you in good faith, they even see the track records of the company to reduce the penalties. Many regulators also have active helplines numbers, so here is an advice, do reach out to them if you need help. For intermediaries in capital market, it is advised to reach out to BBF for seeking any guidance.

  5. Setting up strict policy and procedure If you need to be compliant, it is advisable to have strong policies and procedures internally with added repercussion of not following the same.

  6. Whistle Blower Mechanism and integrity helpline Whether your organization requires it as per the mandatory requirement or not, it is advisable to have a Whistle Blower Policy along with integrity helpline which aims to establish a mechanism to receive and report complaints relating to corruption, unethical behavior, actual or suspected fraud, leakage of unpublished price sensitive information, violation of the Code of Business Conduct and Ethics, irregularity, etc. and to inquire or cause an inquiry into such disclosure and to provide adequate safeguards against victimization of the person making such complaint subject to the disclosure or complaint being made in good faith and in reasonable time and taking appropriate action.

  7. Have a strong board of directors (BOD)& committees Last but not the least, it’s the BOD/committees of the organization who should be vigilant and strong enough to look into all aspects of compliance and risk. They should be experienced enough to guide management on the appropriate course of action and be watchful for any non-compliance.

Disclaimer: The article is merely personalviews of the author, and it does not lead to any professional advice, some facts have been gathered from some newspaper articles. Organization here includes firms and any other form of legal entity.




Follow LexTalk World for more news and updates from International Legal Industry.




bottom of page