LAW Courses
LAW Courses

Share on Facebook

Share on Twitter

Share on LinkedIn

Share on Email

Share More

Comprehensive Compliance Management

Member (Account Deleted) Guest , 17 August 2009  
     Share   Bookmark

Comprehensive Compliance Management*
Kiran M. Chitale, FCS, Company Secretary, Pune.
*Views expressed in the article are personal views of the author.
Companies should not look at
compliance as a mere
statutory formality but
consider it as a social
obligation in terms of
maintaining highest level of
transparency, adhering to
ethical standards of conduct
and measuring every business
transaction, from legal,
financial, technical and other
Compliance means fulfillment, observation or conformity to certain set of rules, regulations,
guidelines, directions, principles, norms or other expected sets of behavior and / or actions
of a person. Such rules etc. are usually those which are enforced or mandated or could be
self-imposed by the person. In addition, there could be certain sets of guidelines, directions
and recommendations which may include some non-mandatory or optional items, which
would normally not be called as compliance, also get covered within the arena of the term
“compliance” to make it a complete definition. The term “compliance” involves
understanding of the concept of “self-discipline” substantiated by logical thoughts and
actions. Self discipline emanates from the fundamental awareness of the subject coupled
with the desire to achieve its commonsensical purpose. A person, who is willing to comply
with the traffic rules, would be able to do so if he has knowledge of those rules and has a
willingness to comply with those. Compliance management anticipates managing the
compliance, to put it in simple and minimum words. As quoted by one of the learned
management thinkers, “getting things done” is called management. In that sense, getting
compliance done would mean compliance management. Going forward, one cannot continue
to be contented with such definition and needs to drill down further to go to the root and to
understand the subject from the base. It is therefore imperative that one not only complies,
but does understand the nitty-gritty of the subject matter to be able to effectively manage
compliance. If one decides to get a reasonable understanding on the subject of compliance,
one would need to go closer to the subject rather than moving away for the reasons of
breach and penalties.
In the corporate environment, the term compliance gets a different flavour post
introduction of the Corporate Governance norms and the changing times have shown that
the flavour keeps changing with times to suit the industry demands and to match global
standards of disclosure practices. Under Indian conditions, typically we tend to observe
and follow the changes taking place in US, UK and other developed nations and try
enforcing similar norms rather than being purely innovative in such measures. The whole
concept of Corporate Governance must be covered somewhere under the basic guidelines
in our traditional theories and practices. However, for some reason or the other, one
finds it convenient to learn from experiences of other nations rather than following the
principles flowing from our own invaluable treasure of knowledge captured in the ancient
A corporate entity enjoys all benefits of being a corporate citizen and hence, can enter into
transactions in its own name including purchase, sell, earn income and incur expenditure.
This fundamental characteristic does entail the key responsibility
to behave similar to a citizen and work in the interests of the
public at large. It is, therefore, critical for an organization to
design all its policies and business goals in such a manner that
they are not against public policy. Like an individual, who lives
his own life, but is subject to certain set of rules and regulations,
a corporate citizen is subject to various obligations (statutory
and non-statutory) which brings in other elements called ethics,
morals, principles etc.
By practice many corporate entities in India equate corporate
compliance to legal compliance. This is partially true, legal
compliance only cover compliance with the relevant laws and
rules etc. Depending on the nature and size of the organization,
its business, organization structure and other relevant
parameters, every corporate resorts to its own format for
reporting of its legal compliance (which usually covers
reference to select laws and confirmation of their compliance
during certain period and reporting of the instances of noncompliance).
Corporate compliance is a vast topic in itself requiring a team
of people having knowledge on relevant subjects to come
together to arrive at compliance requirements and rating of
findings against the set of identified requirements/norms. It
is recommended that corporate compliance is given top-down
approach to ensure that it flows within the corporate like its
blood and touches every nook and corner of its functions or
areas of operations. Once the corporate think-tank gets
involved in the compliance, they should provide directions to
the management of the company to be adhered to ensure the
said corporate is a compliant entity. Then it becomes the job
of the middle management to follow those directions/
guidelines, percolate those down to the lower level or
operating management and ensure that compliance is first
imparted to all of them, they understand it in right context
and spirit and it makes sense for them as well to abide by the
same. Unless, each and every individual involved in the
process buys the whole thought-process, it is difficult to see
those thoughts landed on the ground for implementation. It is
important to have a time-frame to achieve these activities to
be able to follow the compliance-action-plan from time to
It is also recommended to involve all concerned people in the
process including employees, consultants etc. which would make
the whole thinking realistic and productive apart from ensuring
that the process is well thought-through from various
The whole process should start with fresh mind and fresh mindset
to look at the subject of “compliance” rather than limiting it to a
formal report being presented to the Board for years. It is
understood that implementation of the aforesaid thoughts would
take long and would need availability of conducive environment
in an organization including right and quick decisions,
manpower, equipments etc.
A team of heterogeneous people could be formed which would
avoid single lane traffic of brain storming. The team
should identify some common goals, tasks to be achieved with
greater amount of flexibility in terms of methodology, scheduling
Each team member should question the basics and should not
take existing situation for granted. This would help questioning
the existing practices and processes.
After having effective discussion, the team leader could
submit a report to the top management with all its fact
findings and recommendations with assumptions and reasons
for those.
As stated earlier, when it comes to compliance, generally one
thinks of Legal compliance. However, to look at the complete
ecosystem of compliance, one should not limit the arena to
legal compliance, but take it beyond, including non-legal,
recommended compliance. To take this thought further, it
would be desirable in the interests of the organization to
include moral, ethical, contractual compliance which not only
touches the fundamentals on which an organization is run,
but also reflects its approach towards employee welfare,
interests of the stakeholders at large and the social
It is, therefore, recommended that each function within
organization takes complete responsibility of its areas of
compliance for following reasons:
(a) Each function would know its scope of routine activities.
(b) Each function would be operationally involved in handling
the issues that arise in the function.
(c) Respective function is the best assessor of its requirements
and should have better understanding on the subject
(d) Legal function could be referred for having a pure
legal opinion or in specialized legal activities such as
(e) Respective function would need to implement the
compliance process and hence, each function would be able
to give inputs on matters relating to the common areas
that touch Legal as well.
(f) Respective function would be in position to allocate internal
responsibilities for monitoring compliances.
Comprehensive Compliance Management
Articles Articles
(g) Legal function does not have operational role to play in
the activities of the respective function.
At times, there could be a distinction between Secretarial and
Legal functions, if those are independent. In such cases, it is
desirable to set the principles/guidelines to facilitate decision or
at least deciding which function would act as a lead in the given
Comprehensive approach to compliance suggests that the
company secretary should not only think from the perspective
of routine compliances under the Companies Act, but also include
various areas requiring attention (apart from compliance of the
law) :
(a) Internal policies and processes
(b) Insurance requirements
(c) Contractual compliance
(d) Fulfillment of obligations towards employees, vendors and
(e) Confidentiality obligations
(f) e-security requirements
(g) Data protection requirements
(h) Intellectual property related compliance
(i) Import/export laws (as is committed in contracts)
(j) Adherence to internal and external guidelines, norms,
directions as the organization may decide.
(k) last but not the least initiative to conserve natural
resources and their optimum use (this is compliance
towards Nature!)
Assuming that Legal and Secretarial is one and the same function,
typically the role would include the following (depending on
the nature, size, structure of the organization and how these
functions are placed in the organization):
(a) Create a Compliance Policy and process.
(b) Identify roles and responsibilities of various functions in
the organization towards various compliances.
(c) Provide formats for Compliance Reporting.
(d) Get approvals to policies etc. from the Board/Committee
of the Board.
(e) Obtaining compliance reports from concerned functional
heads, other entities in the group.
(f) Reporting of compliances to Board/ Committee of the
(g) Monitoring non-compliances and closing actions on such
(h) Handling litigations.
(i) Contract management.
(j) Policy matters.
(k) Property matters.
(l) Legal opinions.
(m) Routine activities.
(n) Record keeping.
(o) Communicating key amendments to relevant internal
In case of group of companies, the parent company should
follow a mechanism for reporting of non-compliances by its
subsidiaries and other group companies supported by a generic
statement of compliance. This would offer a reasonable comfort
level to the parent entity in terms of uniform practices and
compliance policy being followed by the group and reporting
by exception.
In case of any non-compliance by subsidiary or other group
entities, detailed reports could be submitted to the Board seeking
discussion and guidance from the Board, subject to the required
legal action.
Those companies having presence outside India will need to
ensure compliance with the laws of the country in which such
company has a presence (whether as a branch, subsidiary etc.). It
would, therefore, be desirable to contact local law firm to seek
its support in ensuring compliance of the local legal requirements
including obtaining relevant copies of the documents for record
Though it would be costly affair, it is worth obtaining a checklist
of compliances from the local law firm. Also, one would
need to make arrangements to get important updates to those
One of the important aspects of compliance could involve
translating documents in the specified language of the country
where the documents need to be submitted e.g. to an office in
Germany, China or the like. In such cases, it is important to keep
copies of the documents (in English as well as the local language
of such country) and to obtain certified translation from
recognized authorities as a part of compliance of the legal
It is suggested to conduct audit of Legal compliances to confirm
adherence of the Company’s activities to the Compliance Policy
and the law of the land. While this exercise could be complicated
Comprehensive Compliance Management
and vast in scope, it is desirable to begin with a limited approach
of covering key legislations applicable to an establishment and
then to keep expanding the list. This would help identifying
red-alert areas for the organization on a periodic basis. Also, a
report of such audit could be placed before the Board/
Committee for information of the Board and advise on
actionable items. This could bring more opportunities for
practicing members.
It is recommended that systematic approach to the whole
compliance process would help achieving desired results.
This would involve lot of thinking, resources and energy to install
a robust system of compliance and keep improvising it.**
Compliance function in an organization should be self-driven to
ensure compliance rather than being forced upon to focus on
minimum level of compliance and getting away with it.
It is the responsibility of the compliance function to be selfconvinced
about the need for compliance and steps to be
followed to ensure the same. Otherwise it would be difficult to
convince other functions to follow your path. A forced
compliance usually ends up taking short cuts and a limited
view of completing “formalities” rather than taking pride in
compliance. Each function should understand its role in
compliance and should not tick it in the name of Secretarial &
Legal as there are lot of other administrative, HR, business,
financial, technical, security issues that need to be tackled by
respective functions.
Companies may consider adopting “Zero Non-Compliance
Initiative” similar to those undertaken in the manufacturing
sector towards achieving Zero Defect in production. This would
need revisiting extant policies and would set the organization
on an altogether different track to re-examine the thought process
of the top management as well as the actions at operational level.
This would also involve revisiting ABCs on the subject and
bringing compliance thought-process in action at all levels.
In achieving the compliance, it is suggested that one should make
maximum use of available technology to keep all records,
maintain back-ups, create reminders to important filing dates
etc. Little bit of programming could automate routine actions or
help closing those fast, allowing the compliance function to focus
on non-routine, important issues in the organization.
It is imperative that an effective compliance process becomes a
part of Corporate’s behaviour rather than limiting compliance
to closing of action points by concerned functions. Top down
approach would probably help the same. It would then percolate
at all levels making it a part of corporate behavior to comply
with applicable law, rules, policies etc. Compliance would
become a key word for each and every employee in the
organization and he/she would ensure compliance of his role
and responsibilities in the organization make the organization a
fully compliant entity.
Companies should start rating themselves on the compliance
scale, which will indicate their level of compliance health-check.
This should be based on standard parameters or a questionnaire
to be released internally or by a professional body / authority.
This will bring in an element of gauging a company apart from
financial parameters. Such rating should not only involve
compliance with statutory requirements but also, non-statutory
requirements such as recommendations, norms, policies by
government or those internal to the company and the system
set in the organization to take care of eventualities such as
natural calamities, change in personnel handling compliance
work etc. Compliance rating would find place in due-diligence
audit of an organization and help enhancing value of such
organization in equity research or corporate restricting. It
would also enhance the perception of the investors about the
Company Secretary would play a key role to achieve the
compliance. Compliance activity would not only create
additional scope for practice, but also add visibility to the
profession. Companies should not look at compliance as a mere
statutory formality, but consider it as a social obligation in
terms of maintaining highest level of transparency, adhering
to ethical standards of conduct of any business transaction in
addition to measuring every business transaction from legal,
financial, technical and other perspectives. There are companies
which take initiatives in helping employees to file tax returns,
get their vehicle tested to pollution norms, green earth initiatives
etc. which go beyond the subject of routine compliance and
create expected set of behavior by corporate to be compliant to
social norms. Compliance presupposes adherence to specified
or pre-determined rules, regulations, directions, policies etc.
with a view to maintain transparency and provide comfort to
all stakeholders that the company would not turn red for
compliance reasons.
It is hoped that in the years to come, companies would start
rating themselves on the compliance scale. This will not only
create more and more companies becoming fully compliant
companies but also set next level norms for better corporate
governance. 􀂉
** Refer to the article of this author published in October 2007 of Chartered
Comprehensive Compliance Management

"Loved reading this piece by Member (Account Deleted)?
Join LAWyersClubIndia's network for daily News Updates, Judgment Summaries, Articles, Forum Threads, Online Law Courses, and MUCH MORE!!"

Tags :

Category Corporate Law, Other Articles by - Member (Account Deleted) 


Post a Suggestion for LCI Team
Post a Legal Query