There are many readily accepted global definitions of compliance and the nature of being compliant, whether from international organizations or regulatory bodies. But are these definitions followed—or even recognized—at a local and regional level? Does their reach, formulated from the summits of legislative authority, trickle down to levels perhaps overlooked in the larger compliance world?
The International Compliance Association (ICA) is a professional membership and awarding body. ICA is the leading global provider of professional, certificated qualifications in anti-money laundering; governance, risk, and compliance; and financial crime prevention. ICA members are recognized globally for their commitment to best compliance practice and an enhanced professional reputation. To find out more, visit the ICA website.
The simplest description of compliance—conforming to laws, policies, and standards—would appear relatively straightforward: follow the rules as they are set. Surely compliance is more than this definition? If it wasn’t, there wouldn’t be differences around the world in how compliance systems are put in place.
Rather than compliance being about laws and regulation, does it become a question of your local compliance culture and how you want to operate? This is where the differences between jurisdictions across the world begin to emerge. From a global perspective, it’s clear compliance is no longer the sole domain of U.S. regulators, and companies must acknowledge compliance risks are global and affect the wider world.
The compliance landscape is constantly evolving, so a broader, more international view is required, in tandem with a focus on your own jurisdiction and how compliance works there.
Below, compliance will be examined in four key jurisdictions: North America, Europe, Asia Pacific (APAC), and the Middle East and North Africa (MENA). Whether you operate in one of these areas or do business with firms within them, it will be important to understand the way each views compliance and, crucially, how perspectives may differ from your own region’s views.
The United States is renowned for having a particularly aggressive compliance enforcement stance. Over the last few years, there has been increasing global enforcement from the region not only in anti-corruption but in financial fraud, money laundering, tax, and trade sanctions. The wide reach of U.S. regulators means their rules and views on compliance have a major impact on the rest of the world.
In recent years, there have been many fines levied at international banks for breaches of U.S. law. For example:
- Wells Fargo paying $3 billion for its fraudulent account scandal
- Citi paying $400 million for risk management failures
- Capital One paying $390 million for anti-money laundering lapses
- Deutsche Bank paying $150 million for Jeffrey Epstein ties
There is a temptation to look at how strict and severe the United States is and decide to base a compliance program purely on its standards. After all, if a company can comply with the strictest levels put in place, then surely it will be okay. However, this stance removes any chance a company has to adjust and adapt for local practices and can have negative results. It’s important to strike a balance between making sure severe penalties are avoided while still maximizing business opportunities.
Traditionally, and prior to Brexit, the European Union had a cohesive way of regulating through a large host of laws and legislation that flowed into the region’s culture of compliance. The major nations had a say on policies, and the EU system appeared to work across the continent.
However, with the United Kingdom having left the bloc, there is now the possibility of change on the horizon. It will be more important than ever for European states to have their own culture of compliance while still adhering to the European Union’s.
For the United Kingdom, the challenge is in forging its own path while still nurturing relationships with key allies.
Historically, APAC has shown more acceptance of certain forms of corruption (or bending the rules) as being an acceptable means of speeding up bureaucracy or establishing “relationships,” and compliance has traditionally been viewed as detrimental to business growth.
Gift giving is customary in Asia, and cash gifts, while not permissible in U.S. business dealings, are not only normal but part of life’s rites of passage and festival periods. It’s crucial for anyone operating in the region, or indeed with it from afar, to understand these key holiday periods and handle them sensitively.
APAC is an enormous, diverse region in terms of legal systems, legislation, and enforcement. It includes New Zealand, tied for first among countries on Transparency International’s 2020 Corruption Perceptions Index, as well as Myanmar, which is tied for 137th.
This also brings cultural barriers which can be tricky to navigate. For example, sarcasm works well in Australia and New Zealand for marketing ideas but goes down poorly in Asia, where words are more likely to be taken literally. Understanding this nuance in language is key when creating a consistent compliance culture to ensure messages are not misconstrued.
Being comparatively smaller in size can mean some countries feel isolated from international markets and must put their own regulations and compliance first. There can be a temptation to relax local practices to fit in and be accepted by larger, more intimidating countries, but doing so can lead to opening the door to corruption and bribery—a dangerous place to be.
Middle East and North Africa
Within the MENA region, there are three key topics relating to the nuances of local regional compliance.
The first is for businesses to know their partners and other intermediaries are conducting themselves to the same high standards as they are. No matter how good a company’s culture of compliance, there is a reliance on those with whom they trade, and on behalf of, to be compliant too.
The second is to keep abreast of what is happening in these high-growth markets and keep compliance as fresh as possible. If compliance is out of date, a company can believe it is doing the right things while it is actually breaking the rules.
Finally, there is the challenge of the increased cyber-security risk in the region and the impact it can have on compliance. Cyber-risk is on the rise all over the world, and the MENA region, like elsewhere, is battling to stay on top of it.
Today, there exists the feeling there is less tolerance for bribery and corruption in APAC and MENA, and it is no longer acceptable to merely explain it is “just the way things are done.” Increased attention from the United States has helped foster this new attitude.
It’s vital to acknowledge a common understanding of compliance. But what must also be understood is how your local area identifies compliance while also absorbing the approach in international areas in which you do business.
It’s no longer satisfactory for senior management just to set the tone from the top. Compliance efforts need to be seen as being embedded in the organizational strategy and cultural principles of a company. A one-size-fits-all approach is not sufficient in today’s global business environment, and these differences must be clearly understood so appropriate strategies can be put in place to assist employees in mitigating and managing the risks.
One key point to remember is that cultural sensitivities, language barriers, and differences in the manner of doing business must all be considered and recognized as determining factors in understanding compliance across jurisdictions.
The International Compliance Association is a sister company to Compliance Week. Both organizations are under the umbrella of Wilmington plc.