Ahsenture Business Developers provide the service of Compliance Consultancy. We confirm the rules & regulations such as a specification, policy, standard or law. We also simply the goals of the organizations to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations. Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls. This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources.
Standards and regulations
The International Organization for Standardisation (ISO) produces international standards such as ISO/IEC_27002. The International Electrotechnical Commission (IEC) produces international standards in the electrotechnology area. The ISO 19600:2014 standard provides a reminder of how compliance and risk should operate together, as “colleagues” sharing a common framework with some nuances to account for their differences. Some local or international specialized organizations such as the American Society of Mechanical Engineers (ASME) also develop standards and regulation codes. They thereby provide a wide range of rules and directives to ensure compliance of the products to safety, security or design standards. There are a number of other regulations which apply in different fields, such as PCI-DSS, GLBA, FISMA, Joint Commission and HIPAA. In some cases other compliance frameworks (such as COBIT) or standards (NIST) inform on how to comply with the regulations.
Corporate scandals and breakdowns such as the Enron case of reputational risk in 2001 have highlighted the need for stronger compliance and regulations for publicly listed companies. The most significant regulation in this context is the Sarbanes–Oxley Act developed by two U.S. congressmen, Senator Paul Sarbanes and Representative Michael Oxley in 2002 which defined significantly tighter personal responsibility of corporate top management for the accuracy of reported financial statements. The Office of Foreign Assets Control (OFAC) is an agency of the United States Department of the Treasury under the auspices of the Under Secretary of the Treasury for Terrorism and Financial Intelligence. OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against targeted foreign states, organizations, and individuals. Compliance in the USA generally means compliancy with laws and regulations. These laws can have criminal or civil penalties or can be regulations. The definition of what constitutes an effective compliance plan has been elusive. Most authors, however, continue to cite the guidance provided by the United States Sentencing Commission in Chapter 8 of the Federal Sentencing Guidelines. On October 12, 2006, the U.S. Small Business Administration re-launched Business.gov (new Business.USA.gov) which provides a single point of access to government services and information that help businesses comply with government regulations.
There is considerable regulation in the UK, some of which is from EU legislation. Various areas are policed by different bodies, such as the FCA (Financial Conduct Authority), Environment Agency and Scottish Environment Protection Agency, Information Commissioner’s Office, CQC and others. Important compliance issues for all organisations large and small include the Data Protection Act 1998 and, for the public sector, Freedom of Information Act 2000. The UK Corporate Governance Code (formerly the Combined Code) is issued by the Financial Reporting Council (FRC) and sets out standards of good practice in relation to board leadership and effectiveness, remuneration, accountability and relations with shareholders. All companies with a Premium Listing of equity shares in the UK are required under the Listing Rules to report on how they have applied the Combined Code in their annual report and accounts (The Codes are therefore most similar to the US’ Sarbanes-Oxley Act).
Standards Australia revised the standard titled “AS 3806 – Compliance Programs”. While many aspects of the original standard produced in 1998 standard appear in the 2006 version there are additional principles covered. The regulators in Australia continue to endorse and encourage (by regulation) the use of the standard when establishing a compliance framework. The regulators are the Australian Securities and Investment Commission, AUSTRAC (for AML), ATO (for FATCA and CRS) and the Australian Prudential Regulation Authority (APRA). Compliance demands in the superannuation industry continue to increase due to the new licensing regime implemented by APRA. The new licensing regime requires trustees of superannuation funds to demonstrate to APRA that they have adequate resources (human, technology and financial), risk management systems and appropriate skills and expertise to manage the superannuation fund. The licensing regime has lifted the bar for superannuation trustees with a significant number of small to medium size superannuation funds exiting the Industry due to the increasing risk and compliance demands. The 19600 standard on “Compliance Management Systems” reflects largely the existing AS 3806-2006 standard, which it will replace.