Facing down complexity: creating a global framework for compliance
Article 5 minute read

Facing down complexity: creating a global framework for compliance

01 June 2018

In-house general counsels can help organisations in Asia navigate an increasingly complex regulatory landscape, by creating a global subsidiary compliance strategy that also addresses regional needs.

Faced with rapidly evolving regulatory requirements, organisations in Asia Pacific must address new challenges when it comes to subsidiary compliance. Particularly for those that are present in multiple jurisdictions, the role of corporate secretarial services (CoSec) is becoming an increasingly important part of the drive to create a robust approach to regulatory compliance that can take into account a range of regulatory regimes.

However, many organisations struggle to develop compliance strategies that work on both a regional and an international basis. “Finding an optimal set-up can certainly be challenging”, Leila Szwarc, global head of compliance and strategic regulatory services, said in a March 2018 briefing paper, “5 truths about global compliance”. However, as the paper also points out, there are strategies that organisations can use to create a global framework for compliance.

Dealing with complexity

Globally, there is a growing emphasis on transparency - both internally and externally from regulators, the media and the public. Just as companies have gotten to grips with new international regulatory regimes such as Basel III, the International Financial Reporting Standard (IFRS), the Foreign Account Tax Compliance Act (FATCA) and the Common Reporting Standard (CRS) in recent years, a raft of regional reporting requirements are now being rolled out with the aim of increasing transparency, especially in regulated industries such as financial services.

In addition to efforts by the Monetary Authority of Singapore to overhaul MAS 610, for example, Australia, Hong Kong, Malaysia and India are all currently updating national reporting procedures. Such changes will require organisations to develop better internal systems and processes for collating and managing data, as well as for reporting both internally and to external entities such as regulators and shareholders.

For organisations with a presence in more than one jurisdiction, these efforts to boost transparency will also result in increased complexity as businesses must monitor and react to changing regulations on a number of fronts. In addition to overcoming language barriers, there is often a need to address national compliance requirements, as well as variations within countries. According to the 5 truths about global compliance briefing paper, 19% of countries in the APAC region have different compliance requirements per jurisdiction (province), and 35% of countries have severe penalties for legal administrative non-compliance.

Businesses are also becoming more complex internally due to major disruptions such as digitalisation and individual structural changes such as expansion into new territories. As organisations push these boundaries, there is a growing need to develop an enterprise-wide approach to CoSec duties that also takes into account the array of regional rules and regulations that currently affect companies in Asia.

Furthermore, the cost of non-compliance is increasing: it is no longer enough to concentrate on regulatory consequences alone, it is also important be mindful of the reputational impact of negative media attention.

“In a world where social media exposes organisations to reputational risks, legal counsels have a massive opportunity to proactively define business outcomes. Rather than simply keeping business leaders out of jail, the role has now moved towards helping them to define the company culture,” says Shagun Kumar, managing director at TMF India.

In-house general counsels must be able to navigate this rapidly changing landscape and it is increasingly clear that this requires an enterprise-wide approach to compliance. By creating a global framework that provides a solid template for compliance, it is possible to address increasing regulatory pressures and mitigate the reputational risk of a potential compliance issue. However, such a framework also needs to account for regional differences throughout an increasingly complex regulatory picture.

Creating a global framework

In the current regulatory environment, organisations must ensure that they remain, not just on top of new rules, but well ahead of regulatory output across multiple jurisdictions. It is not enough to begin working on a compliance response as new rules are published by regulators. Organisations must be aware of these developments ahead of time so they can prepare for and promote change across the organisation in advance - as well as lobby for adjustments to upcoming rules that might adversely affect the organisation or the wider industry.

And it is up to legal and compliance professionals to stay one step ahead in order to map out the ever-changing parameters in which today’s organisations must operate. More specifically, in-house general counsels should take the lead in creating an enterprise-wide response to regulatory change, as well as spearheading the development of systems and processes to ensure compliance.

And while it is important to be an independent source of information and guidance for other business units, those at the forefront of this movement are also now exploring how to be a more effective business partner by listening and responding to changing compliance needs throughout the organisation.

So how can in-house general counsels ensure that increasingly complex organisations are fully prepared to face a changing regulatory landscape? While there is no single approach, a solid first step would be to conduct an audit to assess current standards and potential requirements.

This should compare and contrast each jurisdiction in terms of its present level of compliance and performance, including an assessment of CoSec data to ensure harmonisation and accuracy across all sources of information within the company. An audit should also help to map out the lines of communication within regional entities and between these units and the rest of the organisation. A new global framework can then be created to address any gaps or areas in need of improvement identified by the audit, as well as current and future compliance needs.

Communication is key

In-house general counsels need to work with the compliance, risk and audit teams in order to develop a global framework that can be disseminated throughout the organisation’s regional hubs.

Also, Kumar adds: “There is a need to balance global compliance frameworks with fast moving local knowledge.” Locally-based employees must be given the knowledge, ability and confidence to tweak the global framework to suit local regulations and cultural differences. Internal communications systems and processes will play a key role here by reinforcing the company culture and ensuring full buy-in from all employees.

Local experts should be empowered to tailor the global framework to fit regional needs, informing employees of their responsibilities and any changes on an ongoing basis.

And these lines of communication should not be one-way only. “Where there are changes in law, it is expected that the board be trained or briefed to ensure that regulatory and compliance risks are well managed through the compliance team,” says Sharon Yeoh, director, head of corporate secretarial at TMF Singapore.

As such, local units need to be able to convert rules and regulations from their jurisdictions into a standard format that can be understood by management and used to develop an overview of the organisation’s overall compliance status. For many firms, a simple but effective strategy is to schedule regular phone calls between head office and regional hubs in order to keep the wider organisation abreast of regulatory developments. Maintaining an ongoing dialogue in this way can also help to break down any resistance to change that might come about due to unexpected policy adjustments, for example.

Most organisations face a range of overlapping standards across jurisdictions and in terms of internal policies. Adopting the highest standard is usually the safest way forward in such circumstances, but to do this effectively everyone in the organisation must be on the same page with regards to local and international regulations. The legal team must work more closely than ever with compliance to co-ordinate this communication and ensure full understanding.

In addition to a strong internal communications function, many organisations find that a training framework focused on compliance is also a useful tool. This helps employees to gain a deeper understanding of the company’s overall compliance needs and also reinforces a culture across the organisation that compliance should be at the forefront of all activities. By conducting this training online and tracking employee progress, it is possible to ensure that all employees have equal access to the relevant information rather than relying on regional business heads to get the point across in a uniform manner.

Exploring outsourcing

Many organisations have the necessary skills and knowledge to develop a response that can adapt to fit both global and regional needs, particularly if it is impossible to have an in-house expert or local compliance officer for every region. However, others require external support and this is where outsourcing can be of great value to the CoSec function.

Engaging a partner that can provide on-the-ground expertise can fill in the gaps, particularly as organisations expand into new regions and business areas. For example, some organisations outsource certain business transactions to locally-based service providers such as lawyers, accountants and professional services firms.

The service provider can then feed information about common issues or changes through to the group compliance division, which can then create a reponse on a firm-wide basis, if necessary, such as updating relevant training programmes. While the organisation itself creates the global solution, service providers act as a key source of local expertise to ensure the company remains a step ahead of regulatory change in all regions.

It should be noted that outsourcing may not be the best option for every organisation, but it is certainly worth considering as companies attempt to tackle growing levels of compliance complexity. Those that do wish to explore this route should begin with due diligence work to identify the full range of organisational obligations - from mission critical to those of lesser importance.

Any obligations that are earmarked as candidates for outsourcing should be discussed and agreed upon by all internal stakeholders before finding and engaging professional providers. It is also worth noting that this process of identifying, discussing and outsourcing activities could take time to complete - as much as two years for some activities.

And then, even once an obligation has been outsourced, ultimate responsibility always remains with the organisation. As such, it is important to act in partnership with outsourcing firms to ensure sufficient communication of objectives and understanding of corporate goals, strategies and overall culture on an ongoing basis.

A new approach

Compliance has moved beyond simply satisfying legal and regulatory issues - reputation is an increasingly precious commodity as organisations face growing pressure from both regulators, stakeholders and the media to be good global actors. As company culture and conduct plays a more important role in compliance, organisations need to broaden their perspective in terms of their overall compliance goals.

In this respect, the development of an enterprise-wide approach is key. Further, legal counsels play a major role in putting the entire business on the same page when it comes to satisfying an increasingly complex web of rules and regulations, particularly across multiple jurisdictions. This will ensure all parts of the business operate according to the highest standards and can satisfy both internal and external reporting needs in an effective and efficient way.

Talk To TMF Group

Organisations that are operating in multiple jurisdictions can partner with TMF Group to address corporate secretarial (CoSec) challenges in the Asia Pacific region – in terms of both establishing a presence in a new region and managing ongoing compliance in areas including entity life cycle management, accounting, tax and transactional reporting, HR and payroll.

With regional offices throughout APAC and experts that can provide insight and guidance on the full spectrum of local regulatory requirements, TMF Group can help clients to create a global framework to manage regulatory compliance risk.

This article was originally published on Asia Risk.

Insights and updates delivered to your inbox.

Sign up to receive a weekly round up of posts that matter most to you. 

Sign up now