What are compliance programs?
Compliance programs (also called “compliance models”) are a set of policies, procedures, and actions that a company takes to identify and reduce the risks of breaking the Law, remedying potential violations, and generating a culture of compliance within the company.
Types of compliance programs
Since its purpose is to reduce the risks and consequences of non-compliance, companies develop compliance programs in various of its activities, depending on their special needs and exposure.
The most common programs are developed to cover, among others, the areas of anti-corruption, corporate governance, competition/antitrust, data protection, environmental, labor, and banking.
Benefits of having an appropriate compliance model
A robust compliance program will help the company demonstrate its commitment to respect the laws; better manage the risks of infringement; improve relationships with their customers and suppliers; develop a better reputation; and remedy or reduce the consequences of a possible infringement.
In some cases, the law establishes concrete benefits for having a compliance model. For example, in Costa Rica, the “Law of Criminal Liability for Legal Entities on Domestic and Transnational Bribery and other Crimes” provides that any sanctions may be reduced by up to 40%, and the “Law on Strengthening Competition Authorities” states that the competition authority may consider as a mitigating factor if the offender proves that it adopted a compliance program that meets certain requirements prior to the initiation of the investigation.
Elements of a compliance program
There are several types of compliance programs, each with its own special characteristics. However, generally speaking, it can be noted that a strong compliance model or program contains at least the following components:
- It must be specific to the company or industry
- Demonstrate a real commitment to comply, adopted by the company’s senior bodies and include the participation of all relevant hierarchical levels
- Identify areas of risk of non-compliance and how to address them
- Contemplates due diligence mechanisms on external business partners
- Develop internal structures and procedures for its implementation, including the appointment of a compliance officer
- The adoption of the Model must be verifiable and of sustained implementation over time
- Includes a communication mechanism and ongoing training for relevant staff
- Creates mechanisms for monitoring, reporting, and consequences for non-compliance
In some cases, regulations establish additional requirements as well as specific means to comply with them.