Regulation & Compliance
The UK Bribery Act comes into force on 1 July 2011, significantly revising and strengthening the current UK anti-bribery regulatory regime by introducing legislation that is viewed as the widest reaching of any OECD country. This places significant requirements on UK corporates to ensure they have the necessary controls and processes in place to prevent bribery and to demonstrate compliance with the Ministry of Justice (MOJ) Adequate Procedures guidance.
This guidance is principles based, and as a result, questions remain for many about how this new legislation will be enforced. CB organisations clearly need to conduct their own assessments of the bribery and corruption risks they face and draw their own conclusions about the policies and procedural enhancements required to address those risks.
All CB organisations will be focused on supply chain activities (particularly in respect of cross border logistics) and agency relationships where UK or overseas expansion is relevant capital or trading partners may require additional scrutiny. In addition retail organisations may be concerned about relationships and activities with franchisees and other trading third parties.
Why is it an issue?
- The new Section 7 corporate offence means that organisations can now be prosecuted for failing to prevent bribery occurring. The company’s defence is their ability to demonstrate adequate procedures to prevent bribery. This requires organisations to ensure they have appropriate processes and controls in place to identify and mitigate bribery and corruption risk and monitoring controls so they remain robust as their business evolves
- Key to embedding effective ABC control is a strong adoption at board level and a culture of integrity and ‘doing the right thing’. Achieving cultural alignment and consistency is extremely challenging and requires focus from very senior management to get right. Organisations need to achieve an effective balance reconciling this with other competing regulatory priorities they face
- The Act has extra territorial application meaning it can apply worldwide and consequently has wide ranging implications for CB organisations who have a global footprint; extended distribution networks and are moving goods and services cross borders
- Deloitte can support commercial organisations to design and implement anti-bribery and corruption programmes which will ensure they have the control framework in place to demonstrate adequate procedures
- We can perform current state readiness assessments to enable organisations to identify and remediate control gaps to support them in complying with Adequate Procedures
- We can assist organisations in developing awareness training and specialist risk training to ensure employees understand the requirements of the UK Bribery Act and ‘Adequate Procedures’
- We can help organisations understand the ABC risks they face and benchmarking their current control environment.
Ethical and regulatory compliance is on the agenda of most, if not all, CB organisations today, having been given added focus from the UK Bribery Act. More widely, this Act is becoming a catalyst to drive organisations to look at compliance activity more widely. Our ethical and regulatory compliance practice therefore also supports organisations to develop and improve their compliance functions and remediate the control challenges they face with respect to regulatory compliance, such as anti-trust regulation. With a broad base of geographically dispersed employees, achieving ethical compliance can be particularly challenging for consumer business organisations.
Why is it an issue?
Companies in the consumer business are facing increased compliance pressures from a number of sources:
- New laws and regulations, both local country and extra-territorial, such as the UK Bribery Act around Health & Safety, corporate responsibility and in response to prosecutions and investigations
- Increasing scrutiny by stakeholders around Health & Safety, Corporate Responsibility, implementing codes of conduct, ethics or business principles and in response to prosecutions and investigations
These pressures, together with increasing pressure on internal costs means that now, more than ever, companies are looking to derive maximum benefit from their compliance framework and function. The key components of this framework are outlined below:
- Policy frameworks - communicating external expectations and internal rules and regulations in a manner which is effective, efficient and ultimately measurable is a balancing act that many companies struggle to achieve
- Monitoring and reporting - the introduction of Sarbanes Oxley brought with it expensive and expansive control and monitoring activities which many saw as unnecessarily complex. Implementing similar monitoring mechanisms for a compliance framework can be highly effective yet clearly a balance is required between levels of assurance and cost
- Organisation and culture - a compliance function seen as a hindrance to the business or as means of shifting responsibility for decision-making is unlikely to be successful. Compliance functions must have the correct profile, positioning, resources and skill sets alongside a clearly defined role and mandate if the overall compliance framework is to be effective
- Our Compliance Maturity Model allows us to benchmark and determine strengths/opportunities for improvement across the following areas: governance; culture; risk; organisation; policies & procedures; communications & training; controls & monitoring; reporting; and technology
- We have experience of working with leading organisations to define policy architectures, author codes of conduct and policies and design appropriate means of implementation and roll out
- Design and implementation of fit for purpose monitoring and reporting methodologies including technology solutions to allow consistent and efficient execution
- We have experience of working with leading organisations to align compliance organisation structures and resourcing with the increased requirements of an effective integrity and compliance programme, while providing clarity as to the roles and responsibilities of the compliance function.
Privacy and compliance with local and international data protection laws have reached boardroom agendas. There is a complex range of standards to meet, both in terms of regulatory requirements and arising from customer and employee expectations. It is a constant balancing act to make sure that the value of personal information that can be obtained from consumers is realised while ensuring that their privacy rights are maintained and delivering the optimal customer experience.
Why is it an issue?
- A public data loss or breach of privacy requirements can cause significant reputational damage
- The increased desire by consumer business organisations to maximise the use of personal information, for example through loyalty cards, presents a range of privacy challenges around the use of the data
- Local and international regulations are undergoing permanent scrutiny, with continual development across the world introducing new requirements around a number of areas
- Businesses today are compelled to interact beyond traditional market borders, organically and through acquisitions, outsourcing and emerging markets. Understanding, interpreting and complying with complex international regulations is an increasingly challenging task
- Companies are outsourcing more activities than ever to third party providers, which introduces an entirely new level of complexity to data risk and privacy issues
- Every advance in data-handling technology, including the recent consolidation trend in ERP systems and data warehouse IT virtualisation, brings new privacy and cross border data flow implications.
Our dedicated privacy professionals have expertise in managing a range of privacy based projects in consumer business organisations. This puts us in a unique position to understand the issues faced by project teams and senior managers charged with the responsibility to meet deadlines with successful projects. Some examples of the types of privacy work we undertake include:
- Developing and implementing privacy strategy and programmes
- Data Protection compliance audits
- Carrying out Privacy Impact Assessments
- Advising on solutions specific data protection compliance issues
- Third party data protection audits
- Building and embedding privacy governance models.