Compliance in Belgium
A closer look at the corporate sector
Compliance is becoming a hot subject in today’s business conduct. Due to increased insistence from the Authorities, not only in Anglo-Saxon countries, but also in mainland Europe, the corporate sector has to evolve towards Compliance as a means of doing good business and a ‘license to operate’. Tough market conditions prevail in a rapidly changing and globalizing world, so it remains a challenge for the corporate sector to adhere to compliance.
Being prepared is critical and will give you confidence that Compliance risks are being managed at acceptable levels across your company.
Comply or Die. Results of the Belgian Corporate Compliance Benchmark survey
In order to assess the current state of compliance in today’s Belgian Business World, Deloitte Belgium has conducted a benchmark survey. We welcome you to the first in an annual series of benchmarks designed to gauge the challenges faced by Compliance functions across all corporate sectors. This report also marks the launch of the Deloitte ‘Corporate Compliance Seminar’, a platform enabling you to engage with peers and discuss insights into the trends and challenges that companies and their Compliance functions or other functions related to Compliance are facing.
Compliance is becoming an increasingly important subject on the agendas of company’s Management and Board Meetings, and its importance will continue to grow. The increasingly changing and globalizing world, combined with new or strengthened laws, regulations and guidelines plus tougher industry standards, has created a complex compliance landscape. The focus on acting ethically and the rapid rise in enforcement actions through existing regulations, have increased the fines that are imposed, both corporate and personal.
The Compliance Function
The Compliance function is a fairly new concept to many corporate entities in Belgium. Of those interviewed, about 53% had only set up their Compliance function within the last five years. We expect the Compliance functions to mature apace in order to meet the ever-changing regulatory environment. Setting up separate and independent Compliance functions is a growing trend, although in most cases this function is combined with the Legal function. The creation of a separate officer or department is linked to strong regulatory pressure and the occurrence of Compliance incidents. Organising an efficient and integrated Compliance function is a challenge that the companies within the scope of this benchmark face. Some have started to meet this challenge by setting up Compliance Committees. The Compliance function is not yet formalised by means of a Compliance charter defining the roles, responsibilities and areas of focus for Compliance, as well as second-line partners and formal reporting lines.
The Compliance Scope
As companies operating in and from Belgium face a profusion of regulatory requirements, many of them are now focusing on organising their Compliance function. The organisation of Compliance in the corporate sector comes in a variety of flavours. The evolution of Compliance functions has been reactionary as opposed to risk aligned and has strategically focused on value-creation for the business. Compliance is a broad concept. To keep it manageable, companies have to make choices. Those choices can be based on industry regulation, company risk and/or general business conduct.
The scope of Compliance is still expanding in most of the companies and Compliance is treated by different functions in the company. The most popular Compliance subjects relate to ethical Compliance covered in the Code of Conduct (e.g., Integrity and Company values), Fraud, Bribery and Corruption and Competition. Privacy currently forms a key subject of the companies interviewed, due to its current prominence in the marketplace. Although the scope of Compliance is evolving, the Code of Conduct is the guide or basis for doing the right thing.
The Compliance programme
Compliance should be a means to and integral part of conducting good business. Therefore a Compliance programme should be developed. A Compliance programme entails that you and your colleagues work within the boundaries of the law, rules and regulations and that you inform, train and evaluate your employees accordingly. It is not enough to say what people should be doing right and to give them the information, skills and motivation to do it. To be effective, a company needs to assess and report on what its people are actually doing.
Many companies are trying to find a balance in the scope of their Compliance function: between classic Compliance subjects such as Anti-bribery & Corruption, Anti-Trust & Competition, Anti-Fraud and Integrity on the one hand and new regulations such as Privacy and Transparency on the other hand. We see close collaboration with other functions in covering the various aspects of Compliance as well as the division of Compliance processes. However, we do not see an integrated Compliance framework supported by one, common methodology to capture Compliance requirements, risks, policies, procedures, controls and assurance activities. Since most of the companies interviewed are still at the design stage of a more robust Compliance organisation and programme, the focus is put on awareness creation and training, therefore monitoring as last stepping stone to an integrated programme is (not yet) at the top of the agenda. We foresee however that many Compliance functions will have to include more robust Compliance programmes and processes, spanning all Compliance areas, supported by a common methodology in order to encompass Compliance requirements, risks, policies, procedures, controls and assurance activities.
Embedding a Compliance Culture is the next step
A key condition is that management does support Compliance, but awareness creation remains a key attention point to ensure a culture of Compliance is kept alive company wide. It is not so much top management, but rather middle management that needs to focus on creating and advocating the importance of Compliance. Potential misalignment between Compliance requirements and business requirements or the messages the workforce receives might restore Compliance in terms of business priority.
Bottom line, Compliance is evolving, not only in terms of key areas of focus but also in terms of processes Compliance is using to ensure Compliance remains a hot subject within the company. Evolving towards an integrated and mature Compliance programme requires budget and resources in line with the desired risk appetite of management and the right indicators assessing whether or not the organisation is compliant. The overall conclusion that we would like to share is that the growing attention and expectations of the outside world require companies to increase their attention to Compliance. From a regulatory and reputational perspective we might even say: “Comply or die”.