Adoption of an efficient compliance system raises the discussion about the need and effectiveness of a certification program
Given the current political and economic situation, many companies have looked closely to the need of an effective compliance program, but although the subject is being widely disclosed, doubts arise about its extent and concerns that should be addressed by compliance. An assertive solution is the adoption of a certification program that has a recognized source, such as ISO 19600 certification, which addresses the implementation of compliance programs and ISO 37001 certification, which addresses anti-corruption programs.
Concern about compliance is legitimate and should be handled with the care that the subject requires. Although not necessarily a company contract with Public Authorities, its activities may be impacted by the objective liability foreseen in the legislation. Even if the relationship with the Government is assumed minor, it is important to evaluate the extent of other economic activities developments, such as: commercial partners, suppliers, customers, or even other private relations subject to the extensions of Anti-Corruption Law n. 12.846/13, its Regulatory Decree n. 8.420/15 and other legislation subject to compliance, such as the Administrative Improbity Law n. 8.429/92.
Once this stage has passed, and moving into the effective implementation of a compliance program, doubts invariably arise, such as: where to start, which model or standard to follow. The answer about effective implementation run through matching its standard to the general guidelines of an integrity program. Compliance must primarily carry out the analysis of business ramifications and extension of risk it can produce, or external factors that can impact business. From then on, it is up to the integrity program to seek for adoption of proportional mechanisms to the context of the organization.
More than following the law, it is mandatory that the business is conducted in an integral manner, as the legislation itself indicates under article 42 of Decree 8.420 /15 sixteen guidelines that reflect an effective program of integrity. Such concern is not only due to legal binding, but also showing to market that the company is choosing to adopt an effective compliance program, and not only to attempt to portray a law-abiding image, even because effective mechanisms impact penalties measuring in case of potential deviation.
One of the responses to the implementation of an effective compliance program is its certification. One of the most well-known certifications is Pró-Ética, a effectiveness evaluation from General Comptroller’s Office, but there are options, such as the ISO 19600 Certification which provides general guidelines for establishment, development, implementation, evaluation, maintenance and improvement of compliance management, and ISO 37001 Certification, specific to anti-bribery management.
ISO 19600 certification provides general guidelines for an effective program, such as: organization assessment; leadership commitment; appropriate standard of compliance policies; organizational roles and responsibilities; planning and objectives; resources (financial, tools, human resources and training); awareness and dissemination of the compliance culture, in addition to the participation of senior management; internal and external communication and documentation of efforts; planning and operational controls, evaluation of third parties; monitoring, measurement, analysis and evaluation; recurrent audit; and improvements evaluation.
ISO 37001 certification has its own general guidelines such as: organizational context; leadership involvement; planning; support (which includes resources, personnel skills of responsible for controls, awareness and training, communication and documentation); operation (including operational planning and controls, due diligence, financial and non-financial controls, third party audits, gift and hospitality policies, control management, reporting of deviation and investigations); evaluation of performance and improvements.
ISO certifications may prove valuable in structuring an effective program. In addition to offering a general guideline addressing concern when structuring compliance and anti-bribery programs, on current environment where more and more companies seek to perform business with partners who share same ethical standards and fair competition, having a compliance certificate may not only mitigate risk and therefore avoid losses, but also generate value and develop business.