Having discretion means having the freedom to choose between the various courses of action. Moreover, the courses of action that are chosen should be the ‘right’ ones to a large extent. This article focuses not on regulation ‘but’ compliance’, not on regulators but on businesses and their discretion and approach to implementing regulatory compliance.
What counts as ‘Compliance’ is not simply a matter of mere conformity of rule. Rather compliance is a matter of interpretation of rules and facts. The term compliance essentially refers to ensuring that business processes, operations and practices conform to an agreed set of national laws, rules or regulations.
Sometimes implementation of regulatory compliance does not achieve idealistic policy purposes because business management may implement them partially and half-heartedly for the purpose of external impression management or ‘window dressing’ without making the necessary substantive changes to achieve external policy goals.
It is also noted that sometimes businesses are motivated to accept greater risks of non-compliance than regulators might prefer to see as non-compliant. This suggests that compliance systems will often be designed to manage risk and to set up grounds for management to negotiate with regulators that they have tried to do the right thing, rather than the compliance system being designed purely to eliminate non-compliance.
To manage the discretion and approach, compliance officers should start by building on the understanding of:
- the nature of the compliance tasks in the regulatory system,
- the nature of the factors influencing how compliance officers currently operate and tailor the compliance approach accordingly.
The Compliance approach is characterised by a central concern with attaining the goals of the regulatory system. Securing repair to harm done and future compliance are the core motivations.
One of the standard responses for how to regulate business is to have rules. Rules governing business are meant to serve two principal functions: to structure and constrain discretion, and to provide benchmarks for accountability. Mauritius as a jurisdiction has enhanced the rules & regulatory compliance management has become more prominent in a variety of organisations. The development has led to the creation of compliance officer positions. While it can be daunting to undertake new ways of operating, it’s often for the better. In particular, legislative changes usually come into effect for good reasons. They protect the safety of not just customers and businesses, but the entire economy.
Simply providing information on rules is not enough, however, just as simply providing information to businesses on how to comply is also not enough. What is needed, as in the regulation of business, is the development of a community of meaning and a community of commitment. The clarity of the regulatory goals, the inherent nature of the regulatory obligations being imposed, and the form of the rules used can all have an influence on the type of regulatory approach adopted. The behaviour that is being regulated is continuous and ongoing, and the requirements that are imposed require a positive accomplishment.
Measuring progress and outcomes that matter
The exit of Mauritius from the FATF grey list reinforces its position as a jurisdiction of substance, offering a conducive environment for business, with robust legislation and an innovative product offering for the global financial community.
Regulations in Mauritius have successfully internalised the compliance function by accomplishing these three stages:
The First Stage: Prompting Commitment – It has taken the form of requiring businesses to devise a code of practice, devise accountability or feedback systems & elaborating on the central compliance principles.
The Second Stage: Acquiring Skills and Knowledge- to develop systems that ensure compliance has to be facilitated.
The Third Stage: The Institutionalisation of Purpose – which includes internal audit and reporting.
The maturity of the compliance programs is increasing and efforts have been increased to achieve governance and control. Businesses in Mauritius have taken brilliant steps to transform the role of their compliance department by placing emphasis on active risk management and monitoring. In practise, it means expanding beyond offering advice on statutory rules, regulations and laws and becoming an active co-owner of risks to provide independent oversight of the control framework. The compliance function and the business have collaborated effectively to drive business performance and growth.
In dynamic markets, the rapid adaption of business activities and processes to such changes is seen as a competitive advantage. Thus the fast detection of a) demanding compliance requirements and b) violated compliance requirements along with the related adaption of business processes for maintaining compliance are the main tasks for the compliance function.
Giving this evolution, the business management has clearly taken responsibilities of expanding the role of compliance function by:
- Generating practical perspectives on the applicability of laws, rules, and regulations across businesses and processes and how they translate into operational requirements;
- Developing and managing a robust risk identification and assessment process/tool kit;
- Developing and enforcing standards for an effective risk-mediation process to ensure it addresses root causes of compliance issues rather than just “treating the symptoms”;
- Establishing standards for training programs and incentives tailored to the realities of each type of job or work environment;
- Ensuring that the front line effectively applies processes and tools that have been developed by compliance;
- Approving clients, transactions and product based on predefined risk-based rules;
- Performing a regular assessment of the state of the overall compliance program; understanding the business risk culture and its strengths as well as potential shortcomings.
Understanding motivations is not always a simple task, and moreover, business motivations may shift over time, and may not be easily consignable to one category. Given the internal complexity of corporate organisations, different parts of the business, or the same parts of the business at different times or even simultaneously, are likely to have different motivations. For a responsive strategy to work, it is also important that businesses understand the compliance obligation that the regulator is proposing to adopt and that they are clear what the nature of the supervisory relationship will be.
Equally important is the identification of situations for which compliance actions are productive rather than reducing the willingness to comply and undermining the regulatory obligations. The compliance function can focus on the effects of the compliance management system through interrelated questions: Do compliance management systems work to make an actual difference to compliance behaviour and substantive regulatory goals? That is, which compliance management system characteristics & in what circumstances, work to change behaviour and achieve regulatory goals? Conversely, to what extent are compliance systems used to mask non-compliance or provide a buffer against greater government regulation? What other functions or purposes do these compliance systems actually serve and what other effects do they have?
Regulatory compliance has undoubtedly affected business in a variety of challenging ways, increasing the cost of service, and sometimes making the delivery of great customer experiences more difficult. However, as the regulatory environment evolves, the compliance function has to get ahead of the curve by implementing targeted changes to its operating model and processes, and thus delivering a better quality of oversight while at the same time increasing its efficiency. Businesses that successfully make this shift will enjoy a distinctive source of competitive advantage in the foreseeable future, being able to deliver better service, reduce structural cost, and significantly de-risk their operations.
Discretion and rules are not in zero-sum relationship such that the more rules there are, the less discretion there is and vice versa. How businesses make decisions is only partly determined by rules, organisational norms and practices, past experiences, personal relationships, and attitudes will all play a part in affecting how decisions are made.
Contributed by –
Mr Mayank Srivastava
Director and COO, Merceron Capital LTD, Mauritius
*The views expressed are personal.
