Advising multinational companies on basic compliance policies

Complementing our bi-weekly series on what every multinational should know on various international trade, enforcement and compliance topics, below is an update to our series on compliance checks that every company multinational should take into account. Give us two minutes and we’ll provide you with five compliance best practices that will benefit your international regulatory compliance program.

Identifying basic compliance policies is essential to establishing a comprehensive and effective compliance program within an organization. A key first step for multinational companies is to think about what compliance policies they consider to be their “core” compliance policies. In most multinational organizations, typically, these core policies cover between 18 and 22 areas.

The best compliance is always tailored compliance, which reflects the business and risk profiles of the multinational enterprise as well as the internal workings of its compliance program. When developing a customized set of basic compliance policies, the five elements to consider are:

1. Start by understanding the typical key compliance areas: Foley has published a list of essential and suggested compliance policies, which is a good start for multinational companies looking to assess the scope of their own programs.
2. Understand legal and regulatory requirements: You should ensure that you understand your organization’s risk profile and how it is impacted by regulations specific to your sector. A good starting point for gaining this understanding is to conduct a thorough review of the relevant laws, regulations, industry standards and contractual obligations that apply to your organization to identify the key compliance areas and requirements that your organization should meet . The specific risks and vulnerabilities your organization faces based on its industry, size, geography, business operations, and regulatory environment determine the types of compliance policies your organization should implement. the accent.
3. Review industry standards and best practices: Multinational companies should prioritize compliance areas based on their importance to the organization’s operations, their exposure to risk, regulatory oversight and their potential impact on stakeholders. A good guide to identifying these areas of risk is to research standards, best practices, and compliance guidelines specific to your industry. In some cases, industry associations have established recognized frameworks or model policies that can serve as a starting point for establishing critical compliance areas and then modifying them to suit your organization. You may also consider international compliance standards and best practices, such as ISO 19600 (Compliance Management Systems) or ISO 37001 (Anti-Corruption Management Systems), as potential starting points.
4. Review existing policies and procedures: Particularly for basic compliance policies, it is important to have up-to-date and comprehensive policies. You should review existing policies, procedures and internal controls within the organization to identify gaps, redundancies or areas for improvement. Determine which policies are outdated, ineffective, or no longer relevant to the organization’s operations, or which only passingly cover key compliance areas.
5. Make sure your baseline compliance permeates your compliance structure: A well-functioning compliance system integrates key compliance policies throughout its compliance structure in a coordinated manner. This means that key areas of compliance must be covered in the company’s ethics statement, in individual compliance policies, and implemented through suitable internal controls. Compliance training should also focus on critical areas of compliance, including coverage of internal controls that implement key compliance measures.