Any corporate compliance plan and program, no matter how well predicted it may be for the structure and operation of an organization or company, it is impossible for it to prosper if it is not translated into a tangible instrument that can be made available to all those involved in complying with the policies of the compliance plan.
By this instrument, I am of course referring to the compliance manual, a compendium that sets out the specific repertoire of the design of the corporate compliance program in the organization.
The corporate compliance manual is a document that compiles, organizes and details the policies, procedures and internal controls that a company implements to ensure compliance with laws, regulations and ethical standards applicable to its operations. vademecum of a corporate compliance program.
Consequently, a corporate compliance manual is also a key and imperative aspect in order for the guidelines for prevention, management and detection of legal and ethical risks to be successful.
However, what exactly is the content of the corporate compliance manual? In principle, it should be very clear that the body of this compendium may vary depending on the obligations that each organization must meet according to the legislation of the country in which they are located.
For example, there are national laws that require private business organizations to design anti-corruption policies in order to safeguard the good performance of the company, so that the content of the manual must adhere to the guidelines set forth in the applicable laws. However, there are other countries where the implementation of compliance is not mandatory for certain areas of the company, which means that the content of this manual is entirely subject to the diligence and prudence of the organization, and not a duty of a tax nature.
However, we must not fall into the error that just because compliance policies are not mandatory for certain scenarios, it means that there is no risk that organizations are not subject to negative consequences for not having policies to prevent legal and ethical risks, on the contrary, the lack of express regulation of the development of compliance programs by law, is precisely what makes building and implementing this manual can be extremely complicated, especially for small and medium-sized companies that have difficulty in detecting each of their obligations and commitments.
Under the obscurity of the regulatory frameworks on the subject of compliance in areas that are not specific, I repeat the question, what exactly is the content that the corporate compliance manual should contain? In my experience in the field of corporate compliance, I have detected that a compliance manual should contain, at a minimum, the following in order to be clear and concise in the minds and duties of all those to whom it is addressed:
1.- Objectives of the manual: What do the compliance program policies aim to achieve?
Scope of the manual: What situations should the compliance program cover?
Obligated parties: Who has the duty to comply with the corporate compliance plan?
Elements of the compliance officer, area or committee: What are the duties of the compliance officer?
Compliance policies: What elements are necessary to implement the compliance program?
Controls: control of risk analysis, control of investigation, control of corrective action plans, control of complaint channels, control of responsibilities and controls of progressive improvements.
Some other elements that the corporate compliance manual may contain are the inclusion of codes of ethics and conduct, glossaries, messages from management bodies, relations with authorities, gender balance policies, among many others.
In short, the corporate compliance manual should be as broad or restrictive as the needs of the organization require, i.e., it should be a fully individualized tailor-made suit.
However, if you are a compliance officer, consultant, entrepreneur, manager or simply want your organization to be governed by a corporate compliance manual, I highly recommend designing it under the ISO 37301 and 37002 standards.
By Eduardo Velasco López
