The Role of Compliance Function in Business
The term Compliance includes not only adhering to laws and by-laws but also appropriate ethical principles and good market practice in the specific business domain.
The role of Compliance in companies is reflected, among other things, in monitoring changes to the regulatory framework, counseling, risk assessment, control, employee training, communication with state authorities and regulatory authorities, reporting, and establishing the so-called (corporate) Compliance culture within a company.
In the context of organizational functions, this role serves to detect and evaluate risks on time, provide comprehensive reports, and suggest strategies for the effective management of identified risks, with the aim of either eliminating or mitigating them to an acceptable extent.
The consequences of business non-compliance may extend to financial losses, labor law repercussions, imposition of regulatory measures necessitating company adherence, and potentially culminate in criminal sanctions against the company and responsible persons. However, the aftermath can be even more profound, encompassing a loss of trust and long-term damage to the company’s reputation.
How is the Compliance Control Function Regulated in the Republic of Serbia?
In our legislation over the last two decades, there has been a significant shift in regulating some of the Compliance-relevant areas, such as personal data protection, prevention of money laundering and terrorism financing, protection of Competition, environmental protection and sustainable business practices, and others. Often, this is driven by the alignment of our laws with European Union legislation (for example, the GDPR and the Law on Personal Data Protection). It is important to emphasize that European Union legislation, as well as that of certain European countries, has a considerable indirect impact on our companies. A case in point is the change in German legislation with the introduction of the Supply Chain Due Diligence Act, which pertains to labor rights and several crucial environmental issues and risks. In Germany, companies are responsible for Compliance not only with their operations within Germany and the European Union but also for the Compliance of their suppliers, regardless of where their headquarters are. If a manufacturer of components for a German company blatantly violates workers’ rights in the territory of Serbia, the German company itself will bear the consequences and sanctions imposed by its regulator. For this reason, Serbian companies participating in the supply chain for German companies covered by the mentioned Supply Chain Due Diligence Act had to establish so-called risk management related to the protection of human rights and environmental issues to fully comply with the new law.
Compliance, as an obligatory function, is currently legally regulated only in the banking sector, but even in the Law on Banks (“Official Gazette of the RS”, no. 107/2005, 91/2010, and 14/2015), it is mentioned merely in articles 82-84 of the said law. Therefore, even in the over-regulated banking sector, the Compliance control function is outlined only in a few articles where the role of Compliance control in the bank’s operations is rather broadly defined. The Companies Act (“Official Gazette of RS”, No. 36/2011, 99/2011, 83/2014 – other law, 5/2015, 44/2018, 95/2018, 91/2019, and 109/2021) mentions Compliance in Article 452, paragraph 1, item 1, defining that the tasks of internal supervision include the control of Compliance of company’s operations with the law.
Laws, regulations, and standards that fall under the Compliance function have various sources: primary/systemic laws, rules and standards enacted by regulators and supervisors, market conventions, codes of conduct issued by professional associations, and internal ethical codes applicable to employees. Considering other legal sources binding commercial banks, as well as the detailed controls conducted by the National Bank of Serbia as the regulator, along with the obligation to submit regular reports to the regulator, the Compliance function is probably most comprehensively regulated in commercial banks operating in the territory of Serbia.
In addition to commercial banks, other economic entities understand the importance of regulating Compliance functions within their organizations. This function is not exclusive to companies but also extends to government bodies, public enterprises, and other organizations.
Innovation Consistently Calls for Adaptation
Compliance is a young area, and even in companies where a team is established to address Compliance-related issues, it takes time for employees within the company, and often the company’s management itself, to fully grasp the role, importance, and necessity of an independent Compliance function in the company.
It should be noted that the regulatory framework is dynamic, with new rules constantly emerging or existing ones being amended. Therefore, Compliance and Compliance control are processes, not end goals. Many rules are intentionally not precisely formulated (e.g., market conventions, codes of conduct issued by professional associations, ethical codes, etc.), leaving ample room for companies to interpret them broadly and consistently seek the most optimal solutions.
Business operations, technologies, and processes change at such a rapid pace that the scope of the Compliance function increases every year. Artificial intelligence, digital assets, and cryptocurrencies are things a Compliance officer would certainly not have dealt with in a company in 2000, but now, they are integral tasks and part of the Compliance control function’s scope. Companies today invest significant resources to align their operations in innovative industries, striving to keep up with these changes, even though both domestic and international legislation face challenges in keeping pace.
In addition to the above, there is a need to change the mindset and perspective of owners and management of companies operating in Serbia, who still view dealing with Compliance as an additional cost and consider it overly complex, without realizing that Compliance function is a preventive measure and an essential factor for the sustainable and successful operation of every company.
