Compliance Society of Zimbabwe officially launches, as IPEC urges corporate compliance
HARARE, The Compliance Society of Zimbabwe (CoSoZ) an umbrella body for Compliance Professionals across all economic sectors in Zimbabwe was launched yesterday and seeks to ensure that corporate compliance is a continuous process.
TENDAI KARONGA, the Insurance and Pension Commission (IPEC), Commissioner of Insurance, Pensions and Provident Funds who was the guest of honour in his speech said institutions should develop a culture where compliance risk is recognised as a concern for everyone.
“Once a risk appetite policy is in place the setting up of an early warning system should not be overlooked neither should the consideration by management of responses that would prevent small problems from accumulating into larger ones.
“It is also important to involve Compliance Practitioners in the creation and approval of new products as well as new projects to ensure all attendant compliance risks are fully understood and addressed,” he said.
Karonga said clear and frequent communication across organisational boundaries would help to achieve this but of course, embedding these compliance policies into a company’s culture requires further practical measures.
“Having compliance polices but not enforcing them may be almost as harmful as not having any at all. As said earlier the most effective way of ensuring compliance is to train employees in the basics and how they apply to the business,” he said.
He added that there is also increased value in investing in strong compliance programmes because these programmes not only prevent infringements, but also may serve to mitigate penalties where an infringement has been committed.
He said a tailored compliance programme, targeting the business’ risk areas, is important in helping companies navigate the turbulent waters in a planned and systematic manner.
Meanwhile, below is the Commissioners Full Speech at the Launch event
I am pleased to join you this evening as a keynote speaker for the official launch of the Compliance Society of Zimbabwe. It is highly motivating to address an audience that cares so much about creating and maintaining a strong culture of compliance.
Ladies and Gentlemen, it is worthwhile taking a moment to reflect on what compliance is and why it is important.
Compliance is either a state of being in accordance with established guidelines or requirements, or the process of becoming so. The definition of compliance can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Even abiding by your own internal policies can be identified as compliance.
In professional parlance, we tend to refer to the process and practise of being compliant by organisations or institutions as corporate compliance. Instability or a breakdown of order is the main consequence of a state of NON-COMPLIANCE to laws, rules, regulations including voluntary self-imposed limits at the operational level. Without compliance control of systems and processes strategic implementation becomes a bigger challenge if not an impossible prospect. In the absence of compliance there is indiscipline and some would even insist chaos but what is certain is that there will be disorder. A practical example of the negative consequence of non-compliance that quickly comes to mind is the effect of non-compliance in financial institutions. Financial institutions provide critical roles of financial intermediation through banking institutions and funding/ investment through insurance institutions and pension funds as well as the protection, safe guarding and monitoring of financial assets through appropriate practices by the Securities Commission. Poor corporate compliance management practices at financial institutions can arguably destabilise the entire national financial systems supporting the economy. We all know that financial instability and investment are mortal enemies. A culture of compliance across the entire spectrum of the economy boosts confidence and we know confidence is critical to investment.
As you probably know, compliance requirements cut across all sectors of the state. In a sense, all laws, rules, regulations including each organisation’s requirements require compliance. Examples from the financial services sector include the Insurance Act, the Pensions Act, the Banking Act, the Securities Act and the DPC Act and the regulatory requirements these impose. There are regulatory authorities in other sectors such as ZERA, POTRAZ, CAAZ. The Police, Army, Prison, government and government ministries, parastatals, companies, churches, non-governmental organisations etc also have compliance requirements. The list is not exhaustive but it is clear compliance permeates all aspects of society and that compliance management is a critical function.
The importance and significance of corporate compliance management is now widely recognised as an essential aspect of risk management. As a result, many jurisdictions are attempting to align their corporate compliance standards to international expectations. This of course has brought with it a rapid increase and proliferation of organisations, associations, institutions and other bodies at local, national and even international level attempting to improve compliance management.
I am thus pleased that at National level we have gathered today to launch the COMPLIANCE SOCIETY OF ZIMBABWE (CoSoZ) the umbrella body for Compliance Professionals across all economic sectors in Zimbabwe.
The main objectives of CoSoZ are listed as:
- to educate, train, promote, assist and regulate Compliance Professionals
- to create a forum for Compliance Professionals to exchange views and information and the encouragement of best practise.
- to consult and enter into public debate on compliance issues with Compliance Professionals, Regulators, Industry, Business Leaders, Educators, Governments and the Media.
- to liaise with, establish dialogue with and to make submissions to Government in relation to the development of Policy and Legislation on Compliance issues.
- to encourage, promote, develop and provide assistance in relation to effective and efficient compliance as well as best practice in compliance.
The Sunday Mail of 25 June 2017 described Compliance Practitioners as the “EAGLE EYES” of an organisation with respect to corporate compliance.
Having already defined compliance in general allow me to delve into some technical aspects of importance in corporate compliance management.
In their attempt to manage corporate compliance, most organisations differentiate between 3 main types of compliance:
- risks which are regulatory requirements
- risks inherent in any business
- risks that arise from voluntary and internal controls/limits
Institutions that manage their risks successfully apply industry specific tools to develop a precise picture of the compliance risk. Management acceptance, data availability and measurement techniques are the 3 main ingredients to be addressed to ensure successful corporate compliance management.
Institutions have been forced to re-evaluate their corporate compliance approaches and practices as a result of:
- environmental and rapid technological change affecting business models of organisations
- increasing complexity in the business and regulatory environment
- increased scrutiny and interrogation by legitimate stakeholders
- the effect of catastrophic events on reputation, current operations and future opportunities.
Most of the Regulatory Authorities of Zimbabwe have codified the need for the Boards of Directors of corporate entities to ensure that their institutions implement effective compliance frameworks and processes.
The regulatory authorities are thus demanding that the role of compliance be increasingly recognised as critical. By insisting on recognition the regulators are thus ensuring that the legal infrastructure for compliance functions is well developed and that the role of the compliance function in our institutions is entrenched in statutes, regulations and guidelines.
The Regulators in Zimbabwe and elsewhere had recognised that the Compliance Function in many institutions was set up just to satisfy the requirements for a compliance function and not as the critical function that it is to the business operation. This was evidenced by a lack of direct access to the Board of Directors by the Compliance Officer, a lack of independence and a lack of authority.
In view of the recognition of the Compliance Function by regulators Compliance Practitioners are under increased pressure to be more accountable and demonstrate how the function adds value. This is in light of the fact that the perceived lack of accountability has undermined Compliance’s credibility, threatened its standing in corporate institutions and even threatened its existence as a distinct capability in corporate entities.
Internationally the requirements of Basel 2 and 3 for banks and Solvency 2 for insurance institutions in managing financial risks demand the participation of Compliance Practitioners at a very high level in the risk management process. At the organisational level, I believe the compliance function must be involved in the risk management process at all levels and stages including when the risk appetite of the entity is being developed, established and implemented because of the need to plan for the compliance risk and its consequences. Institutions should incorporate compliance management into processes as well as systems design and indeed align corporate compliance management goals with the performance incentives of individuals.
Corporate compliance should be a continuous process. Once a risk appetite policy is in place the setting up of an early warning system should not be overlooked neither should the consideration by management of responses that would prevent small problems from accumulating into larger ones. It is also important to involve Compliance Practitioners in the creation and approval of new products as well as new projects to ensure all attendant compliance risks are fully understood and addressed.
On the ground Compliance Practitioners must be able to:
- identify and assess material compliance risks that impact negatively on the Business Model in operation
- have policies and procedures for assessing, prioritising, mitigating, controlling and monitoring material compliance risks
- have policies and procedures for reporting compliance risk and escalation of exceptions to the Board.
- manage the implications of strategic decisions on the compliance risk profile of the institution.
- consider emerging risks and trends including ethical and reputational risks
- manage knowledge transfer of corporate management policies and procedures to line management and employees in general. Line management should be the first line of defence against compliance risk as it ensures that policies, procedures and internal controls relevant to their business activities are implemented. Line managers should ensure employees have the necessary skills and access to training and development to fulfil their roles. The alignment of incentive contracts and performance with desired or expected outcomes is a must.
Ladies and gentlemen, it is important to note that senior management plays a major role in evaluating corporate compliance management procedures and ensuring the organisational structure is geared towards effective corporate compliance management.
Institutions should develop a culture where compliance risk is recognised as a concern for everyone. Clear and frequent communication across organisational boundaries would help to achieve this. Of course, embedding these compliance policies into a company’s culture requires further practical measures. Having compliance polices but not enforcing them may be almost as harmful as not having any at all. As said earlier the most effective way of ensuring compliance is to train employees in the basics and how they apply to the business. There is also increased value in investing in strong compliance programmes because these programmes not only prevent infringements, but also may serve to mitigate penalties where an infringement has been committed. A tailored compliance programme, targeting the business’ risk areas, is important in helping companies navigate the turbulent waters in a planned and systematic manner.
At the institutional level, organisations have treated regulatory compliance as the focus of corporate compliance management to the exclusion of its other role of assisting to enhance the organisation’s performance. The Board and senior management must ensure a proper re-orientation is achieved.
The Compliance Profession in Zimbabwe has focused too much attention on compliance as a risk management process whilst ignoring the fact that it is also a change intervention process. It has concentrated on changing the content of its systems and processes with little attention to the context in which such systems and processes are applied. One of the most complicated aspects of the management of change is the human element. The establishment of CoSoZ is a most welcome development as it provides a platform for dialogue on how the contextual issues can be addressed. In such a dialogue the disciplines of change management, knowledge transfer, innovation, project management, benchmarking and continuous process development would make a contribution in the resolution of the matters at issue.
At this stage, ladies and gentlemen, please allow me to take this opportunity to praise and appreciate the good work the Compliance Professionals do. I am pleased that we are establishing the Compliance Society of Zimbabwe which will bring together all of our Compliance Practitioners across all sectors and industries. CoSoZ will provide a platform for compliance professionals to apply their learning to the unique challenges they face in their institutions. One of the foremost desires of CoSoZ is to influence the production of men and women who are critical, inquisitive, bold and creative.
Some would say innovation is instinctive and a reflex action while others would emphatically say it can be nurtured through a mixture of the right ingredients whilst still others would say it’s a bit of both. Whatever it is, it is clear innovation is required to keep up with the effects of rapid environmental and technological change. Our compliance practitioners are strongly encouraged to be consistent in being thinkers and doers rather than accumulators of facts and much idle knowledge.
Ladies and gentlemen, I am convinced CoSoZ will play a pivotal role in setting standards that promote international best practices in the interest of developing regulatory and compliance principles and ethics in Zimbabwe.
- The fragmented and varied nature of control in corporate compliance will be a thing of the past with the set-up of CoSoZ. Standardisation of processes and procedures will result to the benefit of all.
- More use of information technology to ensure compliance is advised. Many software packages are in existence.
- Fundraising will be key in the furtherance of the Society’s objectives. Skills in this area need to be sharpened. However dedicated and committed members will lighten the burden.
- Organisations will benefit from the setting up of CoSoZ both in terms of effective compliance and the achievement of organisational objectives
Ladies and gentlemen, I am privileged to go down in CoSoZ history as having OFFICIALY LAUNCHED the COMPLAINCE SOCIETY OF ZIMBABWE as I HEREBY DO.