King III - Chapter 6: Compliance with laws, rules, codes and standards

Overview
Chapter



06


 

Companies must comply with all applicable laws. Laws should be understood not only in terms of the obligations that they create, but also for the rights and protection that they afford. The board is responsible for the company’s compliance with applicable laws and with those non-binding rules, codes and standards with which the company has elected to comply. One of the most important responsibilities of the board is to monitor the company’s compliance with all applicable laws, rules, codes and standards.

Key provisions of the Report - click here  New window
(Click on the arrows to expand section)
The compliance with laws, rules, codes and standards has always been an explicit statutory/legal requirement. King III now provides recommended principles and practices to adopt to ensure that compliance is achieved.

Compliance can be achieved by:
  • Identifying the laws and regulatory obligations that are applicable, including the non-binding rules and standards to which an entity/organisation wishes to comply
  • Ensuring that the board and board members understand the requirements and are updated on the changes. This can be part of the board’s continuing education programme
  • Implementing a comprehensive compliance policy and regularly monitoring compliance to the policy through the governance structures and inclusion on the board agenda
  • Managing compliance risk through the risk management process adopted
  • Embedding compliance in the operations and process, ethical conduct and culture of the business/organisation
  • Appointing a compliance officer or establishing a compliance function to assist in the management of compliance
  • Disclosing how effective compliance has been achieved and any significant fines and penalties paid.
Legal and regulatory compliance is a statutory obligation and an accepted corporate governance requirement. King III has devoted a chapter to this to emphasise the importance of compliance and how, by applying the principles, the board can demonstrate that it has achieved effective compliance.

The key aspects of King III are that it recommends proactive consideration of compliance, how the compliance risk is managed and how it is integrated into an organisation’s operations. There are many organisations that only consider compliance when there is a breach with specific consequences such as fines paid for contraventions of the competition laws.

Highly regulated organisations, such as banks, have very mature compliance approaches and have been proactively managing compliance for years.

King III has raised the level of awareness of the importance of being able to demonstrate compliance. This can be achieved through:
  • Regularly (annually) reviewing the compliance universe and determining which laws, regulations and non-binding rules and standards apply to the business/organisation
  • Assessing the basis of how compliance is achieved to these laws and regulations
  • Receiving assurance through the risk management and assurance processes that compliance is achieved
  • Designing specific compliance activities to evidence the actions taken to ensure compliance – for example annual declarations, records of compliance-related training completed and monitoring of remedial action where compliance breakdowns have or could potentially occur
  • Embedding compliance activities into the operational processes where applicable, for example controls required to be evidenced when opening an account in terms of the National Credit Act.
  1. What are the key statutory and regulatory obligations to which our organisation needs to comply?
  2. Are we in compliance with these requirements? If so, how have we received this assurance and are we satisfied that the assurance is credible?
  3. When last did we consider compliance at the board?
  4. Are we aware that many Acts, such as the National Credit Act, can impact our organisation even though we are not a financial institution?
  5. How are we appraised of changes in the legal and regulatory landscape?
  6. Do we have sufficient evidence to defend our organisation in court or to prove to a regulator that we have complied with a specific act?
  7. Does our disclosure on the effectiveness of compliance reflect the actual position in our business/organisation?
How we can help you
Regulatory compliance and reporting should be a natural extension of the governance duties shouldered by boards and directors. The exercise of good governance can ensure that compliance is aligned with the company’s business objectives and risk management strategies. In this way compliance can add real value and not just be a cost to the organisation.

PricewaterhouseCoopers has made a considerable investment in compliance solutions on a global and local scale. Our people can help you at the strategic level to maximise competitive advantage from regulation and at the operational level to minimise costs and disruptions to your business.

Our range of compliance services includes:
  • Advising on what laws and regulations are applicable
  • Recommending approaches on how to achieve effective compliance
  • Benchmarking the compliance responses to specific acts/regulations – nationally and globally
  • Developing specific compliance databases to evidence compliance
  • Hosting of compliance databases through our Enterprise Compliance Portal (ECP) – PwC uses this to manage its own global compliance
  • Facilitating compliance risk assessments
  • Assisting in embedding specific compliance requirements into the business and operational processes
  • Assuring the effectiveness of compliance achieved
  • Providing a gap analysis of compliance to specific laws and regulations.