Regulatory compliance varies not only by industry but often by location. The financial, research, and pharmaceutical regulatory structures in one country, for example, may be similar but with particularly different nuances in another country. These similarities and differences are often a product “of reactions to the changing objectives and requirements in different countries, industries, and policy contexts.”
Australia‘s major financial services regulators of deposits, insurance, and superannuation include the Reserve Bank of Australia (RBA), the Australian Prudential Regulation Authority (APRA), the Australian Securities and Investments Commission (ASIC), and the Australian Competition and Consumer Commission (ACCC).These regulators help to ensure financial institutes meet their promises, that transactional information is well documented, and that competition is fair while protecting consumers. The APRA in particular deals with superannuation and its regulation, including new regulations requiring trustees of superannuation funds to demonstrate to APRA that they have adequate resources (human, technology and financial), risk management systems, and appropriate skills and expertise to manage the superannuation fund, with individuals running them being “fit and proper.”
Other key regulators in Australia include the Australian Communications and Media Authority (ACMA) for broadcasting, the internet, and communications; the Clean Energy Regulator for “monitoring, facilitating and enforcing compliance with” energy and carbon emission schemes; and the Therapeutic Goods Administration for drugs, devices, and biologics;
Australian organisations seeking to remain compliant with various regulations may turn to AS ISO 19600:2015 (which supersedes AS 3806-2006). This standard helps organisations with compliance management, placing “emphasis on the organisational elements that are required to support compliance” while also recognizing the need for continual improvement.
In Canada, federal regulation of deposits, insurance, and superannuation is governed by two independent bodies: the OSFI through the Bank Act, and FINTRAC, mandated by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, 2001 (PCMLTFA). These groups protect consumers, regulate how risk is controlled and managed, and investigate illegal action such as money laundering and terrorist financing. On a provincial level, each province maintain individuals laws and agencies. Unlike any other major federation, Canada does not have a securities regulatory authority at the federal government level. The provincial and territorial regulators work together to coordinate and harmonize regulation of the Canadian capital markets through the Canadian Securities Administrators (CSA).
Other key regulators in Canada include the Canadian Food Inspection Agency (CFIA) for food safety, animal health, and plant health; Health Canada for public health; and Environment and Climate Change Canada for environment and sustainable energy.
Australian organizations seeking to remain compliant with various regulations may turn to ISO 19600:2014, an international compliance standard that “provides guidance for establishing, developing, implementing, evaluating, maintaining and improving an effective and responsive compliance management system within an organization.” For more industry specific guidance, e.g., financial institutions, Canada’s E-13 Regulatory Compliance Management provides specific compliance risk management tactics.
In India, compliance regulation takes place across three strata: Central, State, and Local regulation. India veers towards central regulation, especially of financial organizations and foreign funds. Compliance regulations vary based on the industry segment in addition to the geographical mix. Most regulation comes in the following broad categories: economic regulation, regulation in the public interest, and environmental regulation. India has also been characterized by poor compliance – reports suggest that only around 65% of companies are fully compliant to norms.
There is considerable regulation in the United Kingdom, some of which is from European Union legislation. Various areas are policed by different bodies, such as the Financial Conduct Authority (FCA), Environment Agency, Scottish Environment Protection Agency, Information Commissioner’s Office, Care Quality Commission, and others.
The U.K. Corporate Governance Code (formerly the Combined Code) is issued by the Financial Reporting Council (FRC) and “sets standards of good practice in relation to board leadership and effectiveness, remuneration, accountability, and relations with shareholders.” All companies with a Premium Listing of equity shares in the U.K. are required under the Listing Rules to report on how they have applied the Combined Code in their annual report and accounts. (The Codes are therefore most similar to the U.S.’ Sarbanes–Oxley Act.)
The U.K.’s regulatory framework requires that all its publicly listed companies should provide specific content in the core financial statements that must appear in a yearly report, including balance sheet, comprehensive income statement, and statement of changes in equity, as well as cash flow statement as required under international accounting standards. It further demonstrates the relationship that subsists among shareholders, management, and the independent audit teams. Financial statements must be prepared using a particular set of rules and regulations hence the rationale behind allowing the companies to apply the provisions of company law, international financial reporting standards (IFRS), as well as the U.K. stock exchange rules as directed by the FCA. It is also possible that shareholders may not understand the figures as presented in the various financial statements, hence it is critical that the board should provide notes on accounting policies as well as other explanatory notes to help them understand the report better.
Data retention is a part of regulatory compliance that is proving to be a challenge in many instances. The security that comes from compliance with industry regulations can seem contrary to maintaining user privacy. Data retention laws and regulations ask data owners and other service providers to retain extensive records of user activity beyond the time necessary for normal business operations. These requirements have been called into question by privacy rights advocates.
Compliance in this area is becoming very difficult. Laws like the CAN-SPAM Act and Fair Credit Reporting Act in the U.S. require that businesses give people the “right to be forgotten.” In other words, they must remove individuals from marketing lists if it is requested, tell them when and why they might share personal information with a third party, or at least ask permission before sharing that data. Now, with new laws coming out that demand longer data retention despite the individual’s desires, it can create some real difficulties.
The International Organization for Standardization (ISO) and its ISO 19600 standard is one of the primary international standards for how businesses handle regulatory compliance, providing a reminder of how compliance and risk should operate together, as “colleagues” sharing a common framework with some nuances to account for their differences. The ISO also produces international standards such as ISO/IEC 27002 to help organizations meet regulatory compliance with their security management and assurance best practices.
Some local or international specialized organizations such as the American Society of Mechanical Engineers (ASME) also develop standards and regulation codes. They thereby provide a wide range of rules and directives to ensure compliance of the products to safety, security or design standards.
Source: From Wikipedia, the free encyclopedia