All about compliance management
Compliance is “the act or process of doing what you have been asked or ordered”, according to britannica.com. It’s about living up to standards and complying with them. Every organization has to deal with rapidly evolving laws and regulations, whether this is in the field of products, health, environment or food production.
1. What is compliance management?
Compliance management is the process by which you ensure that your activities comply with all the laws and regulations that apply to you. These requirements are set and monitored by governments, regulatory bodies and industry bodies, among other entities.
Compliance requires the necessary knowledge and insight to oversee everything and to keep all obligations up to date. Fortunately, some tools can help you.
ICW offers a software platform which is specialized in compliance management. This platform is aimed at retailers, importers, brands and e-commerce platforms. The platform validates supplier quality and product compliance.
2. Why is compliance managements important?
The main reason why compliance management is so important to companies is because non-compliance is expensive. Very expensive.
A 2017 report by the Poemon Insititute and Globalscape on a representative sample of multinational organizations found that the average cost of non-compliance was almost three times that of compliance. The average cost of compliance was around $5.5 million, while the average cost of non-compliance was nearly $15 million.
As ICW CEO and Co-founder, Gary Lam says:
“The cost of preventing non-compliance is much lower than the consequence of non-compliance itself”
How can a company ensure that non-compliance is mitigated?
Compliance risk management.
A. What is compliance risk management?
Compliance risk management involves identifying, assessing and monitoring the risks of non-compliance with regulations and industry standards implementing controls to ensure that you are compliant, and monitoring these controls to ensure that they are permanently effective.
Risks that non-compliance can have both to an organization and its consumers include but are not limited to legal penalties, fines, loss of business and damage to reputation and accidents.
In many cases, penalties and fines can be significant.
In April 2021 for example, Toyota was ordered to pay $180 million in fines to the US government for violations of the Clean Air Act protocol.
In July 2021, Southern Water was fined £90 million by the UK government for illegal discharges of sewage which polluted rivers and coastal waters.
3. What does compliance management involve?
The definition of compliance management may be simple, but the steps you have to undertake to ensure it is done properly are not straightforward at all. There are numerous procedures you have to observe from start to finish.
Below is a list of the many facets of compliance management we have compiled for you based on our expertise in this industry.
A. Requests for Information (RFIs)
This is a document that companies use to request information about products or services from suppliers.
From this, an organization can gather information on the possibilities offered by each supplier and compare different vendors.
RFIs are especially useful to companies that want to research many potential suppliers.
B. Compliance statements, policies and procedures
The fines mentioned in section 2A. are examples of a global tightening of ESG-related regulations. Awareness of environmental, social and governance issues are increasingly coming to the forefront of consumers’ minds — particularly that of the younger generation — and hence of international agendas.
The UK’s Modern Slavery Act; the ‘conflict minerals’ provisions in the US Dodd-Frank Act and the newly passed (as at time of writing) German Supply Chain Act are examples of ESG-related laws and regulations that companies need to observe if they have any operations in these countries.
Some examples of actions that may be required include regular due diligence on suppliers, documentation requirements and providing annual statements to the public.
Before putting your compliance statements, policies and procedures together you will want to consider the laws and regulations that apply to you — such as the above — as well as the values your company wants to base its objectives on.
If you are selling in the EU for example, you’ll of course have to meet the requirements needed for your products to bear CE marking and will have to fill and sign the EU Declaration of conformity.
If you are importing, exporting or manufacturing electronics for the US market, for example, it is strongly advised your products bear UL or ETL marking.
As for your values — organizations and initiatives such as Sedex and BSCI draw on conventions set by the International Labour Organization (ILO), the UN Guiding Principles and more in their auditing methodologies. If you want to be audited by accredited companies such as SGS, Intertek, Bureau Veritas or Eurofins— based on BSCI standards, for example, you will need to consider these values in writing your compliance statement.
Compliance with such standards may not be necessary in all parts of the world at the moment, but may become so in the future — given the tightening of ESG regulation worldwide — and also gives off the right image to customers.
Make sure you keep the language in your statements simple and concise, as the last thing you’d want is misunderstandings with customers, suppliers, regulatory authorities and any other stakeholders.
You should send a copy of your statements to all suppliers and customers.
C. Supplier audits
As mentioned above, there are numerous auditing methodologies based on different standards in each industry.
Some of these include Sedex, BSCI, ISO9000 and ISO 14000.
Audits based on these standards will be carried out by accredited testing, inspection and certification (TIC) companies such as SGS, Bureau Veritas, Intertek or Eurofins.
Having access to — as well as being able to compare and contrast — these companies will thus be of paramount importance.
D. Compliance risk analyses or assessments (CRA)
This is an assessment of all risks involved in case of non-compliance with laws and requirements. Managing these risks is called compliance risk management, which was explained in the section “What is compliance risk management?” above.
To summarise what was said, your organization should determine ways to mitigate non-compliance risks in order to avoid legal penalties and fines, among other undesirable results, which could be significant and damaging.
E. Compliance management systems
These are systems that help you manage your compliance documents and data. This leads on to the next section…
4. Compliance Management System: what you need to know
A compliance management system consists of an integrated system of documents, processes, tools, controls and functions. This system makes it easier for an organization to meet product legal requirements.
With the help of a CMS, you can ensure that laws are not broken and consumers are not harmed.
Without such a system, your company will have a difficult time determining how it’s doing in terms of regulatory compliance. A well-functioning CMS can also proactively address risks to your organization. This helps in the event of complaints and audits.
A. What does ICW do?
We provide a cloud-based compliance management system and a certification marketplace that helps retailers and brands comply with market-entry requirements and digitize compliance workflow process.
ICW’s QMAS is a CMS that lets you store and manage your compliance documents, as well as alerts you when audit certificates and testing reports are about to expire.
Furthermore, for companies wanting to source from Asian manufacturers, we have a platform that provides comprehensive information of suppliers who have been validated for various compliance statuses.
ICW’s i-Source Supplier Profile Database provides over 100,000 supplier profiles, allowing you to compare and contrast between vendors of appliances, textiles, toys and more.
What sets our database apart from the competition is the fact that apart from more typical supplier information — ranging from product allocation to line and monthly capacities — we also include information about compliance with various auditing standards and methodologies such as BSCI, BEPI, Sedex and ISO 14000.
Together with our other products — such as an AI reports management system — ICW helps you achieve your due diligence and compliance obligations in a five-step process:
Ø We prepare and send out a Request for Information (RFI) questionnaire to suppliers for a preliminary evaluation of their compliance status. We then help you do a more in-depth analysis of their compliance status.
Ø We help you put together your compliance statement, policy and procedures.
Ø We further provide you with a supplier audit program that helps you comply with standards and methodologies such as BSCI, Sedex, ISO 14000 and more. We provide a service allowing you to request multiple quotes from — and compare — various accredited TIC companies.
Ø We also provide an appropriate analytical tool that helps you carry out compliance risk analysis and management.
Ø With our QMAS CMS, you can housekeep your suppliers’ audit certificates and compliance data and documents.
At ICW — a service used by the world’s largest pharmaceutical, healthcare and beauty chain store, the largest importer in Europe, top global toy distributors as well as thousands of brand manufacturers — we ensure your business complies with the latest laws and regulations.