World Class Company needs, “best-in-class” statutory & regulatory compliance process

Blog   wpadmin   January 22, 2019

With an aim to make India a global manufacturing hub, the Prime Minister of India, gave an open invitation to manufacturers and investors across the world to establish manufacturing units in India. The “Make in India” campaign supported with a number of initiatives taken by Government of India, like “Skill India”, “Digital India”, “GST” under indirect tax reforms etc., has exhilarated enormous curiosity among various national and foreign entrepreneurs to invest in India.

Along with large and mid-size Indian companies, India’s SME & MSME contribution is critical to the overall growth. International companies competing in the global market by focusing  focus on their competitive strengths of costs acceptable to the market, technology & innovation, service delivery, defect free products & services and operational compliant with statutory & regulatory requirements. Indian SMEs and start-ups have to match globally established standards and bench marks to become “world class”.

Compliance requirement

SMEs and start-ups in India shall keep in mind that for statutory and regulatory requirements, compliances relating to Corporate and Labour laws are more critical than other key legislations. Companies Act 2013, (Section 134 5(f)) give responsibility to the directors to devised proper systems to ensure compliance with the provisions of all applicable laws and that such systems are adequate and operating effectively. There are several compliances requirements that need to be adhered to, failing which there could be consequences of disqualification of directors, attracting of penal provisions and in some cases even imprisonment of the directors and key personnel. The company operating from a single location not indulged in the manufacturing process needs to comply with 70-85 laws under various categories, and this number rises to 90-120 in case of manufacturing organisation. So, as an part of a corporate governance strategy, the organization shall establish a process for compliance management.

Compliance Process

Any organization, small or large, needs to understand the process of establishing, implementing and maintaining key actions for statutory & regulatory risk management.

1. Formation of Compliance Structure

Ideally, each company shall have two-tier structure to establish a compliance framework in the organization.

  • Governance, Risk & Compliance (GRC) team for managing and controlling compliances reporting to Audit/Risk Committee
  • Cross-functional expert team (CFT) of experts on different category laws from different departments & functions, to identify, manage and comply with statutory and regulatory requirements.

2. Identification & review of legal & statutory obligations

CFT shall fully understand the legal & regulatory requirements that apply to an organization and create legal register, which shall contain the following information:

  • Title of the applicable act and official source
  • Name of authority controlling particular regulation
  • A brief description of how this legal/regulatory act applies to organization
  • Identification of necessary authorisations, licenses, consents and/or related records needs to be maintained

3. Understanding impact and establishing controls & prevention strategy

CFT shall assess of risk and controls in accordance with the legal/statutory requirements

  • Impact assessment (high, medium or low impact) on the basis of financial, operational & penal impact on company, directors and its key personnel
  • Assess current controls in place in response to the legal requirement. In case required, establish / formalize / realign controls (preventive or detective)
  • Define the frequency of exercising the controls e.g. weekly, monthly, quarterly, annually etc.
  • Person(s) responsible within the organisation for compliance

GRC shall review and accept the recommendation made by CFT.

4. Awareness & training of stakeholder

Provide training to employees in order to prevent and handle statutory risk event shall be mandatory. The organization shall must train their employees, especially in critical areas of Company Act, Listing laws, Labour laws,  environmental, health and safety (OHS) regulations. The organization shall consider following training to increase awareness and effectiveness of compliance:

  • Compliance – among employees whose actions can affect compliance
  • Skills enhancement – for employees with responsibilities defined in the legal register
  • Raising awareness for Top Management – the strategic importance of statutory / regulatory compliances
  • Raising general compliance awareness – Organization

5. Execution & Recording

As per defined frequency in the legal register, compliance will need to be evaluated through self-monitoring. -Which includes:

  • Filing returns and reports to respective authority or body, in mandatory cases, in prescribe / defined format & forms.
  • Monitoring of operational conditions and other impacts regulated by permits or general binding rules and
  • Record-keeping of data relating to compliance and obtained through monitoring of any unforeseen circumstances, non-compliance episodes, corrective measures, and complaints from stakeholders

6. Monitoring & Reviewing

GRC team shall develop a mechanism to provide signals to alert management in case of non-compliance or increase in risk exposures or trends that could either present opportunities or threaten the achievement of compliance goals.

GRC team shall rely on data-driven analysis to support its conclusions throughout this process, and identify the metrics that would be most helpful in predicting risk events. When the threshold or tolerance level for any compliance requirement is breached, it shall trigger review, escalation or management action.

7. Reporting

GRC team shall establish reporting on risk, including reports on at least the following:

  • Legal Register – Compliance requirement, assessment and impact analysis
  • Change(s) in Compliance requirements
  • Compliance control status
  • Any major non-compliance or incident

8. Change Management

Any update, amendment, change or addition in statutory/regulatory requirement or event needs to be tracked and managed. GRC team shall formalize the process to track updates which have or can impact the organization’s business and/or operations. It can be any change, deletion or addition to the already identified law or regulation or any other update that though not impacting organization directly but needs to be brought to notice of Board or top management.

These changes shall be immediately handed over to CFT for fresh assessment and appropriate action shall be initiated as discussed in the process given above in this article.

Partner for establishing Compliance process

Over the past five years, “Proind Business Solutions Private Limited” had helped and delivered services to more than 70 organizations over 1200+ location in establishing, implement, maintain and continually improve “Compliance Management” process.

Proind is a comprehensive compliance management solutions provider, with In-house legal and IT teams, who understand legal, process & technology requirements of customers.  Proind is a partner with Institute of Company Secretaries for delivering and managing “Corporate audit management” tool.

Proind had been featured by “ERP Insights” magazine as one of the 20 most Promising Solution provider. “CIO Review” magazine had also featured Proind as one of the “20 most promising GRC solution providers”.

In case you are interested or need any information, please contact Proind @ info@proind.in

Leave a Reply

Your email address will not be published. Required fields are marked *

Find out how ProInd can help you