LEGAL AND REGULATORY COMPLIANCE
Legal compliance is part of a broader concept of compliance that does not only refer to compliance with the state’s regulatory frames but can also be referred to other sorts of compliance like internal procedures, KPI and business plans, business standards, and others.
Having that in mind, compliance is a border concept that refers to a wide set of rules that need to be implemented in the business process, and which are prescribed by the legal norms, as well as decisions of the business entity itself, or requests of the market, that is the needs of the client.
If we narrow it down, compliance refers to a situation where the legal entity fulfills the terms and conditions of his business that is based on the law – Regulatory compliance (as a subcategory of Legal Compliance). There can be a lot of rules, that is terms and conditions of this sort depending on business activities, and it is not easy to perceive and realize what they are, also the process of their compliance and a successful result can be a hard task, even for the best and most dedicated in the business.
Business is no longer just arranging lucrative engagements, concluding quality contracts, and minimizing business risks for gaining profit. Anyone who dares to do business must count on a number of prescribed rules that need to be obeyed and also a lot of documentation that needs to be created and adopted.
Through this process, business entities because it is more efficient usually don’t go through it alone, these activities are usually done by externally engaged persons or specialized companies who have experience in compliance, which are capable to meet the requests and avoid the mistakes that could occur in these cases.
FIELDS OF LEGAL COMPLIANCE
Depending on the characteristics of the business activities, a legal person who wants to start the process of compliance must first see which legal fields that is which laws must he keep in mind. Some of the obligations depend on the size of the business, the number of employees, if the business is categorized as small, middle, or large, and others.
In practice, some areas are often such as Safety and Health at Work, Fire Safety, Personal Data Protection, Environmental Protection, prevention of money laundering, compliance with tax provisions, Consumer protection, regulations that refer to legal entities, real estate turnover, and others.
Keeping in mind the above, compliance with the Labor Law is the most represented one with all legal entities, you have to manage the amount of minimal salary, the provisions about working hours, employee’s rights, ways to terminate the employment contracts, and others.
Compliance requests can also be referred to the provisions in mining, energy, financial institutions and capital market, pharmacy, chemical industry, intellectual property, and others.
WHAT DOES COMPLIANCE MEAN IN A PRACTICAL SENSE
Compliance, with the above said, means training employees about the existing rules, doing regular checks and controls of compliance, as well as keeping records and notes about the controls. It also means creating documents and procedures inside the business organizational structure. An important part of compliance is the implementation of the rules in practice, where is necessary to build a system of personnel obligations and responsibilities for acting or not acting in certain situations.
So, compliance means at the same time, a legal part that contains rules, politics, and procedures, but also employee compliance whit the rules, politics, and procedures. Both are equally important in every business.
Violation of the compliance processes and procedures can lead to damages, misdemeanor, or criminal responsibility, but also reputation damages that is loss of business reputation.
With the compliance process, there should be someone to administrate, control, and evaluate the following of rules by employees and other persons, as well as maintaining regular training for raising awareness of the rules that the employees are obligated to obey by the law and internal acts.
With compliance there should be procedures that aim the compliance program, that consists of regular communication, constant pointing out of the flaws as well as eliminating them, and if needed going through disciplinary proceedings and internal investigation.
IS THERE A FULL AND PERMANENT COMPLIANCE
In theory, there is. However, we must keep in mind that the regulations can be changed very easily. On the other hand, a lot of rules are not precisely and clearly explained and that was intentional, and that leaves room for the legal entities to interpret them and constantly search for the most optimal solutions, especially in the domain of information security, the human factor is always present, which is traditionally the weakest link in all business processes. With all the previously said, we can only theoretically say that we are 100% compliant with some rules, but certainly, the goal of every entity must be to minimize the risk and reduce it to an acceptable level.
In terms of effective compliance and easier legitimization before competent state bodies or international clients, legal entities want to have a certificate for compliance with domestic and international standards (such as certificates for ISO 9001). Implementation of these standards is usually on a volunteer basis and represents a condition to produce and sell a certain type of product on a specific market.
It is often mentioned that legal entities from certain activities should have their business comply with some standards.
International standards have become a necessity the moment the economy started to be predominantly international, and it is important to obtain quality goods and services. Having that in mind, there have been numerous international standardization organizations that were established, both by the states and in the domain of international organizations.
Of course, one of the well-known is The International Organization for Standardization, with its famous ISO standard, which is globally spread and there almost isn`t a serious company that hasn`t implemented at least one of the ISO standards. This organization is based in Geneva and is structured so that national standardization organizations are the members of the organization. From its founding in 1947, the organization has formed approximately 25.000 different standards.
The standards are classified by numbers, and one of the most famous ones refers to informational technologies and security are marked as ISO 27000 to 27999, we also have Systems and software engineering which is marked as 26000, as well as Quality management standards which are marked as ISO 9000 to 9999.
The need for ISO standards isn`t prescribed by the law or some other acts, but by the need of the market and its international trade of goods and services.
In the Republic of Serbia for these activities, the competent body is the Institute for standardization, which as a member of the ISO organization participates in the standard implementation in the Republic of Serbia, as well as complying with the regulations on standardization with the international parameters and models. The standardization law directly applies to the work of the Institute, and by whom the Institute has the status of the only standardization organization in the Republic of Serbia. In the domestic provisions, standards are marked by the label SRPS. It is important to note that the use of the Serbian standard is entirely voluntary and there is no legally binding obligation for the standardization of business with the previously mentioned standard.
With the International ISO and domestic SPRP, there are some European Union standards that are marked as CEN/CENELEC/ETSI and function as a harmonized national standard for the member countries of the European Union.