Imagen de cabecera

Compliance function and processes: the immune system of an organization

January 5th, 2024

A company in Germany is expected to comply with external laws and regulations but also with internal rules. How is this achieved? Is it the sole responsibility of the Compliance function?

I had recently the opportunity to discuss this in several awareness workshops with close to 100 young Allianz Executives from across the Globe. One important point was to explain the difference between the Compliance function and the Compliance processes:

  • Many functions are responsible for compliance. The tax function ensures compliance with tax laws, the HR function manages the compliance with labor laws, etc. So, compliance is primarily a process across an organization. The purpose of compliance processes is to protect the business.
  • The compliance function takes direct responsibility for certain domains: in an insurance company, it is fairly usual to find activities such as anti-financial crime (money laundering, sanctions, fraud, anti-corruption, gifts and entertainment, etc.), customer protection (IDD, MiFiD and PRIIPS in the insurance and asset management industries, data privacy) and market integrity (ESG, financial markets, regulations for a listed company, anti-trust…).
  • Then the compliance function monitors the compliance duties of the other functions (tax, HR, etc.): this is often called “regulatory compliance”. This activity is essential to provide a regular assurance on the overall adequacy and effectiveness of the corporate compliance program (CCP).

In the insurance sector, the compliance function is one of the safeguarding functions with Risk, Internal Audit, and Actuarial (Solvency 2 definition). Historically included in the Legal function, it has separated in financial services to become a proper control function. Today compliance works closely with the risk function. The compliance function supports the business by analyzing possibilities and by providing guidance in defining a corporate compliance program (CCP) and risk profile.

Compliance is the immune system of an organization.