According to Deloitte, “Not even the federal government knows how many rules you are meant to obey. In fact, we don’t even know how many government bodies currently have the ability to set rules in the first place, let alone the number of rules those agencies have laid down” so how on earth are we supposed to know if we are following every rule?
Before we start the first thing to say is that STAY CALM, YOU ARE NOT ALONE! Compliance is a vast subject. While Strytex cannot be an expert in everything, we can provide you with some tips and tools to help.
Prioritise the rules
Step 1 is to prioritise your compliance rules. We’ve split requirements into six categories where the first three are pretty much mandatory. In order of importance they are:
- Regulatory requirements
- Industry standards
- Internal policies
- Contractual compliance
- Manufacturers recommendations
- Nice to have
Regulatory requirements
The good news is that Regulatory requirements are only 40% of the picture. Regulatory requirements are
enshrined in law and defined by
National Government, Federal Government or Common Market
State Government, if you are part of a federation
Local Government
NGO’s
Standards Bodies
Because they can be influential, we include NGO’s (non-governmental organisations like industry bodies) and Standard bodies because often they can impose stronger regulations than government bodies.
OK, so the good news is that, according to Deloitte, only 40% of your compliance rules are defined by external regulatory authorities. The bad news is that if these rules are breached, there can be serious personal consequences, fines and even jail terms.
Where to ask for help for regulatory compliance obligations
- Ask your suppliers. They have to comply across all their customers and are a good source of information.
- Contact your supplier’s trade associations. For example, if you use locksmiths, your national security or locksmith association is a good source of information. They want to remove any dodgy suppliers from the industry.
- Contact your relevant trade association. For example, if you manufacture food products, your national association should be able to help. They may ask you to join but it can be a worthwhile investment.
- Contact your relevant professional association. Are you a Facility Manager or Workplace Health and Safety professional? Ask your local association for help. Heck join and ask other professionals in your field.
- Ask your Procurement department. When you onboard a new supplier, what does procurement demand? Note of warning, Procurement demand Regulatory and Policy drive compliance documents. For example, demanding insurance certificates is a policy-driven requirement, not a regulatory-driven requirement.
- and of course Google.
Non-regulatory requirements
Every organisation has a Mission and a Vision, even if it’s not written down somewhere and displayed on a wall. From these, your organisation will (hopefully) have developed Policies, Procedures, Processes and Forms. Your organisations’ policies, procedures, processes and forms probably have a larger impact on your compliance role than anything else.
I’m afraid that now you simply have to go out and collect all your company policies, procedures and forms and go through them all. Unfortunately, you may need to update them as 90% of policies and procedures we come across are out of date. We recommend they get reviewed every 5 years.
As you go through them, make a note of every time a policy, procedure, process or form looks for documentary evidence of something and why. This is how you build up your list of compliance rules.