Seizing the golden opportunity to build an effective compliance programme

24th June 2024

Seizing the golden opportunity to build an effective compliance programme

The recently published Corporate Alternative Dispute Resolution (C-ADR) mechanism aims to expedite justice and corporate accountability for companies accused of corruption and other criminal offences.

In April 2024, the National Prosecuting Authority (NPA) published a C-ADR policy, which we outlined here. Instead of facing criminal charges, companies that are eligible for C-ADR could follow an alternative dispute resolution process that would allow them to avoid the adverse impacts of litigation. The process would be solely funded by the company but would give the company greater participation in its own rehabilitation e.g. through improving internal policies and tightening compliance and controls. 

When deciding whether to use C-ADR over prosecution, one of the criteria that the NPA considers is whether the company has in place an effective compliance programme that prevents and detects misconduct and guides the company to comply with relevant laws and regulations. The NPA also considers the company's willingness and capacity to implement, improve, monitor and report on its compliance programme with the necessary internal controls. 

Even though this seems fairly simple, surprisingly few South African companies have effective compliance programmes in place. Companies without effective compliance programmes in place are missing a golden opportunity, not only to prevent fraud in the workplace but also to leverage the benefits of the C-ADR process, should fraud occur. The question top of mind is why so many companies fail to develop and implement an effective compliance programme. We explore key considerations companies should keep in mind to improve their compliance.

The first step to an effective compliance programme is revisiting and enhancing the company's corporate governance. This means fostering an improved understanding of the rules and processes that guide the company's operations. This entails company knowing the regulatory environment (ie laws, regulations, policies) and being aware of why it is relevant to the industry and how it affects the day-to-day business of the company. Furthermore, the company should have a holistic view of its stakeholders (employees, third parties and clients) and their interests. 

The second step is to guard against organisational risks by having a clear 'tone from the top'. The 'tone from the top', guided by the values and norms of the organisation and set by leadership, provides the foundation for an ethical environment. Actions and attitudes of the board, senior management, (such as the chief executive officer/managing director) and a designated employee responsible for compliance (such as the chief compliance officer), are critical to setting the right tone from the top. These structures should empower the individuals responsible for day-to-day responsibilities to build trust and effectively mitigate risks. Communication from these structures must be clear, consistent, specific and frequently repeated.

The third step is to have a designated role within the company to champion the company's values and norms. The chief compliance officer is ideally suited for this function and is critical to reinforcing the right tone from the top. This dedicated role empowers decision-makers throughout the company to make informed choices that mitigate risk and promote ethical conduct. 

In conjunction with the right tone from the top, a company's practices at all levels must be aligned. Middle management plays a key role in reinforcing the right tone from the top, translating it into the procedures and practices that drive day-to-day operations, demonstrating a commitment to the values and norms and embodying ethical culture. This will ensure compliance throughout the company as every individual within the company will know exactly what is expected of them. 

An organisation's culture (values, beliefs and assumptions) acts as its DNA, shaping behaviour and decision-making at all levels. A compliance culture should be inculcated, and this is accompanied by reinforcing company values and norms, being consistent in communication, creating an environment where employees are encouraged to speak out, and prioritising transparency and accountability.

Building a culture of compliance is not easy because it requires compliance to be “the way things are done”. While establishing and maintaining this culture involves time and investment from all employees, the benefits are substantial. Such a culture not only helps ensure that the company is compliant and avoids non-compliance consequences, but it also helps prevent fraud in the workplace and – as a newly added benefit since the publication of the C-ADR policy – now also makes the company eligible for C-ADR, should fraud occur.

Written by Lionel Van Tonder, Director, Aaqilah Nagdee, Senior Associate & Inge Swanepoel, Consultant from Webber Wentzel