About the compliance area
Given the nature of the compliance area, it is necessary that it be independent, that is, it does not need the authorization of other departments to be able to perform its functions. For this reason, it is recommended that it be located in the highest positions of the company.
Companies usually have teams dedicated to compliance issues. Many times these teams are dedicated exclusively to this work, but in other cases, they perform other functions at the same time. The important thing is that they have the necessary time to deal with these issues.
In this sense, one of the most important aspects will be to have a specialized and informed team capable of carrying out the company’s internal controls. In the last decade, there has been a significant regulatory change, which has tended to increase compliance standards within companies, which also generates the need to have stronger compliance areas present in the day-to-day of the organization.
Given that the risks of the company and industry are changing, compliance cannot be automated but requires a critical view that is constantly proposing improvements to the model.
According to the Department of Justice (DOJ) guide “Evaluation of Corporate Compliance Programs”, it is very important not only the hierarchy and independence of the Compliance team but also how it has responded and evolved over time according to the changes that have been experienced.
About the autonomy of the Crime Prevention Officer (CPO)
The objective of the EPD is to promote that the company complies with current regulations, not only in the country where it is located but also where its subsidiaries and associates are located.
In order to perform its role, the EPD must have autonomy (Article 4, N°1, letter b of Law 20.393). Autonomy is what allows them to function comfortably within the company. Given this, it is essential that they can count on the support of Senior Management since it is to them that they report every six months (Article 4, No. 2 letter b) of Law 20,393). In addition, he/she must have direct access to them in case of any inconvenience in a prompt manner.
This criterion is included in the DOJ guide, which emphasizes the structure and hierarchy that the Compliance Officer and his team must have sufficient autonomy and independence, as well as direct access to the Board of Directors to report by a suitable means.
What happens when the Crime Prevention Officer is not autonomous?
It is necessary to bear in mind that both Law No. 20,393 and the DOJ guide require the Crime Prevention Officer to be autonomous, so all efforts should be oriented in that order.
Thus, for correct implementation and application of the crime prevention model, it is essential that the role of the person in charge has autonomy since, without it, the hands of the person in charge are tied to implement improvements to prevent the occurrence of crimes or non-compliance with the company’s internal regulations, as well as to raise the necessary issues.
In this sense, it is very important that the Compliance area is not an “island” within the company, but must work together with all areas and be part of the company’s daily routine.
About EPD resources
The resources to be allocated will depend on the size of the company. The larger the company is, the more risk control will be required and therefore, a larger budget to evaluate those risks. Compliance with this budget is directly related to the management of the crime prevention model within the company.