The emergence of compliance functions is relatively new, and it began in the USA shortly after the turn of the millennium. The establishment of compliance functions was a direct consequence of several scandals, the Enron scandal in 2001 being the most significant. These scandals led to improvements in the legal framework, as well as the recognition of weaknesses in regulatory risk management and internal control.
Non-American organizations soon followed suit. For many, the role and duties of the compliance function are still unclear. There is therefore a need to clarify both of these elements, as well as the criteria that need to be met to allow the compliance function to fulfil its duties in a satisfactory manner.
A working group whose members work with compliance in several different industries has developed the document 'Guidelines for the Compliance function'. The working group heads Network Compliance, a sub-faculty of the Association of Internal Auditors Norway (IIA Norge).
The goal of the working group has been to describe the purpose, responsibilities and duties of a compliance functions, as well as the relevant assumptions and success factors, regardless of industry. The principles in this guidance may also be useful for organizations without a discrete compliance function, but which have a similar function with comparable duties.
The target group for these guidelines is organizations that would like to either establish a compliance function, or develop their existing compliance function further.
Throughout 'Guidelines for the Compliance function', we have sought to provide some clarification regarding the organization of a compliance function, as well as the distribution of roles and responsibilities between the different functions of an organization, such as the legal department, internal audit, risk management and compliance.